Please can anyone help me on this. I got infected by a virus whose first task was to destroy nod32. My adaware deleted a lot of spyware and it still does from time to time.
But the thing is it won't let me reinstall nod32 and each time I try to do that I get the same message: (106) error occured while extracting archive file.
Also it will not let me install any other antivirus. I still get an error message.

Can you please help me out of this?

'billy'...don't panic, keep calm. You've come to the right place here & besides, there are lotta NOD resident experts here, k? ;)

Now.... could you recall your last scan... what did your working scanner then inform you, WHAT TYPE of pest/spywares did it emit??

If you can't recall, that's fine. Here is what u can do for a '911' Safety Moves...

a) if you got another rig, go & download a copy of 'cureIT' standalone scanner. The URL is this (copy it or write it on a piece of paper) ~ http://www.freedrweb.com/cureit/?lng=en

b) samely, shutdown (complete pwr-off) for around 15secs)... then reBOOT into Safe Mode! SafeMode How2 = bootup, at POST screen, hit F8 (continuosly) till Safe-Mode screne appear. That screen contains a lot of choices; SELECT the first line indicated as Safe Mode.

If you had an admin logon, use it once reaching safemode. 'admin logon' is imperative for usage on such 'infectious' situation!

c) At desktop (in SafeMode then), transfer your fresh download of cureIT to that the desktop page of your infected rig. Then deploy (keep cool, an click cureIT 'exe' file).

d) Once cureIT was installed. Select C: drive (coz it contains your OS) and other subsequent drives (aka: partitions) for scanning by cureIT, at its initial 'default' scanning mode.

...that's it for now. Don't just stand there, get to work!!!

If i ain't able to handhold you for your next episode... DON'T WORRY, there are lotta gud fellas in here who can and are much more of an expert than i am!

;)

Thank you for your reassuring words. It's good to feel you are in the right hands.
I'm sorry I don't remember what where the last scans of nod32, it had tracked a few viruses now and then, but that is not the case. As soon as I executed the infected file, nod32 went out of business. I only use firefox, but internet explorer windows started to pop up but ad-watch would block most of them.
I got a message that my windows cd was needed and I inserted that. Then winlogon was taking up all the resources and increasing the cache memory.
I uninstalled nod32 and ended the nod32 process and that took care of that.
It found a few spywares, I don't remember the names. Also, I tried x-cleaner micro edition, an online spyware scanner-remover and that located some other spyware. Kaspersky online also found a some infected files but that's only for scanning. Can't remember the names.
But the problem remains. I can not install an antivirus

Now I downloaded cureit and I'm right on to it

I'll let you know how it worked

Thanks a mil

It could be Bagle or Stration
Contact ESET if the above suggestion doesn't help , email support[at]eset.com

Oh, yes, bagle was one of them for sure

{QUOTE-> Oh, yes, bagle was one of them for sure <-QUOTE}


If you know how to use Gmer , it will cure you

I havent hear of gmer before..I can learn though

well, it wont let me go into safe mode..So i guess there is no point in running cure it in normal mode, is there?

What about that gmer?

I run cureit either way and it found 2 infections in:

c:\windows\system32\drivers\hidr.exe
c:\windows\system32\drivers\srosa.sys

by Mr. win32.HLLM.Beagle

That was in the quick scan.

I am now running full scan.

It found DDos.synte.origin but it could not be cleaned. So it was "moved" as it said, I don't know where.

On the whole 8 viruses were found. 7 were deleted and 1 was moved.
But still I can not install nod32 and I get the same message

Heeeeeeeeeeeelpppppp!!!!

Hello!

I am not telling you how to use Gmer because it is advanced tool to use to eliminate rootkit types of threats . Bagle is a worm and some variants are with rootkit behaviour.

I would suggest you one of these things (either 1 or 2):

1. Contact ESET Support , email support[at]eset.com
2. Post in forum providing malware cleaning services . I recommend Aumha forums http://forum.aumha.org . If you post there , provide them with a link to this thread and stop posting here til they are helping you :thumb:

Good luck!

i think it's because of a nasty file infecter virus(Virut)

{QUOTE-> i think it's because of a nasty file infecter virus(Virut) <-QUOTE}

We can only guess but I think that since CureIt found Bagle , it should be a Bagle ... :thumb:

Hi, I searched another forum that people had same problems with their antivirus programs.
Here's what I did:
Start->run->msconfig->diagnostic restart->reinstall nod32

It worked! I updated nod32 afterwards and run a scan which found 2 infections.

I'm not sure if my system is clean now..My printer displays a funny message as well. When I need to print something another file/document appears in the printing panel. It's functional but I'm not sure if everything is ok now..

Also something I needed to ask which is important. Do you think it is safe to use the web for internet buying or transactions or web banking (after being infected I mean)?

Thanks again guys