Win32/Dzan.C

I have this issue with the above mentioned virus. NOD detects it, but is unable to clean it.

From google it has been around for a while, so im still worried why NOD cant handle it.

NOD Also detects it as Win32/Dzan.C

I also checked the threat center and its not even mentioned there.

im starting to see more and more of this, all google info relates to other antivirus and please update defintions, but not a single word about it on NOD's websites.

 

Try Strict Cleaning Option in your options. I have noticed by enabling this I get better results.

 

did you enable strict cleaning on it all?

 

@coiter
Do you have a Windows installation disk (handy) ? What is your OS ?
What exactly NOD32 detects (and where it is detected) ?

 

Name Threat Action Information
C:\WINDOWS\system32\1021\services.exe Win32/Dzan.C virus unable to clean Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\1021\services.exe.

 

Just this services.exe and nothing else or ?

 

Re: Win32/Dzan.C aswell

Name Threat Action Information
C:\Documents and Settings\xxxxxx\Start Menu\Programs\Startup\ctfmon.exe Win32/Dzan.C virus unable to clean Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\1021\services.exe.

 

It looks like trojan behaviour infecting other files , as well . This C:\WINDOWS\system32\1021\services.exe is active infecting other files

C:\Documents and Settings\xxxxxx\Start Menu\Programs\Startup\ctfmon.exe is also a trojan (infected) - not a legitimate file.

Let's try something else first:

1) Reboot in Safe Mode
http://kb.eset.com/esetkb/index?page=content&id=SOLN2268

2) Perform full scan with ESET Command line scanner
http://kb.eset.com/esetkb/index?pag...earch&viewlocale=en_US&searchid=1254769172955

Post back the results

 

And do inform us if you have your Windows XP installation disk with you

 

Thats my problem, This is a client running on a vessel on the other side of the world, i cant just go up to it and clean it.

I have 200 clients in my configuration, where 140 of them are on vessels all around the world, africa, gulf of mexico, asia.

Im dependent on that antivirus solutions like NOD can clean this bastard, like other antivirus software can.
And i picked NOD because it was suppose to be the best, and had ditributed solutions with centralized management.

 

Then , write him/her instructions . If this is active , there is not way to be cleaned .

A Safe mode scan or using other 3rd party tools can easily achieve successful removal , I suspect.

Can't you log in remotely with Team Viewer ?

 

ctfmon is for sure a legitimate file, it's for microsoft office I think.As far as that folder 1021 it IS NOT legit.......... delete it, first see what other files may reside in there.

 

Located here is certainly NOT a legitimate file .
C:\Documents and Settings\xxxxxx\Start Menu\Programs\Startup\ctfmon.exe

 

Want to bet money on this ? microsoft office uses this file, and it is meant to go into startup folder and / or the registry startup section.

 

Windows XP SP3
MS Office 2007 SP2
and pictures proove it all

 

http://support.microsoft.com/kb/282599

http://www.howtogeek.com/howto/windows-vista/what-is-ctfmonexe-and-why-is-it-running/

Are you still sure ?

 

Emmkay.... if he right clicks the file in the startup folder to check it's path, if it points to system32/ctfmon.exe then your good to go

 

Set your threatsense, and real time protection client to strict cleaning, and run a comprehensive scan from remote administrator..