signature 3918 appears to be putting windows files into quarantine

Discussion in 'ESET NOD32 Antivirus' started by BeanCounter, Mar 9, 2009.

Thread Status:
Not open for further replies.
  1. wingman ix

    wingman ix Registered Member

    Joined:
    Mar 9, 2009
    Posts:
    4
    I am in the same boat, but I don't see the files in my quarantine menu which I can only assume means they were deleted. I also did a search and they aren't in the system32 folder either. Any ideas how to get the files back? Reinstall windows?
     
  2. xMarkx

    xMarkx Registered Member

    Joined:
    Dec 1, 2008
    Posts:
    446
    OK so I'm pretty sure I should restore the two Windows .exe files because everyone's NOD32 has detected them so they're definately FP.

    However, my NOD32 also picked up two .tmp files in the SYSTEM32 folder. Should I restore the .tmp files as well?
     
  3. CEllsworth

    CEllsworth Registered Member

    Joined:
    Mar 9, 2009
    Posts:
    7
    I was able to just restore them on a number of machines. The Microsoft Distributed Transaction Coordinator Service started once the file was restored.
     
  4. CellThree

    CellThree Registered Member

    Joined:
    Mar 9, 2009
    Posts:
    5
    If you're not sure, then restore everything, run the manual update to get the fix for the FP and rescan the affected folders. If it comes back clean, then you're sorted.
     
  5. xMarkx

    xMarkx Registered Member

    Joined:
    Dec 1, 2008
    Posts:
    446
    That's exactly what I did. Thank you for your advice. Rebooted computer and everything is normal.

    Just wondering -- what would happen if the FPs (the important Windows files) weren't restored from quarantine and one was to reboot the computer? Would everything be normal.. or what would happen?

    Thanks,
    Mark.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
  7. tanstaafl

    tanstaafl Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    207
    So, all you guys saying you're no longer using NOD32 because of this...

    Do you ever get tired of switching programs?

    I'll admit this is pretty bad, and I can afford to be more forgiving since apparently I was not bit by this, but still, NO s/w is perfect... and the fact is, NOD32 is, overall, the best protection for your PC that money can buy...
     
  8. Rmuffler

    Rmuffler Former Eset Moderator

    Joined:
    Jun 26, 2008
    Posts:
    1,000
    Location:
    Bismarck, ND USA
    We have added more information about this to our news page here: http://kb.eset.com/esetkb/index?page=content&id=NEWS9

    A Knowledgebase article describing the issue is here: http://kb.eset.com/esetkb/index?page=content&id=SOLN2181

    We apologize for problems caused by this issue. If further help from our Customer Care Engineers is needed, please call Toll Free. +1 (866) 343-ESET [3738] or Tel. +1 (619) 876-5400, or through the support request page here: http://www.eset.com/support/contact.php


    Thank you,
    Richard
     
  9. Rian

    Rian Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    5
    Location:
    Nebraska, USA
    I thought this was fixed with Advanced heuristics module version: 1091 ?

    Still seeing this on servers I manage...... :(

    --------------------
    NOD32 antivirus system information
    Virus signature database version: 3922 (20090309)
    Dated: Monday, March 09, 2009
    Virus signature database build: 15308

    Information on other scanner support parts
    Advanced heuristics module version: 1091 (20090309)
    Advanced heuristics module build: 1200
    Internet filter version: 1.002 (2004070:cool:
    Internet filter build: 1013
    Archive support module version: 1082 (20090213)
    Archive support module build version: 1224

    Information about installed components
    NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Administrative tools
    Version: 2.70.39
    NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Base
    Version: 2.70.39
    NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Internet support
    Version: 2.70.39
    NOD32 for Windows NT/2000/XP/2003/Vista/x64 - Standard component
    Version: 2.70.39

    Operating system information
    Platform: Microsoft Windows Server 2003
    Version: 5.2.3790 Service Pack 2
    Version of common control components: 5.82.3790
    RAM: 2048 MB
    Processor: Intel(R) Xeon(R) CPU 3040 @ 1.86GHz (1866 MHz)

    3/9/2009 0:03:30 AM - NOD32 Kernel Threat Alert triggered on : c:\windows\system32\msdtc.exe is infected with a variant of Win32/Kryptik.JX trojan.
    3/9/2009 0:03:48 AM - NOD32 Kernel Threat Alert triggered on : C:\WINDOWS\system32\msdtc.exe is infected with a variant of Win32/Kryptik.JX trojan.
    -------------------------------

    SRW
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    The "Kryptik.JX" signature was removed in the update 3920. Please restore the files in question from quarantine and rescan them with the most current version.
     
  11. Kaburrub

    Kaburrub Registered Member

    Joined:
    Feb 14, 2009
    Posts:
    1
    what's up NOD32? got the same results as well. pleasee fix this
    My Organization used ESET after My recommendation . Plz Keep Me trust you o_O :mad:
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Please post here a screenshot of the on-demand scanner detecting this file so that we can see all relevant information.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.