16 viruses ...

Discussion in 'ESET NOD32 Antivirus' started by sired, Feb 5, 2010.

Thread Status:
Not open for further replies.
  1. sired

    sired Registered Member

    Joined:
    Feb 5, 2010
    Posts:
    37
    Location:
    Bangkok
    Eset 4.0 installed, visited a few risky sites, a few hours later Windows Security Center window came up listing 13 critical (all sorts of backdoors, keyloggers, trojans, worms etc), 2 mid level threats & 1 mild.

    MSFT Security Center requires entering the OS REGISTRATION NUMBER w/ assoc e-mail to it get going again which of course I do not have, neither does the tekkie. So I guess this 3 month old HD has had a shorter than expected life & can rest in peace forever. Unfortunately I didn't copy the list of intruders so cannot name names, though I remember the name ILLUSION in there which is the computer name the shop uses to install new systems. On a few occasions I took the machine in for service after OS installation I was greeted by the question from the tekkie: "Virus"? Strange.

    Question is what good is ESET if it allows 16 viruses to install in one swoop?

    Downloaded KASPERSKY on another machine & it stalled during installation shutting the machine down so pass on that. Re-installed ESET which informed the Kaspersky installation was suspended with no way to uninstall the failed install. ha.

    I had noticed a couple of month ago the fan regularly speeding up to cool the CPU with high temperature readings & 100% CPU usage for periods of 1/2 hour or so but no clues in the PROCESSES section in Task Manager. This made navigation slow, keyboard lag, clunky scrolling, slow to impossible internet etc for several months. Fix was to exit Firefox, temp relief only of course & resetting the router box. Regular ESET scans showed no infection.

    Internet connection is public wifi with zero security other than my feeble password. I guess any number of people can log on whenever they want. In a word, Screwed. I'd be very interested in your comments. Cheers and thanks to the forum.
     
    Last edited: Feb 5, 2010
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hmmm... I think the alert from security centre was fake. You probably got a rouge on your system that caused this alert. Try Malwarbytes Antimalware free edition to scan your PC. After that Hitman Pro.
     
  3. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
  4. sired

    sired Registered Member

    Joined:
    Feb 5, 2010
    Posts:
    37
    Location:
    Bangkok
    Sorry about that kasperking, apoligies. I was thinking more in general terms.

    I think you & aigle are dead right. Think it's worth trying to repair .. or just replace it? It says W32/blaster.worm on the fake window. All programs are disabled.

    Can two machines plugged into the same router infect each other?
     
  5. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    I suggest sandboxing the browser if you are going to deliberately visit risky sites. It's never a good idea to rely solely on antivirus in this scenario.
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    what do you mean by repair or replace? What?
    Pls run the softwares i suggested.
     
  7. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
    my guess hdd o_O ....going by this statement ...
     
  8. Mister Natural

    Mister Natural Registered Member

    Joined:
    May 10, 2007
    Posts:
    225
    Location:
    3rd density St. Louis
    Something else you might want to try if you're intent on visiting suspicious web sites is to use Firefox with noscript add on installed. I do that and also do not have flash player installed for Firefox. Keep any abobe products fully updated.
     
  9. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA

    That's what I've been doing lately. I'm browsing those risky sites [Sandboxed, of course] deliberately to gather Rogue Antivirus samples for ESET.

    I want ESET NOD32 4.0.474 to become the No.1 slayer of the Rogue AVs.

    Carlos
     
  10. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Visited a few risky sites? You gotta love love guys that that play in the middle of the street and then complain about about getting hit by a car or two , or sixteen.
     
  11. captainron

    captainron Registered Member

    Joined:
    Oct 22, 2009
    Posts:
    77
    agreed and its also hard to jump on Nod32 or any program too hard before making sure the user has applied all windows updates, what apps they have installed and if they are updated (especially adobe, itunes, FF, FF add ons, etc), what operating system, running as admin or LUA, , firewall, etc, etc, etc. A lot more factors than what AV your running, normal person still thinks an AV program can make them bulletproof online.
     
  12. sired

    sired Registered Member

    Joined:
    Feb 5, 2010
    Posts:
    37
    Location:
    Bangkok
    As I see it there are three ways to go, clean, format or replace the HDD. The latter two can do, the former is beyond my abilities (today).

