ESET Reports Defs out of date but updating ineffective.

[Merc14]

I am working in a customer's computer and she is using using ESET NOD 32 Antivirus 4. She had a Trojan infection, that I believe I have corrected but ESET is reporting that its definitions are out of date, even though update is reporting the data base up to date a/o 1/17/10 1147am EST. Trojans I caught were fakealert and Dropper. Running the ESET SCAN now.

How can I correct this problem? TIA for any help.
Merc

[ronjor]

Hello Merc14,

Several cleaners are available here. -> http://kb.eset.com/esetkb/index?page...nt&id=SOLN2372

[Merc14]

Thanks Ron. I don't think it is infected any longer but am running an Eset scan now and will run HJT when it completes. Is the database out of date issue indicative of a lingering Trojan or virus? FYI, current database on the computer is 4780 which appears to match the listed current DB.

[ronjor]

Quote:

Is the database out of date issue indicative of a lingering Trojan or virus?

Not necessarily.

Quote:

current database on the computer is 4780

That is the latest set of definitions.

Please note: We don't analyze logs here. http://www.wilderssecurity.com/showthread.php?t=42148

[Merc14]

OK, thanks for the help. I went through the tools and hit F5 and saw that "Start real time protection automatically" was unchecked. I had done this myself so I could run combofix in safe mode and obviously forgot to reinitialize. Possibly this was the cause of the "out of date" error. I'll post back if it wasn't.

Very nice product BTW. Reviews are through the roof and I love the GUI. I have been recommending Kapersky Internet Security suite to my customers and am using it myself but their prices just went up significantly and the market is very sensitive to that now. May start suggesting you folks.

Not sure how she got infected with these two Trojans, however, which is troubling. ESET should've caught them as she had, at least by her report, simply gone to a website that was rather benign in content and the pop-ups/redirects started. If you folks are at all interested I will get more details and report them.

[ronjor]

Quote:

Not sure how she got infected with these two Trojans

Without knowing the exact configuration of the system in question, it would all be guesswork.

It's important to know that all anti virus/anti malware programs can miss malware at any given moment. I can assure you, it happens daily.

[Merc14]

Concur. System appears fine now. Thanks for the help mate.

[siljaline]

You might try running a scan in safe mode but that may be futile at this point.
Combofix and HJT logs are supported here Note the links are limited but if you are experienced with HJT, one would assume you would know where to go for further assistance for a full clean-up.

Best of luck.

[Merc14]

Thanks for the help gents. The system is cleaned up and all looks good. I will post back tomorrow with the name of the suspect site and check it out myself. Seemed innocuous enough from her description but it nuked this rig in a matter of minutes. She shutdown and powered off at the PSU and then called which I am sure saved her from much worse damage.