Try it for a month, like it - buy it - then Bad Trojan just after purchase!

[paperview]

Hello everybody! I'm new here. Tried the 30 day version of NOD, liked it, and purchased TWO copies, one for my laptop, and one for my home computer.

I have, to date not had any problems with my home computer. Used it for years with little problems. NOD did find some minor Trojans when I initially installed the trial version, and worked just fine for the 30 days. I plunked down the money, and just shortly after fully registered version, I started getting a Buffer overrun error pop-up error which causes my system to crash (I have to reboot from whatever I am doing)
>Microsoft Visual C++ Runtime Library
>
>Buffer overrun has been detected in program WINNT/Explorer.EXE which has corurped the program's internal state.Microsoft Visual C++ Runtime Library



Then running the virus scan , I get this error:
Time Module Object Name Threat Action User Information
6/2/2007 19:54:37 PM Kernel file C:\WINNT\System32\ddabc.dll probably a variant of Win32/Genetik trojan

which I cannot delete, because it is in system memory, it tells me. This is a nightmare.

Argh. Please help. This only happened just after I paid good money to PREVENT this kind of thing. Right after. NOw I know *Crap* happens, but the timing was bad here.

Anybody? Thanks in advance.

[planet]

Not sure, but after goggling that dll file, you might want to check out this
thread:
http://www.cybertechhelp.com/forums/...ad.php?t=91933

Also, did you try running NOD32 in safe mode? Perhaps that dll wouldn't be loaded in safe mode.

[Marcos]

Please remember that NO AV detects 100% of all threats. NOD32 has improved advanced heuristics in the mean time, that's why it didn't initially detect the dll. We will be happy to assist you in removing it, feel free to contact Eset's support at support[at]eset.com. Generally it's very difficult to remove already injected dlls from the system, but we will provide you with instructions how to accomplish it.

[GAN]

You could try to run msconfig and uncheck everything under Startup except those you know for sure is safe. Then reboot your computer and might be able to delete the dll. Also you could download Process Explorerer from Microsoft (url below). Using process explore you can search for the dll and find out what process is keeping that file locked. Then by killing that process you might be able to delete the dll. There is most likely at least one more file you should delete during the cleanup.

http://www.microsoft.com/technet/sys...s/default.mspx

If using msconfig you should run it again after cleanup and enable the startup items again, but i guess i complete scan of your harddisk could be smart before doing that.