Eset detecting a variant of win32/urlbot.nao trojan

[jimh@troyers.com 0]

We have 150 workstations. Over the course of the last two weeks Eset Endpoint has detected, in the operating memory, a variant of win32/urlbot.nao trojan on 22 different machines. Eset cannot clean or delete the files. When we do a full scan with Eset after the message, no objects are infected. Eset does appear to be quarantining files from the windows\system32 and office directories. This infection is spreading. Any help would be appreciated.

[Marcos 4,702]

Couldn't it be that you have Spector surveillance software installed? It's detected under that name.

[jimh@troyers.com 0]

We do have Spector but why would it detect dll files in the operating memory: windows/system 32 directory and office directories? We have Spector files set to specific directories.

[ocnjkayak 0]

We are having a similar issue. It seems that ESET is not paying attention to the exclusions we have set for Spector. it keeps finding the dll files in the system32 and syswow folders and still strips the files out which keeps Spector from working properly.

 

Any ideas as to how to fix this? We are still trying to get this to work.

[SMichaelReeves 0]

I work for an I.T. Solutions firm and we have a client that we are experiencing this issue that OCNJKAYAK posted on 9 October 2013 at 3:45 PM and yes they do have Spectorsoft installed on their machines and yes ESET is causing the software to not work correctly. Has ESET come up with a solution to get this issue resolved?  Any assistance would be appreciated… 

[Aryeh Goretsky 353]

Hello,

 

It has been a while since I've looked into compatibility with this software, but can you please confirm that all of the exclusions are set properly, and that the detections are not occurring in files which have been correctly excluded in the software?

 

Regards,

 

Aryeh Goretsky

[SMichaelReeves 0]

Yes, the exclusions are set correctly.

[SMichaelReeves 0]

Aryeh,

 

We have indeed set the exclusions correctly and we are still getting the alerts from ESET on machines. We should not be getting any alerts for this at all because they have been added to the exclusions list.

[evelio204 0]

We are having issues with ESET Endpoint AntiVirus v5 detecting Spector360. Attached is a list of files that Spector360 creates to monitor the system, they should not be random files, they should be fixed file names according to SpectorSoft. 

 

We have added those files, yet they are still being detected by ESET. 

 

I am unsure of what to do now.

360 ESET exclusions.rtf

[Marcos 4,702]

It appears that Spector modifies the memory region of running processes which triggers this detection. We're investigating it.

[Fuzzeh 0]

It appears that Spector modifies the memory region of running processes which triggers this detection. We're investigating it.

I'm continuing to have issues with ESET Endpoint AV blocking SP360 from running effectively. Have there been any updates regarding this issue?

[Marcos 4,702]

I've heard from some users that Spector is not detected any more when excluded from scanning.

[jamelle 0]

The latest version of Spectorsoft gets detected every time it tries to use one of the windows system dlls. The dlls I have seen being caught are

C:\Windows\System32\evr.dll

C:\Windows\System32\sendmail.dll

 

I'm not sure how to stop it.

[Marcos 4,702]

The latest version of Spectorsoft gets detected every time it tries to use one of the windows system dlls. The dlls I have seen being caught are

C:\Windows\System32\evr.dll

C:\Windows\System32\sendmail.dll

 

I'm not sure how to stop it.

 

What Spector files and folders did you exclude?