Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Dec 1st, 2008, 7:55pm
   Mischel Internet Security Forum
   TrojanHunter
   TrojanHunter Scanner (Moderators: Helena, Gavin_Coe, Magnus)
   AV program catching files created by TH		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: AV program catching files created by TH  (Read 381 times)
Brian49
Junior Member
**





   


Posts: 71
AV program catching files created by TH
« on: Aug 11th, 2007, 5:31pm »		 Quote Quote  Modify Modify
Since installing the latest TH ruleset (2007-08-11), my AV program (NOD32) is catching two temporary files apparently created by TH during a quick scan. Here's the warning:
 
Files:
AppData\Local\Temp\FS3Uz.exe
AppData\Local\Temp\wJsvcl.exe
 
Threat:
Probably unknown Stealth.Poly.Crypt.TSR.Driver virus
 
I'm running Vista Home Basic and TH 4.7 Build 932. My system is otherwise clean as far as I know.
 
I wonder what's going on here, please? Many thanks.
IP Logged
Magnus
Administrator
*****



Ad astra per aspera.

   
WWW  

Posts: 4120
Re: AV program catching files created by TH
« Reply #1 on: Aug 11th, 2007, 5:48pm »		 Quote Quote  Modify Modify
Sounds like TrojanHunter is unpacking files and NOD is scanning and alerting on them.
 
Which files are being scanned by TrojanHunter when you get this alert?
IP Logged
Brian49
Junior Member
**





   


Posts: 71
Re: AV program catching files created by TH
« Reply #2 on: Aug 12th, 2007, 3:56am »		 Quote Quote  Modify Modify
Magnus - thanks for responding. Please talk me through how I can find the answer to your question. The list of files being scanned by TH runs through so fast that I can't tell which ones are being scanned at the moment the AV alert appears. It might be files in the System32 folder, but I can't be sure at the moment. By the way, I've now noticed that the files named in the alert are different each time, so the ones I listed above are just examples. It's NOD32's file system monitor (AMON) that's raising the alert. I would emphasise that this has only just started happening, after I installed the latest TH ruleset (although of course that could be a coincidence).
 
Edit: I now see that in a forum thread from last year on this same issue, it was suggested that a shared Microsoft Office file, mcansi.dll, might be involved. There's no such file in my Office 2007 installation. I've tried excluding various folders from the TH scan, but the AV alert persists.
« Last Edit: Aug 12th, 2007, 12:07pm by Brian49 » IP Logged
redwolfe_98
Veteran
*****





   
Email

Gender: male
 Posts: 560
Re: AV program catching files created by TH
« Reply #3 on: Aug 13th, 2007, 8:37pm »		 Quote Quote  Modify Modify
brian, i think that what you should do is disable NOD32's realtime protection while doing scans with TH.. that is what i usually do when i am scanning, l disable the realtime protection that i have when running scans with various programs..  
 
i am sure that others who use NOD32 have seen the same thing before.. you could discuss it in the NOD32 forum, at wilders..  
 
if you are seeing the alerts from NOD32 when running scans with TH then, like magnus said, what is happening is NOD32 is flagging files that TH is unpacking when scanning..
« Last Edit: Aug 13th, 2007, 8:40pm by redwolfe_98 » IP Logged
Brian49
Junior Member
**





   


Posts: 71
Re: AV program catching files created by TH
« Reply #4 on: Aug 14th, 2007, 3:49am »		 Quote Quote  Modify Modify
Yes, I've already started disabling NOD32's file system monitor while running a TH scan, although it seems to me this shouldn't be necessary. I also read the discussion on the Wilders forum, which was rather inconclusive - some people thought NOD32 should enable the exclusion of any files generated by TH (it doesn't at the moment); others thought TH should use a dedicated temporary folder within the program folder for these files, which could then be excluded by NOD32, rather than using the system Temp folder, which it would be unwise to exclude. I continue to be puzzled as to why this has suddenly started happening, when it has never happened before.
IP Logged
Brian49
Junior Member
**





   


Posts: 71
Re: AV program catching files created by TH
« Reply #5 on: Sep 13th, 2007, 4:25pm »		 Quote Quote  Modify Modify
Good news - this problem seems to have disappeared with the latest build of TH5 (it was still there with the original build).
« Last Edit: Sep 13th, 2007, 4:30pm by Brian49 » IP Logged
Magnus
Administrator
*****



Ad astra per aspera.

   
WWW  

Posts: 4120
Re: AV program catching files created by TH
« Reply #6 on: Sep 13th, 2007, 5:13pm »		 Quote Quote  Modify Modify
Yes, I found the cause and implemented a work-around for this problem.
IP Logged
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register