I scanned with nod32 my computer 4 times.. and it found many viruses that i removed but.. it didnt delete a virus called WIN32/virut.nbk .. seems that this virus has infected all my programs.. (all .exe types ). it found more than 300 infections but only quarantined them . if i removed them it will mean to remove even system files.. so what should i do?
the virus keeps restarting my computer.and I tried many antiviruses but only nod32 found that win32/virut.nbk but it doesnt clean it from files..


I have many important things in my computer so i cant format it..

If virut.nbk is not your system file, kill it by "UNLOCKER" http://ccollomb.free.fr/unlocker/:thumb:

I would recommend running NOD32 in safe mode.

when i run unlock in drive C:\ it finds too many locked things.. the navigation bar is very small... and when i click unlock all or just unlock a process computer immediately restarts.. is there any removal tool for this virus?

{QUOTE-> I would recommend running NOD32 in safe mode. <-QUOTE}
You could also try this:
http://www.microsoft.com/security/malwareremove/default.mspx

Also try "Recovery Console" its on windows XP CD. Where you can delete file until OS is loaded, just type the command (delete) and path (with correct syntax).

I dont know where the virus is located ..:(
Its a very bad virus.. i read in google about this trojan and all say its incurable.. and only PC format can help..
but there must be another way to get rid of it .. i tried nod32 even in safe mode .. the virus is still there

PC format - it is like a suicide, for me. You should find the sourse of that sh.. , look for the processes or loaded system files to see dependencies(.dll ...) http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

I ran process explorer and schvost.exe was 9 times .. and was red but its a system process and its description is : Generic Host process for win32 applications.
I tried a program called combofix .. and it removed many malwares .. but still the PC is not stabilized it keeps restarting . i just cant figure out how nod32 finds it but cannot clean the virus:(

and thanks very much for trying to help me everyone:)

Please download ESET SysInspector, create a log, then email it to support("at")eset[dot]com for further assistance. Include as much information as possible in the email plus a link to this thread.

Ill try this sysinspector after my scan is complete and as i can see nod32 can clean the virus from other programs .. but not from system procceses like exlorer.exe schvost.exe etc ..it keeps saying : error in cleaning file . any idea how to remove the virus??

{QUOTE-> Ill try this sysinspector after my scan is complete and as i can see nod32 can clean the virus from other programs .. but not from system procceses like exlorer.exe schvost.exe etc ..it keeps saying : error in cleaning file . any idea how to remove the virus?? <-QUOTE}


Explorer.exe you can replace with fresh one from windows CD(ask Google), but schvost.exe, not sure:blink:

well. replacing just explorer.exe isnt enough :-\ the virus will spread again..
im hopeless with this thing.. my computer restarts every 5 minutes or whenever i click mozilla .. myComputer .. windowslive messenger

{QUOTE-> well. replacing just explorer.exe isnt enough :-\ the virus will spread again..
im hopeless with this thing.. my computer restarts every 5 minutes or whenever i click mozilla .. myComputer .. windowslive messenger <-QUOTE}


Yeh! That is crazy situation:blink: Only correct order of operations could cure your PC and there are too many of them if do it manually. Ive got no such a problems for a really long period of time, because, i almost never turning off my AV and firewall::)

Try, but risk is high, scan your HDD from another PC( maybe with linux OS if there exist any AV) and kill the infected files, but before, create backup of system files.

Scanning the HDD from another computer is very complicated for me .. and i dont have any other computer..:(:(:(
Yesterday before sleeping i left nod32 scan in safe mode.. and when i got up i saw my computer off:dry: however when i started windows.. nod32 informed me : WIN32/virut.NBK error while cleaning object schvost.exe explorer.exe..!!!

still its there .. veryvery nasty trojan:ouch:

You can try running the free version of malwarebytes at www.malwarebytes.com. The program has 'Virus.Virut' in its list of detected malware. Make sure you update the malware definitons prior to running the scan.

hi everyone till now this problelm nod32 cant solve it ??????
why do i suppose to use another solution when i m having licensed nod32 .

offcourse i m using updated nod32 version 4 and , i ran nod32 on demand scan with the full configuration enabled ??????

and even in the safe mode also with system restore off .

i do not want using any other solutions and i want to know if no32 will fix this problem or not to remove it and search for somthing really works.

What's the problem exactly? Is it that ESET cannot clean these files and offers you only deletion? Or you're getting an error while cleaning? Do you have advanced heuristics enabled while cleaning?

If system files being in use are already infected, it's necessary to boot from a clean media in order to clean them. Bear in mind that some viruses modify files to such extent that it's impossible to restore the original content. The best would be if you could restore a clean copy of them to ensure proper functioning.

HI Marcos thank you for your reply , first all my network computers got infected with variant type of virut.nbk and nod32 detects them but cant remove or clean it just nod32 gives error while cleaning .

unfortunately i formatted the infected machine but here there is a computer infected with virut.NBP

the virus infected all the system 32 executable files

c:\windows\system32\spoolsv.exe
\ ctfmon.exe
\calc
\taskmgr.exe
windows\explorer.exe

and some applications errors appear like drwatson.

