Win32/Agent.ODG

Nod32 is saying I have Win32/Agent.ODG virus.

It is in memory and is unable to be removed.

I did a full scan of my system and nothing else popped up.

How do I remove this?

 

Do you have v. 4.0.314 installed?

 

How about the cleaning level? Try to give the highest level of cleaning and rescan.

 

I am running version 4.0.314.0 (just DLed it this AM).

I just ran another in-depth scan and the only infected object is:
Operating memory - Win32/Agent.ODG virus - unable to clean.

Any suggestions? Should I open a support ticket?

 

Have you performed a full disk scan? It should find the infected file on the disk and remove it after the next system restart.

 

Marcos is right. And you can also try making an ESET SysRescue CD to scan from it. Surely will help.

 

I also specified "Strict Cleaning", but that didn't make any difference.

 

Hmm... There are two ways as I can see...
1) Scan is Wndows Safe Mode - F8 during system start
2) Scan with SysRescue

 

So was the malicious file actually found during the scan? What message did you get when it was found? In case of any problems with malware, the best course of action is to create a log from ESET SysInspector and convey it to them for perusal. They should be able to assist you with removing the malware.

 

As stated above, the only infection I find is in memory. No infected files are found.

I will tray a safe mode scan, and if that doesn't work, A sysrescur scan.

Will keep you posted...

 

SysRescue fixed it.

It was in the boot sector...

Thanks for the help!

Dave

 

Well - I spoke too soon.

The Trojan is still there after all.

I will submit scan logs and SysInspector output to Eset tech support.

 

I installed the free version of Malwarebytes' Anti-Malware software and ran it.

It found the following:

View attachment MBAM log.txt

Once I rebooted, everything was cleaned up.

I am not sure why NOD32 didn't find these...

 

Well, a log from ESET SysInspector would have surely reveal them. It sounded odd when you said the trojan was found in memory, but not during a full disk scan with all options enabled (incl. adv. heuristics and runtime packers). Whenever you come across a problem with infection, contact Customer care and provide them a log from ESET SysInspector. With v4, this can be attached when submitting a request from within the program itself.

 

This Win32/Agent.ODG infection turned up on my computer today. As stated it starts in memory and NOD32 is unable to clean it.
I have Malwarebytes installed before this infection happened but the program is unable to open now.
Can't connect to the Malwarebytes or NOD32 websites as well as other computer software security websites as I believe this ODG infection is preventing this.
Any other solutions to this besides Malwarebytes?

 

Yes, if you're using v4 create a SysInspector log and follow the advice above you. support [at] eset [dot] com

 

It's a rootkit infection, hence you can't see the files.
However NOD32 should use it's Anti-Stealth Engine to see the files....weird.

Anyhow, sys resque might help it, or if you have a 2nd PC then yank the drive and then plug it into the 2nd pc as a slave, inherit the folders and run the scan from there.
But this time run with Malwarebytes, Superantispyware, Eset and free Kaspersky Online scan...since if you went this far then might as well make sure it's gone.

 

Gmer, freeware, found the rootkit file in the system32/drivers folder. Found the module and service associated with this rootkit as well. Killed all 3 using gmer and got Malwarebytes, free version, up and running to take care of the rest of this infection.
Makes me wonder why I paid $49 USD for Nod32 when freeware programs seem to do a much better job!
Get your act together ESET, your starting to fall behind the rest in protecting our computers from these threats!
I did send the SysInspector log, hope they can sort this out.

 

same here.
I used spyware doctor, malware bytes, spybot SD - all of them found something that others did not, but only one what actually told me where what is happening was GMER (after i rescanned and messed around whitother tools 10 hours)- why nod is not able to tell me WHERE is this infected file? Instead, in first scan nod deleted critical system file (like karlsperski does often) so i was unable to log in to windows and had to use recure cd. (yes i used max settings and heuristic)
Nod is still my favorite but PLEASE make your sys tool usefull, take functions from hijackthis, lspfix and from gmer and some from spybot advanced settings and you have hellava good product. I told you this same thing like 4+5 years ago and also last year when your representitive was in estonia.

 

Hi, I had same problem, updated from Nod32 V3.0 to V4.0 today. Nod32 found, Agent.ODG, could not clean it.

I tried lots of ways to fix it, then found a free software, called ComboFix.exe, took about 30 mins to scan, and removed the problem.

I still have faith on Nod32, at least it picked up the problem.

 

HANG ON..............

I've come up against this beast.

For future reference & in case someone else is experiencing my old syptoms...

When I had this ODG nastie I couldn't run the malware exe's etc because after 'starting up' and one gained control of the mouse etc the ODG would kick in & a 60 second countdown to shutdown would commence. Safe made was same. The short timeframe inhibited recovery action.

I ended up reformatting.

No above seems to be hamstrung by the 60 seconds to shutdown version. What could I have done?

 

I reinfected my computer with this rootkit on 3/25/09 and Nod32 sent it to quarantine with no traces of it on the computer verified by Malwarebytes, SAS and a couple of online scans. GMER didn't detect it either.

 

I was infected with this virus as well and NOD32 didn't detect it until I ran a scan, then it said it was in Operational Memory and couldn't clean it. It wouldn't let me run Malwarebytes, it wouldn't even let me run spybot search and destory. I downloaded Gmer on another computer and ran it in safe mode, it found the rootkit within seconds and advised me to do a full scan. I stopped the scan and deleted the rootkit (it was running as a service called gaopdxsrv.sys) and then I restarted the scan and it found 13 different infections in the registry and some autorun.ini files. I deleted everything and booted into windows normally and lo and behold my computer worked again! I ran Gmer several more times and it kept finding things...I ran it until it came up clean. I also was then able to run spybot search and destory and it found some more files and I deleted all those. I was also able to run Malwarebytes and it found files and deleted them, I ran it several times until it came up clean.

 

I think these might be slightly different variants, just using the same driver rootkit.

 

Hello,

I have exactly the same probleme with my ESET SS 4.0.314.0, but i don't understand if there is any solution available right now ?

Patrick