Author Topic: Virus on a client  (Read 6300 times)

0 Members and 1 Guest are viewing this topic.

nsi

  • Guest
Virus on a client
« on: October 13, 2004, 08:50:17 AM »
This is the avast log:

2/10/2004 7.59.07 Administrator 1332 Sign of "Win32:Dialer-Y [Trj]" has been found in "C:\WINDOWS\Downloaded Program Files\gdnIT10.exe" file.  
12/10/2004 7.59.07 Administrator 1332 Sign of "Win32:Dialer-Y [Trj]" has been found in "C:\DOCUME~1\robertom\IMPOST~1\TEMPOR~1\Content.IE5\RZT3J94W\gdnIT10[1].exe" file.  
12/10/2004 7.59.06 Administrator 1332 Sign of "Win32:Dialer-Y [Trj]" has been found in "C:\Documents and Settings\robertom\Impostazioni locali\Temporary Internet Files\Content.IE5\RZT3J94W\gdnIT10[1].exe" file.  
12/10/2004 7.59.06 Administrator 1332 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Documents and Settings\robertom\Impostazioni locali\Temporary Internet Files\Content.IE5\RZT3J94W\gdnIT10[1].exe (C:\Documents and Settings\robertom\Impostazioni locali\Temporary Internet Files\Content.IE5\RZT3J94W\gdnIT10[1].exe) returning error, 00000020.  


what is "returning error, 00000020"?
Avast checked the virus but didn't block it!!

What do you think?

Thanks
claudio

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Virus on a client
« Reply #1 on: October 13, 2004, 06:33:48 PM »
1. Why do you think it didn't block it? I'd say it certainly blocked it from execution. Check the "On-access scanners" folder in the console.

2. Error code 00000020 means "sharing violation". But as I said, the virus could not been activated...


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

nsi

  • Guest
Re:Virus on a client
« Reply #2 on: October 14, 2004, 08:44:32 AM »
On-access scanner in Console is empty.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Virus on a client
« Reply #3 on: October 14, 2004, 12:40:54 PM »
So this was detected during an on-demand scan? (either local or scheduled from ADNM)

What about the computer icon in the Catalog, is it red or green?

Vlk
If at first you don't succeed, then skydiving's not for you.

nsi

  • Guest
Re:Virus on a client
« Reply #4 on: October 15, 2004, 09:11:11 AM »
The computer icon in ADNM console is red, and I think it was detect by the shield.

I posted the avast log, and I think the virus was already active... infact there was a sharing violation when the antivirus attempted to remove it.

Repeat.. I think...

But I don't know why the avast didn't block it before..

Sorry, but I want to know how avast client works.

Now the client is cleaned.

Thanks,
claudio