09/06/2007 02:36:45: UNICLEAR MALWARE STOPPED by BOCLEAN!
Trojan horse was found in memory.
C:\WINDOWS\SYSTEM32\UNICLEAR.EXE contained the trojan.
Active trojan horse WAS shut down. System now safe.
I couldn’t find any reliable info on this one yet. Is or was it a (now killed…) system file, or is this some newbie?
Due to the lack of unified naming conventions in the anti-malware industry it’s often difficult to run one of these down.
I’d suggest running the UNICLEAR.EXE through Virus Total as well as submitting it to Comodo submissions. From the CBO FAQ:
[u][b]Suspected False Positives?[/b][/u]
Q: Where do we send the files that are being alerted on that we suspect are FPs?
A: You can email them to: malwaresubmit [ at ] avlab.comodo.com .
You may want to specify in the subject line “False Positive?” for clarity’s sake.
As usual, zip and password protect with “infected” including that information in the body.
Thanx a lot, Cat, I found it now. Btw, do you know, if there’s a way for the user to safely read what kind of information is being logged inside the .boc file xcept of containing the malware image itself?