Since system files are usually exclusively used by the OS, it may be necessary to boot from a clean media (e.g. rescue cd) and run a full system scan with cleaning from it.

would you please show me how can i make cleaning bootable media.
would you please mention the steps

please does any one help me im really disabled in front of my computers.
the virus infects the dr watson process and no way to do anything

only reinstall will help...dont lose time to fix something that cant be fixed

The process of creating a rescue cd is described in this (http://kb.eset.com/esetkb/index?page=content&id=SOLN2103&actp=search&viewlocale=en_US&searchid=1249392882358) KB article. However, the best course of action when system files get infected is to reinstall Windows as file infecting viruses may modify files to such an extent that they won't run after cleaning.

i m really angry now >:( >:( >:(
the computer was really protected with updated nod32 version 4 + the full proper configuration.

how come the virus infects a protected computer??????

suppose that im administrating 300 or 400 computer in network , it will be impossible to reinstall windows to all these clients.

{QUOTE->
how come the virus infects a protected computer??????
<-QUOTE}

Thinking that an antivirus program will protect you against every single threat in the world is utopia. There's no single security solution in the world that will 100% protect you. You, as an admin, must also take precautions like setting non-administrative permissions to the users, keeping the OS and other software (especially security software) up to date, use a firewall to prevent undesired connections from outside the network and to control connections from inside, use strong passwords, avoid sharing system folders, use UAC in Vista, etc.

{QUOTE-> Thinking that an antivirus program will protect you against every single threat in the world is utopia. There's no single security solution in the world that will 100% protect you. You, as an admin, must also take precautions like setting non-administrative permissions to the users, keeping the OS and other software (especially security software) up to date, use a firewall to prevent undesired connections from outside the network and to control connections from inside, use strong passwords, avoid sharing system folders, use UAC in Vista, etc. <-QUOTE}
Did you tried Bitdefender Total Security 2009?it's the most complex antivirus solution i ever tried, it has a 98,10 % detection rate and believe me other antiviruses programs don't have such a major rate.If you want to convince yourself here is the toptenreview gold award for this product ~Snip~ maybe you'll trust in it.::)

{QUOTE-> Did you tried Bitdefender Total Security 2009?it's the most complex antivirus solution i ever tried, it has a 98,10 % detection rate and believe me other antiviruses programs don't have such a major rate.If you want to convince yourself here is the toptenreview gold award for this product ~Snip~ maybe you'll trust in it.::) <-QUOTE}

ROFL! top ten reviews is an affiliate site. He reviews "pay for" products...eyeball the "Buy now" links on his page. Yeah..% of sales from clickies on his page go to his pocket. Those software vendors who give him the biggest cut get put at the top of his ever changing list.

It's a carefully crafted Google and affiliate link that puts lotsa cash in his pocket, not an honest trustworthy NEUTRAL review site like av-comparatives.org

Some may deem XP Super Antivirus to be the best. It will surely detect more than any other antivirus programs as it detects much more than 100% of malware ;D

{QUOTE-> suppose that im administrating 300 or 400 computer in network , it will be impossible to reinstall windows to all these clients. <-QUOTE}

It will also be impossible to clean them remotely . One of my clients with a network 150 machines was infected . We had to visit each of them - it was a nightmare but...

hold on guys, maybe nod32 is one of the best antivirus , but really there is no proper support from nod32 labs. sometimes you need to send them the virus by your self and wait till the update comes.
(i know there is always new threats come every single second but when you compare nod32 response with others AV really not good )

in the past they gave us a registry fixer tool, and now they stopped develop such helping tools ?????

i just feel like they do not care or help the users.and what you get it is your own problem and you have to fix it .

regarding to virut.nbk virus , if nod32 could not deal with it , i think they have to give another or manual solution , instead of just saying reinstall your windows.

the solution is simple.You know it's svchost.exe and explorer.exe.So pop in your windows xp cd, go to the I386 folder and run the " expand " command to extract fresh copies of those 2 files.That should help with your computer rebooting and give you more time to fix the others while your computer is up.

also go into the " run " section of your registry to stop any files that keep executing at every reboot and delete those keys.

this is the exact reason I maintain small drive sizes no bigger than 80 gigs and NEVER use the NTFS file system.It's much easier to fix things maintaining a FAT32 drive.I used to use F-PROT antivirus for DOS to run scans.Now that they have discontinued that, it's good to see that ESET still has a DOS scanner, for the smart people who ignore using NTFS, and stick with FAT32 so we don't have to reformat and clean install every time something like this happens.

if you don't know the windows registry, than go to the run box and type msconfig and go to the startup section and uncheck any suspicious files there from starting when windows starts.

there are also other " run " and " load " sections in the registry to look at when something suspicious keeps starting with windows.I think eset has the list of those registry sections.