Jump to content

Eset detecting a variant of win32/urlbot.nao trojan


Recommended Posts

We have 150 workstations. Over the course of the last two weeks Eset Endpoint has detected, in the operating memory, a variant of win32/urlbot.nao trojan on 22 different machines. Eset cannot clean or delete the files. When we do a full scan with Eset after the message, no objects are infected. Eset does appear to be quarantining files from the windows\system32 and office directories. This infection is spreading. Any help would be appreciated.

Link to comment
Share on other sites

  • 2 weeks later...

We are having a similar issue. It seems that ESET is not paying attention to the exclusions we have set for Spector. it keeps finding the dll files in the system32 and syswow folders and still strips the files out which keeps Spector from working properly.

 

Any ideas as to how to fix this? We are still trying to get this to work.

Link to comment
Share on other sites

I work for an I.T. Solutions firm and we have a client that we are experiencing this issue that OCNJKAYAK posted on 9 October 2013 at 3:45 PM and yes they do have Spectorsoft installed on their machines and yes ESET is causing the software to not work correctly. Has ESET come up with a solution to get this issue resolved?  Any assistance would be appreciated… 

Link to comment
Share on other sites

  • ESET Moderators

Hello,

 

It has been a while since I've looked into compatibility with this software, but can you please confirm that all of the exclusions are set properly, and that the detections are not occurring in files which have been correctly excluded in the software?

 

Regards,

 

Aryeh Goretsky

Link to comment
Share on other sites

Aryeh,

 

We have indeed set the exclusions correctly and we are still getting the alerts from ESET on machines. We should not be getting any alerts for this at all because they have been added to the exclusions list.

Link to comment
Share on other sites

We are having issues with ESET Endpoint AntiVirus v5 detecting Spector360. Attached is a list of files that Spector360 creates to monitor the system, they should not be random files, they should be fixed file names according to SpectorSoft. 

 

We have added those files, yet they are still being detected by ESET. 

 

I am unsure of what to do now.

360 ESET exclusions.rtf

Link to comment
Share on other sites

  • Administrators

It appears that Spector modifies the memory region of running processes which triggers this detection. We're investigating it.

Link to comment
Share on other sites

  • 2 months later...

It appears that Spector modifies the memory region of running processes which triggers this detection. We're investigating it.

I'm continuing to have issues with ESET Endpoint AV blocking SP360 from running effectively. Have there been any updates regarding this issue?

Link to comment
Share on other sites

  • 6 months later...

The latest version of Spectorsoft gets detected every time it tries to use one of the windows system dlls. The dlls I have seen being caught are

C:\Windows\System32\evr.dll
C:\Windows\System32\sendmail.dll
 
I'm not sure how to stop it.
Link to comment
Share on other sites

  • Administrators

The latest version of Spectorsoft gets detected every time it tries to use one of the windows system dlls. The dlls I have seen being caught are

C:\Windows\System32\evr.dll
C:\Windows\System32\sendmail.dll
 
I'm not sure how to stop it.

 

What Spector files and folders did you exclude?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...