My Nephew Just purchased NOD32 Version 2 and cannot run a scan on his XP Home sytem. Mysteriously, the window just disappears when the scanning starts. Have run HiJack This, Spybot and was loaded with malware and Spyware, but should be clean now. I ran on to this same problem with another friends computer. I keep recommending NOD32 to everyone but it seems many have problems getting it to scan the system initially.
Any ideas?
Thanks
Tim

Hi timbuk2,

Just in case you haven't tried this already: did you do an online virusscan on that computer?
You will find several listed here: http://www.wilders.org/free_services_m.htm

Regards,

Pieter

Hi Timbuk2!

Sounds like a security-app killing virus resides on that computer...
You could either use a browser-scanner as Pieter_Arntz suggested...
or you go to DiamondCS-Software and download the free version of Process Guard and put the on-demand-scanner Executable on the protection list... The virus then should not be able to kill NOD32 again..
THEN run a scan with NOD32 :)

DiamondCS Process Guard Site:

http://www.diamondcs.com.au/processguard/

Good Luck!

Storm

Ok, the Online Panda Scan worked and found the trojans listed below but said it couldn't fix anything. All of a sudden my NOD32 started working as it popped up and discovered the same files (and some more) after Panda did. (strange?) Anyway, NOD32 also offers no option to quarentine, delete and can't repair??? What good is that?
I turned off System Restore and am running another scan.


Incident Status Location

W32/Gaobot.gen.worm Not modifyable Operating system
W32/Gaobot.gen.worm No disinfected Operating system
W32/Gaobot.gen.worm Not modifyable C:\WINDOWS\SYSTEM32\scvhost.exe
W32/Gaobot.gen.worm No disinfected C:\WINDOWS\SYSTEM32\scvhost.exe
W32/Gaobot.gen.worm Renamed C:\WINDOWS\SYSTEM32\winhlpp32.exe

W32/Gaobot.gen.worm Renamed C:\WINDOWS\SYSTEM32\winhlpp32.exe

Does this mean it renamed the worm to winhlpp32.exe and I should delete that file?

Thanks
Tim

I ran a search on Google for Gaobot Removal, Symantic are usually the best for removal instructions...

http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.an.html#removalinstructions

The other thing to do is check the Australian Nod32 website www.nod32.com.au for cleaners (not available in this case).

The way we usually remove viruses/worms, is to slave the infected drive off a clean PC running an up-to-date Nod, and have Nod scan the infected drive. When clean, have Nod do a second scan, about 1% of the time viruses are still found on the 2nd scan.

Cheers ;D

Why didn't AMON catch that? I'm really hoping that the sigs weren't updated, or AMON wasn't running in the first place. Really hoping.

Hi nameless,

NOD was installed after the virus-infection, at least that is how I read the story.

Regards,

Pieter

Ah, sorry, I think you're right. I need to get more sleep. :-\