Virus cant fix

1/28/2008 10:51:36 PM HTTP filter file hxxp://comdomen.com/ldr2.exe probably a variant of Win32/Statik application connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\svchost.exe.

I get this ****, i get spammed like every 10 minutes with about 30 logs. Any way that i can fix this

 

Please send a log from ESET SysInspector to support[at]eset.com with this thread's url enclosed. We'll analyse it and let you know how to remove the threat.

 

Never mind

 

Ok, i sent the file to :support@eset.com: so you can hopefully tell me how i fix this

 

Very strange, if you try to download the file you get the alert. If you turn off NOD, download it then scan it you don't get any alert.

 

I can't find W32/Statik in the def files when searching here: http://www.eset.com/support/updates.php

It's rather strange indeed that you don't get any alert when first downloading the file (NOD32 turned off) and then scanning it manually. Can someone explain how this can be?

 

I didnt go to any site and download this file, i was downloading music from limewire so that might be it.
But i turned on the computer the next day and then straight away i got the--bad file, terminated , then this file was put in quarenteen, then i get log attacks (about 20) every 10 minutes. If i delete the file from quarenteen then it is back in there when i get the attacks

 

Statik is new technology of heuristic detection which is currently being tuned up. Currently it's usually enabled only for IMON/web modules and further modules will follow as soon as the results are analysed and evaluated.

 

Ahhh, makes sense now, thanks for the clarification Marcos. So this was an FP, but the Allaple one in the other thread was not, correct?

 

Surely there was a threat listed in ratboyJ's log and the file ldr2.exe looks quite suspicious. I'll pass it to our vlab to make sure it wasn't FP.

 

appears so, especially on the un-stripped portion of the file. Sunbelt sandbox had an interesting read also.

What Nod does not like it appears to me as an un-trained analyzer, is the last few entries that it strips from the original as noted in an UltraCompare file comparison

 

Marcos, this is interesting. Could you elaborate on this a little more? Does NOD32 v2 have access to this heuristic?

Do you want to work on a viruslab?

 

I personally have seens this kind of detection (Statik) with v2 , too , so v2 has it , too

 

interesting detection (Statik)

Marcos,

If really it is a tool what of more it forces to the modules of the antivirus I support unconditional



VT and Jotti nod32v2 database 2828 not detected virus file.


Detection exclusive antivirus module

 

So how would i go about removing this virus from my computer

Is there a program that can do this for me or is there a list of files that i can remove from my computer that will fix the problem

 

Follow Marcos's advise and ESET representative will tell you what to do (post #2)

 

I did a system restore back to the day that i know i didnt have any problems, and now the problem has been eliminated, Anyway thank you for your support..................PS --It wasnt the music i downloaded from limewire