Infected ~ Virus / Trojan Detection ~ Dealing with New Samples

Please read the following threads BEFORE starting anything new about:

• Where to send Samples

• Missed Samples

• How ESET handles submissions

• Infected System with NOD32 installed


Frequently Asked Questions - FAQs Submitting samples and suspicious files to ESET. Upload a sample at www.virustotal.com and Answer and Answer


Posting Virus Total / Jotti reports or images is NOT permitted unless requested by a Staff Member.


Zlob / Smitfraud / Spyaxe / Spycrush and Virtumonde / Vundo / WinFixer / WinAntispyware / WinAntivirus infections; these are updated multiple times a day and tested at sites such as www.virustotal.com in order to avoid detection by all Antivirus companies.


If you have an infected system with one of the above please complete the following:

Code:

This is required to remove detection of 4 tools that we are about to download and use, these tools may be detected by NOD32 if you have “Potentially Dangerous Applications” (version 2.5) or "Potentially unwanted and unsafe applications" (version 2.7) ticked within NOD32.

1. Please go to the NOD32 Control Centre (Start> All Programs> Eset> NOD32 Control Centre)
2. Click on AMON> Setup> Options (tab)
3. Untick “Potentially Dangerous Applications” (version 2.5) or "Potentially unwanted and unsafe applications" (version 2.7).
4. Click on OK.
5. Click on IMON> Setup> Miscellaneous (tab)> Scanner Setup> Setup (tab)
6. Untick “Potentially Dangerous Applications” (version 2.5) or "Potentially unwanted and unsafe applications" (version 2.7).
7. Click on OK.
8. Click on OK


When the process below is complete, please place a tick back in “Potentially Dangerous Applications” (version 2.5) or "Potentially unwanted and unsafe applications" (version 2.7).


Please follow the instructions found at the following 4 websites:

VundoFix here: http://www.atribune.org/content/view/24/2/

SmitfraudFix here: http://www.bleepingcomputer.com/forums/topic17258.html

Look2Me Destroyer here: http://www.atribune.org/content/view/28/2/

Fix Wareout here: Fix Wareout here: http://forums.majorgeeks.com/showthread.php?t=95472  


When the process above is complete, please place a tick back in “Potentially Dangerous Applications” (version 2.5) or "Potentially unwanted and unsafe applications" (version 2.7).

Please complete the process below to ensure this does not happen again:

Check your settings against those found in the following NOD32 Tutorial: http://www.wilderssecurity.com/showthread.php?t=37509 


AFTER this run a scan by following these steps:

1. Click on the NOD32 Control Centre (Green and White split square on the bottom right hand corner of your computers screen). 
2. Click on NOD32. 
3. Click on Run NOD32. 
4. Click on “Scan and Clean”. 
5. Reboot your Computer into “Safe Mode”.
6. Click on Start> All Programs> ESET> NOD32
7. Click on “Scan and Clean”.
8. Check the scan results.

AFTER and ONLY AFTER the above two scans are complete and ONLY if the infection remains, please complete the following:

Download Runscanner from this link: http://www.runscanner.net/runscanner.zip
1.	Extract it to a new directory.
2.	Run runscanner.exe
3.	Select expert mode.
4.	Press start scan.
5.	Press Export .run file (not text.log file).
6.	Call the file “System Info”.
7.	Click Save.
 
  
Download and run Lookinmypc from here: http://www.lookinmypc.com 
1. Select "Generate report"
2. Wait - scan results will pop up in a browser
3. Go to folder with LookInMyPC installed (default in C:\ProgramFiles\LookInMyPC\Reports\username\LookInMyPC.zip), and attach LookInMyPC.zip to an email.
  
Forward by email the logs from both programs to your local NOD32 Support Office together with the following:

1.	Go to the NOD32 Control Centre
2.	Click on Logs
3.	Right Click on one of last completed full system scan logs.
4.	Click on “Details”
5.	Right Click anywhere on the scan log
6.	Click on “copy all”
7.	Right Click in the email to ESET support.
8.	Click on “Paste”

This will paste a copy of one of the scans you have completed.

If your computer is infected please complete the following:

Code:

Check your settings against those found in the following NOD32 Tutorial: http://www.wilderssecurity.com/showthread.php?t=37509 

AFTER this run a scan by following these steps:

1. Click on the NOD32 Control Centre (Green and White split square on the bottom right hand corner of your computers screen). 
2. Click on NOD32. 
3. Click on Run NOD32. 
4. Click on “Scan and Clean”. 
5. Reboot your Computer into “Safe Mode”.
6. Click on Start> All Programs> ESET> NOD32
7. Click on “Scan and Clean”.
8. Check the scan results.

AFTER and ONLY AFTER the above two scans are complete and ONLY if the infection remains, please complete the following:

Download Runscanner from this link: http://www.runscanner.net/runscanner.zip
1.	Extract it to a new directory.
2.	Run runscanner.exe
3.	Select expert mode.
4.	Press start scan.
5.	Press Export .run file (not text.log file).
6.	Call the file “System Info”.
7.	Click Save.
 
  
Download and run Lookinmypc from here: http://www.lookinmypc.com 
1. Select "Generate report"
2. Wait - scan results will pop up in a browser
3. Go to folder with LookInMyPC installed (default in C:\ProgramFiles\LookInMyPC\Reports\username\LookInMyPC.zip), and attach LookInMyPC.zip to an email.
  
Forward by email the logs from both programs to your local NOD32 Support Office together with the following:

1.	Go to the NOD32 Control Centre
2.	Click on Logs
3.	Right Click on one of last completed full system scan logs.
4.	Click on “Details”
5.	Right Click anywhere on the scan log
6.	Click on “copy all”
7.	Right Click in the email to ESET Support.
8.	Click on “Paste”

This will paste a copy of one of the scans you have completed.