NOD32 v4.2 BE: what to do after a threat's Action shows as "unable to clean"?

I'm new to ESET. Have my first infected machine (that didn't take long, only a few weeks after purchasing NOD32). After repeated scans it always lists "unable to clean" under the Threat's Action column. The specific threat is listed as "probably a variant of Win32/Clemag.NAL trojan".

So, in general, what is the next logical step when ERAC shows "unable to clean"? I was hoping I could right-click the threat and find an option that would link me to more info about this threat, possibly including manual removal instructions. But I do not see any such option. If I click on Details on the context menu, nothing appears/happens.

I'm sure they must have more built into this product to aid admins when NOD32 can't clean a threat automatically, right?

 

Hi
Hey I have found this article about Win32/Clemag.NAL trojan, http://www.microsoft.com/security/p...edia/Entry.aspx?name=TrojanSpy:Win32/Bozeep.A at the end of the article it says something about cleaning. Hope it will help

 

Thanks Janus. I already saw that article and did not see any useful cleaning instructions. Instead, it lists generic things like "update your AV software"...

 

Scan infected computer using bootable antivirus CD, i.e. ESET SysRescue.
More discs here.

 

Thanks Karlisi. I already booted into Safe Mode and ran an ESET scan and clean (which disappeared off screen when it finished, so I have no idea what it found). I imagine that does about the same as SysRescue.

I work remotely, so creating a boot disc/media is an absolute last resort. I can make machines boot into Safe Mode (with networking enabled) and even remote into them while in Safe Mode. So I have a lot of capabilities with my remote tools.

I am more interested in what one should do from within ERAC, as that is the tool MSPs should be using to manage malware issues like this.

 

Safe mode scan is not the same as offline scan, but this trojan is not the worst, so it helped for you. Some viruses integrates so deeply in Windows, you can clean them only if Windows is not started.

From ERAC you can try SysInspector scripting, but there is very little chance for success, because virus processes are very clever masked.

 

I have a 2nd infected machine, this one with a threat that is listed as "a variant of Win32/Olmarik.AWO trojan" and of course "unable to clean".

I have a case open with Labtech/ESET, but I guess they are too busy to respond. So I started searching their Support area on their web site and find a "Stand-alone malware removal tools" page. I look for Olmarik and find 2 possible tools. First one didn't find anything, but 2nd one did I let it clean it and let it reboot, then will run a full scan... Hopefully that will fix it.

As a newbie I do not understand why some of this cannot be built right into ERAC? Why do I have to hunt thru their website for a special removal tool? Come on - the threat was detected by a full scan, but could not be cleaned by the standard NOD32 client software. WHY can't I right-click on the threat in ERAC (the console for EAV v4.x Business Edition) and be offered a menu option like a link: Manual removal instructions on ESET web site ?

Better yet, why can't ERAC be smart enough to provide the manual remediation tool right to the infected machine? Then run it, reboot and perform a scan? WHY do I have to figure all this crap out

I guess I should pass this on as a feature request?

 

Can you share which tool worked?

 

Sure, it was their manual removal tool for "OlmarikTdl4" (dated Jan 2012). The older one from 2010 did not detect anything, but this newer one did.