pazzo1940 0 Posted June 13, 2013 Posted June 13, 2013 A day ago my internet connection was suddenly blocked and, after checking the status, I noticed that data was being sent and received. I knew I didn't have any processes running that would account for the activity. I ran a scan and NOD32 identified and quarantined this Java exploit. I've just run the ESET Online Scanner and it didn't detect any threats. Curiously, when I had first entered the ESET URL in my browser, the systray network icon flashed the same "not available" symbol I'd noticed before; however, it didn't persist and I was able to come to this site. My question now is: how do I remove the Trojan? I haven't been able to find any solution online. Win7, ESET NOD32 Antivirus 6 ... any suggestions? Thanks
pazzo1940 0 Posted June 13, 2013 Author Posted June 13, 2013 ESET NOD32 did it's job in identifying and quarantining this virus. Now, I'd like to know how to remove it. Win7, ESET NOD32 6 Thanks
Janus 210 Posted June 14, 2013 Posted June 14, 2013 Hello pazzo 1940..(Some loose thoughts about quarantined files.) When a file is quarantined then it is rendered harmless, as you know. The file will not be removed completely from your system. That is just meant as a precaution in thoose rare cases of a false positive detection, when a user need to restore a file. Sometimes it is the other way around, that it is you that can quarantined a suspicious file, while it is analysed by Eset. Personally I always wait ,at least a month ,before deleting a file from quarantine, and not without a backup of my system, before I delete any file . And there you have your answer, if you delete the file from quarantine it will permanently be removed from the hard drive. (And can longer be restored if you wish so). Regards, Janus
SweX 871 Posted June 15, 2013 Posted June 15, 2013 @Janus is correct. When ESET quarantines something it means that the file is put in an isolated environment and it can no longer harm your system. But if you want it deleted permanently, then you can do that from within the quarantine. And this doesn't sound like an FP so I would say you can go ahead and do that if that's what you want to do. And you may also go and check that your Java software is up to date(important), since it constantly get's security updates. Check here: hxxp://www.java.com/en/download/installed.jsp
pazzo1940 0 Posted June 16, 2013 Author Posted June 16, 2013 Thanks, so much, for the excellent assistance! I did delete the file from quarantine and disabled Java in my browsers. I wonder if the numerous attempts by Java to update that failed were actually attempts to install the Trojan. Also, will the file persist in System Restore? Should I have disabled System Restore at some point? Thanks, again!
Janus 210 Posted June 16, 2013 Posted June 16, 2013 (edited) Hey pazzo 1940 There is of course a chance, that it is still there, in one of your system restore points. The only thing you have to do is as first to create a new fresh restore point, and give it a name you can recognize. Restart you system, and be sure that it have created the new point. Then delete they old restore points manually, except the newly created point. Link: Delete a restore point Regards, Jannus Edited June 16, 2013 by Janus
Recommended Posts