Trojan small ayl caught by NOD but now what?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I just went to a site I've never gone to before and NOD32 popped up
with a trojan warning.  I quarantined it.

Then it popped up with what seemed like another trojan warning, I

Then the process repeated itself.... should I quarantine or should
I terminate should this happen in the future?

here's the info I was able to copy from NOD - what do I do now to
be "safe" - or "safer"

Time    Module    Object    Name    Threat    Action    User    Information
10/25/2005 15:15:19 PM    IMON    file
    Win32/TrojanDownloader.Small.AYL trojan    Connection
terminated    SONATA\Madeline    

Time    Module    Object    Name    Threat    Action    User    Information
10/25/2005 15:20:52 PM    AMON    file    C:\DOCUME~1\MADELINE\LOCALS~1\TEMP
\zwzz4i3t.exe    Win32/TrojanDownloader.Small.AYL trojan
    quarantined - deleted    SONATA\Madeline    Event occurred on a
new file created by the application: C:\PROGRA~1\MOZILL~1
\FIREFOX.EXE. The file was moved to quarantine. You may close this



Re: Trojan small ayl caught by NOD but now what?

Quoted text here. Click to load it

BTW, I checked that download and KAV also alerts. It's not a good idea
to post links to malicious code.

Apparently, the reason you got repeated alerts is that the malicious
file is in a temp folder. You should delete it. Do you use any kind of
temp file deletion software such as CCleaner? It's handy for things
like that.

Insofar as "being safer", the only thing I see you might do is make
sure javascript is disabled in Firefox. It shouldn't be necessary but
it might be less scary for you :)


Re: Trojan small ayl caught by NOD but now what? says...
Quoted text here. Click to load it
Thanks - I didn't think about posting the link - it came up with
the NOD report and I didn't realize it.

I will run CCleaner now - I do have it.

I also ran NOD in safe mode just now and it seems ok.

Should I have terminated rather than first chosen to quarantine?


Re: Trojan small ayl caught by NOD but now what?

Quoted text here. Click to load it

No problem. I managed to do it again when I copied your post :)

Quoted text here. Click to load it

I don't use NOD so I have to guess what it means or you mean by
"terminated" in this context. Usually, you can choose to delete,
quarantine or ignore Trojan detections. You would quarantine if you
were interested in scanning with other av to check for a false

I don't understand "terminate" in this case since it wasn't a running
process, presumably. Is "terminate" actually the word NOD used?


Re: Trojan small ayl caught by NOD but now what? says...
Quoted text here. Click to load it

Thanks for your help.

the NOD help file says:
"HTTP check
If a threat is picked up by IMON's HTTP scanner, the following
actions are available:

Terminate - Terminates the connection so that the threat is stopped
before it could make it to the disk and get executed

Close - Closes the alert window without taking any further action."

But in my case the threat was picked up through HTTP check (the
Internet Monitor) and also through  the file system monitor.  
Apparently the file system monitor offered quarantine whereas the
internet monitor offered "terminate".

I now understand I'd have been wiser to just terminate or delete or
get fully rid of it as fast as possible.

NOD came up clean running from safe mode after the fact.
I also have the free Bitdefender on my system for on-demand
scanning and I'll run that later tonight to be as sure as possible.

This is my first experience with anything other than an email

Or maybe its my second experience....I got involved in all of this
much more intensely after I lost my whole disk a few months ago to
an unknown ailment :-).  I was running Norton AV, Sygate and a
Linksys router at the time it happened and the problem might have
been the result of a minor power failure - but I don't know.  
Seagate Seatools said the NTFS file system was damaged.  

Fortunately I had full data backups available. I ended up with a
new hard drive and reinstalled everything from scratch - including
all my customizations - it was pretty traumatic although recovery
was 100%.


Re: Trojan small ayl caught by NOD but now what?

Quoted text here. Click to load it

Ah. Ok. Clears that up :)

Quoted text here. Click to load it


I happen to be the sys admin for my wife's PC. She's into genealogy
research. If she ever loses her valuable data, I'm dead meat :)

I gradually evolved a backup approach we're both happy with. One of
the things I learned the hard way is to not trust storing data in
email folders. Both Pegasus and Moz email gave us a lot of grief
by losing her complex folder arrangements. So now she Saves
as text anything of value in a special disk folder system I created.

We also have two forms of backup to spare hard drives. One drive is
uses for daily data backup. Another drive sits on a shelf. It's a
fully cloned bootable drive that can be used in the event of a
disaster such as a failed drive.

She runs without using any realtime av just as I do, and neither one
of us ever have any malware or spyware problems. I often wonder
what people are doing wrong to take hits. In that vein, I'd really
be interested to take a look at the url, if you have it, of the
originating web site that led to the download of the recent Trojan
to your temp folder. Since you're apparently using Firefox, you
shouldn't be experiencing any problems. You most likely wouldn't
have had any problem without the NOD monitors actve and just scaring
the hell out of you. I'm assuming you know enough to be internet
port protected, one way or another. And I'm assuming you know
enough to be careful with downloads.


Re: Trojan small ayl caught by NOD but now what? says...
Quoted text here. Click to load it
I cannot retrace to the original site as it seems to be missing
from my history.  The only thing I know is that it came from a
search done in Vivisimo for certain kind of medication.  I went
back to Vivisimo but I don't recognize the items that are coming up
as a response to my search now.

Interestingly enough, we use very similar backup techniques.  I
back up every night to an external hard drive Using Retrospect
Professional.  And, once every week with two I do a full image
backup using Ghost to a different external hard drive.  I too save
important e-mails as text files.

You're probably correct in saying that Nod scared the hell out of
me -- but at least I know it works!


Site Timeline