I had installed NOD64 5.0 and a virus took control of my NOD64 and infected the PC.

[mike27928]

Hello, since August 30, I am having a total nightmare I cannot scape out.
I was just browsing the web, to search for a website with cool videos online and found a website... called www . cinetube . es
*** PLEASE DO NOT CLICK IN THE LINK MENTIONED BEFORE ***

I was using NOD64 5.0 antivirus.
I saw that website, and because has a similar name to youtube cinetube I decided to enter inside.
The website took control of my antivirus and de-activated it in seconds, infecting my PC !!!! IMMEDIATELY, MY NOD64 ANTIVIRUS BEGAN TO DISPLAY RED ALERTS, AND TOLD ME THE HTTP PROTOCOLS (OR SOMETHING SIMILAR) WERE DE-ACTIVATED. THE ANTIVIRUS STOPPED TO WORK, AND TURNED FROM GREEN TO RED.

ALSO, VERY STRANGE, MY COMPUTER ASKED ME TO RESTART IMMEDIATELY.
IT RESTARTED.

PLEASE NOTE: THIS WEBSITE TOOK CONTROL OF NOD64 ANTIVIRUS, TURNED IT OFF... AND RESTARTED MY COMPUTER.

Because NOD64 was not working anymore, I decided to uninstall it, and re-install it and here we have the problem... it is completely impossible to install any antivirus from any brand.

Here is where my nightmares begin...

Because NOD64 was not working and was impossible to install it... I decided to install a free antivirus... AVAST! in my computer... and when it was installed... AVAST was showing a red X saying the antivirus was not working...
ok... then I decided to install again NOD... reaching the end of the installation... the process reverted and was impossible to install the antivirus.

okay... now I try to install KASPERSKY INTERNET SECURITY 2013, and also the same... was impossible !!!
First try, Kaspersky recommended me to download an utility to scan for viruses or create the RESCUE CD...
ok... I created the RESCUE CD and began to scan the computer... it found the following:

HEUR:trojan.wiin32.generic (infected the file syshost.exe inside the Windows directory)
HEUR:exploit.java.cve-2012-4681.gen

BACKDOOR.WIN32.ZACCESS.YDV
C:\Documents and Settings\ORION\AppData\Local\Temp\85046051.exe

EXPLOIT.JAVA.CVE-2012-1723.DJ
C:\Documents and Settings\ORION\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\510d7203-3e55cea4/bkwa/bkwa.class

HEUR:EXPLOIT.JAVA.CVE-2012-4681.GEN
C:\Documents and Settings\ORION\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\510d7203-3e55cea4

• I don't know if this has any relationship with the Java vulnerability people is talking in Internet ?

After passing the scan in the RESCUE CD, I began to perform actions... deleting the infected files, and puting one of them in quarantine...

Okay... windows 7 start again... and I try to install Kaspersky, and it's imposible... impossible.

I tried to install again NOD64 5.0 and it's impossible!

I try to install any other antivirus... impossible!

Is like if someone touched my machine in such a way is not possible to have an antivirus in it !!!

I was suggested by someone in Facebook to take a look to the service BASE FILTERING ENGINE which control the internet protocol and firewall... okay, this is weird because this service was de-activated ! so this bug, worm, or virus have modified things and services in my PC in such a way I cannot install any antivirus!!!

Okay. I active again the service BASE FILTERING ENGINE, restart the PC again... and it continue the same... impossible to install any antivirus.

I really don't know what to do.

Before taking the format C: solution, I would beg you please, if you could help me, give me a solution to escape from this nightmare and being able to install an antivirus again. NOD64 in this case.

Thanks

[Cudni]

Reach to one of the volunteer sites listed
http://www.wilderssecurity.com/showp...81&postcount=3

or if you were running eset still, their tech support
http://kb.eset.com/esetkb/index?page=content&id=SOLN762

[volvic]

*
2) run Hitman Pro / MBAM and see how you get on.

[manak]

NOD64? I've never heard of it. It sounds like FakeAV.
Anyway, Malwarebytes Anti-Malware and Hitman Pro are good second opinion scanners.

[volvic]

*
is it not permitted to critically assess a av on here?

[Dark Shadow]

Quote:

Originally Posted by manak

NOD64? I've never heard of it. It sounds like FakeAV.
Anyway, Malwarebytes Anti-Malware and Hitman Pro are good second opinion scanners.

I think he means Nod 64 bit.At this point suggesting other installation is probably not going to happen as the infected PC is being blocked from installing security and pretty common.


@ The OP, follow cudni suggestions is your best chance of resolving it,Good luck.

[manak]

Quote:

Originally Posted by Cudni

Reach to one of the volunteer sites listed
http://www.wilderssecurity.com/showp...81&postcount=3

or if you were running eset still, their tech support
http://kb.eset.com/esetkb/index?page=content&id=SOLN762

Good info
1. Malware Removal - HijackThis Logs Forum at Malwarebytes.org ( http://forums.malwarebytes.org/index.php?showforum=7 )
2. HijackThis Logs and Virus/Trojan/Spyware/Malware Removal at BleepingComputer ( http://www.bleepingcomputer.com/forums/forum22.html )

They are the folks to really provide support in getting rid of rootkits, malware and other nasties.

[mick92z]

I would not worry about installing another AV, as none of them will rid you of Zeroaccess rootkit. I would strongly recommend using one of the specialist forums already mentioned ( bleeping computer/ geekstogo etc )
This malware you have does cause damage, so even after disinfection, you may still encounter problems ( eg, safe mode, task manager etc )
I see you have also posted on Kaspersky forums, no disrespect to them, but i think you would be better using one of the forums already recommended.

[Marcos]

I'd recommend contacting Customer care or emailing ESET's malware research lab and providing them with an install log created as per the instructions here. If the failure turns out to be causes by malware, you'll be provided with other tools that will help pinpoint the issue.