    On the #2 machine still in good order as I write, Hitman Pro found 10 pages of malware
    & also reported what it thought were 8 trojans

    um.exe, qn.exe, mv.exe, ky.exe, jo.exe, fq.exe & nodgen.exe (all deleted) and kv.exe (quarantined)

    I'll run Malwarbytes Antimalware today. Thanks for your suggestions.
     
    Last edited: Feb 5, 2010
  13. sired

    sired Registered Member

    Joined:
    Feb 5, 2010
    Posts:
    37
    Location:
    Bangkok
  14. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
  15. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
  16. dr pan k

    dr pan k Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    204
    love y humour. :D

    besides that, having a cracked version and complainig about it on the official support forum is .......:cautious:

    i dont think there r great chances that more than 10 malware went through NOD so u either had em before installing NOD or some rogue made it in. u can try SAS also http://www.superantispyware.com/
     
  17. sired

    sired Registered Member

    Joined:
    Feb 5, 2010
    Posts:
    37
    Location:
    Bangkok
    dr pan k, the computer was purchased from the ZOTAC agent 3 months ago with NOD already installed. GF9300 ITX board mounted in a heatsink case, silent. It was the agent's demo unit. Had I known NOD was a cracked version I would have removed it. btw, occasionally I talk computer security with an ex-police computer forensic pro now working on criminal cases for a private firm. In his words: "if there's a wire or radio signal running into your house ..." ;)
     
    Last edited: Feb 6, 2010
  18. The Nodder

    The Nodder Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    296
    Location:
    UK
    Wipe the HDD and install Windows.

    And buy ESET, get SUPERantispyware.

    and, stay away from those "risky sites", if you dont you'll always be in trouble.
     
  19. dr pan k

    dr pan k Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    204
    dear sired, i have no doubts of y sincerity. the fact that a pre installed version of NOD was cracked leaves some serious doubts on the stores reputation...

    Since this seems the case of a rogue, by formating y hdd all problems should be gone. before that try running SAS and MBAB, some big chances u wont even have to format nothing.

    As for the risky sites, concider running sandboxed, or at least with noscript and addblock plus on ff.
     
  20. sired

    sired Registered Member

    Joined:
    Feb 5, 2010
    Posts:
    37
    Location:
    Bangkok
    Thanks to forum members for valuable assistance.

    Interesting two days …

    Machine1
    Rogue Security Center, all programs kaput.

    Machine2 fails same day after the following action:
    Install Kaspersky, Hitman Pro, Secunia, Prevx & Keyscrambler in turn.

    Machine logs off mid way through Kaspersky installation. Abandoned.
    Run Hitman Pro, numerous malwares & viruses found & deleted.
    Run Hitman two more times. Blue screen at third reboot. Message: HITMAN PRO FAIL. Machine logs off.
    Run Secunia (PSI), multiple scans, patched a few apps.
    Install Prevx. Aborts midway through installation, machine logs off, restarts, logs off endlessly cycling after loading Windows. 2 machines kaput. Trip to computer shop.

    Machine1
    Tekkie blasts fan & board w/high power blower to clear dust & debris, spins fan to screaming pitch. Install XP on new Toshiba HDD w/Ghost at the shop.
    Start system, fan shuts off, install new fan. Temp w/ new fan 63C. Remove new fan. Replace Toshiba w/ Western Digital. Fan shuts down again. Incompatible? Next job is wiping original HD & see how it goes.

    Machine2
    Tekkie spends four hours troubleshooting, runs Combofix 3 times, lots of fiddling, get nowhere. Try System Restore, system springs to life. Run SAS, 11 ad malwares removed. Run Malwarebytes, 111 malwares + 2 trojans, removed. Run Hitman Pro, clean. Success (today).

    Thanks again.
     
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Format both with clean install of Windows.
     
  22. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
    and change your passwords too.....
     
  23. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Yes, exactly.
     
  24. sired

    sired Registered Member

    Joined:
    Feb 5, 2010
    Posts:
    37
    Location:
    Bangkok
    All changed & formatting both drives. Cheers everyone.
     
  25. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Cool. From now use good security but keep it light. An AV and a sandbox( or may be a HIPS too).
     
Thread Status:
Not open for further replies.