Is this a virus?

Discussion in 'ESET Smart Security' started by jackm, Feb 11, 2008.

Thread Status:
Not open for further replies.
  1. jackm

    jackm Registered Member

    Nov 8, 2006
    Copy and paste into a text file without trailing spaces then save. Wait for EAV/ESS to pop up.

    It's hard to take ESET seriously sometimes when it throws up warnings like this. :blink:

    Yes this file is used by a trojan installer but it's not a threat (all it does is delete the file passed to it at runtime).

    In the meantime it would be nice if ESS/EAV could actually remove virtumonde instead of just alerting about harmless batch files.

    BTW ESET to remove virtumonde all you need is unlocker and this script:
    Run the above script (leave it looping) then use unlocker on the virtumonde dll and choose "unlock all." System will crash (winlogon.exe) but the file will be gone. ESS/EAV's efforts however were in vain.

    I'm sure this could be implemented in ekrn.exe

    Cheers. :)

    Here's what your peers think:
    ~removed VT results per policy....Bubba~
    Last edited by a moderator: Feb 11, 2008
  2. swagger01

    swagger01 Registered Member

    Oct 17, 2007
    LOL !!!
  3. Jenee

    Jenee Registered Member

    Dec 27, 2007
    Perhaps you could name all the antivirus/firewall programs that will get rid of virtumonde. It will be a very short list.
    I was able to remove virtumonde from a system which had another firewall that allowed virtumonde to get in in the first place by removing that firewall and installing ESS.
  4. ASpace

    ASpace Guest

    Perhaps the above code is a part of a Virtumonde file/algorythm and that is why it is detected by ESET in generic signature
Thread Status:
Not open for further replies.