We have a network with more than 1000 users where NOD32 is installed recently. We are facing a strange problem with client machines that has power users right. AMON is detecting a lot of trojans with 'delete' and 'rename' options enabled. But when we try to delete or rename we get an error message saying that the file is locked up.

Is there a way to delete or clean this without going into the safe mode as more than 250 computers are infected and it will be a nightmare logging all these machines in safe mode.:-[

Can you delete those files manually or they are in use?

No we can not delete these infected files manually.

Could you please send the following to your local support office:

1. Click on the NOD32 Control Centre (Green and White split square on the bottom right hand corner of your computers screen).
2. Click on NOD32.
3. Click on Run NOD32.
4. Click on “Scan and Clean”.

When the scan has completed please continue below:

Download HijackThis from HERE (http://www.wilderssecurity.com/showthread.php?t=12516)

Download Autoruns from HERE (http://download.sysinternals.com/Files/Autoruns.zip)

Download and run Lookinmypc from HERE (http://www.lookinmypc.com)
1. Select "Generate report"
2. Wait - scan results will pop up in a browser
3. Go to folder with LookInMyPC installed (default in C:\ProgramFiles\LookInMyPC\Reports\username\LookInMyPC.zip), and attach LookInMyPC.zip to an email.

Then run the other 2 programs and forward the logs from all three programs to your local ESET Support Office together with the following:

1. Go to the NOD32 Control Centre
2. Click on Logs
3. Right Click on one of last completed full system scan logs.
4. Click on “Details”
5. Right Click anywhere on the scan log
6. Click on “copy all”
7. Right Click in the replying email to me.
8. Click on “Paste”

This will paste a copy of one of the scans you have completed.

They will then provide you with a solution.

Let us know how you go...

Cheers ;D

try securetaskmanager (http://www.neuber.com/taskmanager/index.html) or any fileunlocker (helps sometimes)

I think his major problem is there are 250 computers spread out all over and he was trying to avoid going to each one which I don't think is possible in this case.

What support will require is the logs from above, then an effective solution can be implemented.

Cheers ;D

Thank you for your feedbacks. Problem got solved after we tried script for specific trojans. Also changing power users to Admin users solved some problems as NOD32 was able to delete many of the files in the on-demand scan.