Guest JCVP Posted August 9, 2013 Posted August 9, 2013 My NOD 332 has found VBS/ProxyChanger.AG, and put it in quarentine. But few minutes later this virus appears again. Does anybody know how can I delete this virus? Thanks
Administrators Marcos 5,466 Posted August 9, 2013 Administrators Posted August 9, 2013 Please post detailed information from your Threat log (ie. the path to the file, the name of the threat detected, action taken and other additional information).
Guest JCVP Posted August 10, 2013 Posted August 10, 2013 Marcos, Object name -> (hxxp://zar.workbest.com:8082/worked.dat) Virus -> VBS/ProxyChanger.AG Action taken -> I have run NOD 32 in windows vista safe mode, but did not work. Everytime I access the internet few minutes later this virus appears again and again and again. And I have scanned all memory computer, NOD 32 don't find nothing. I cleaned my internet temporay files, but did not work. Could you pass more information/tips? Can we talk in portuguese? Thanks
Administrators Marcos 5,466 Posted August 10, 2013 Administrators Posted August 10, 2013 The url doesn't work anymore. If it was detected by the http scanner it must have been blocked. Just to make sure, post the appropriate record from your Treat log which should look like as follows: 10. 8. 2013 20:05:30 HTTP filter file hxxp://www.eicar.org/download/eicar.com Eicar test file connection terminated - quarantined pc\admin Threat was detected upon access to web by the application: C:\Program Files (x86)\Opera\opera.exe.
Guest Guest Posted August 10, 2013 Posted August 10, 2013 Threat log. 10.8.2013 17:32:19 HTTP filter file hxxp://zar.eworkbest.com:8082/worked.bat VBS/ProxyChanger.AG connection terminated - quarantined HP-PC. I think there is a file or a program (virus, worm and etc) in my PC that it tries to enter in this site. I think NOD32 had to find it. Am I right? Thanks
Administrators Marcos 5,466 Posted August 12, 2013 Administrators Posted August 12, 2013 Not necessarily. Please create a SysInspector log as per the instructions here and submit it to ESET along with a link to this thread as described here.
Recommended Posts