Another NOD32 question

Discussion in 'NOD32 version 2 Forum' started by SonyaM32, Apr 18, 2005.

Thread Status:
Not open for further replies.
  1. SonyaM32

    SonyaM32 Registered Member

    Joined:
    Dec 23, 2004
    Posts:
    718
    I am still learning about NOD32. So I don't know what this means
    5240 infected ?
    Can someone look at the pic, and tell me what this is? Thanks :)
     

    Attached Files:

  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Sonya, I would suggest that you have or had infected files stuck in System Restore. You might want to turn off System Restore and run a scan in Safe Mode as described in post number 2 here.

    Hope this helps.

    Let us know how you go...

    Cheers :D
     
  3. SonyaM32

    SonyaM32 Registered Member

    Joined:
    Dec 23, 2004
    Posts:
    718
    OMG
    i have 5,240 infected files? o_O o_O
     
  4. SonyaM32

    SonyaM32 Registered Member

    Joined:
    Dec 23, 2004
    Posts:
    718
    Ok, I am about to go do this. But one question. How do I get into safemode?
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    The link that I provided will guide you through this...

    Cheers :D
     
  6. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Hmm....I've had 1000 infected in System Restore - I'm pretty sure a large percent of those 5240 files are infected by the same malware. This is because it would be possible that the same malware came into your PC again and again, and Windows made a copy of it *each time*.

    Of course, this is just speculation, and may not be true :)
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    You can see our record for infected files here.

    Cheers :D
     
  8. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    WOW!!!!

    Well, I might say I got those 1000 because of all my searching to crack down on software piracy by sending software vendors the "cracks" to the software that I use.
     
  9. SonyaM32

    SonyaM32 Registered Member

    Joined:
    Dec 23, 2004
    Posts:
    718
    Ok I did it Blackspear :D
    Now can I turn restore back on? :D
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
    Turn it on. :)
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Excellent, and what were the results of the scan?


    Indeed you can ;) :D

    Cheers :D
     
  12. SonyaM32

    SonyaM32 Registered Member

    Joined:
    Dec 23, 2004
    Posts:
    718
    All of the scans I did in safe mode were fine. Meaning all said something like no viruses found. And I didn't get any prompts.
    In a sec, I am going to do the online scan.
     
  13. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    Blackspear, why we have to do it in Safe Mode?
     
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
    http://www.pchell.com/support/safemode.shtml

    http://computer.howstuffworks.com/question575.htm
     
  15. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    Aha! Is an online encyclopedia this forum! Thanks friend
     
  16. SonyaM32

    SonyaM32 Registered Member

    Joined:
    Dec 23, 2004
    Posts:
    718
    The Panda online scan is running now. It isn't finished yet. It has found 55 infections so far.
    Will the online scan service clean them? Or will I have to buy it ? Thanks
     
  17. SonyaM32

    SonyaM32 Registered Member

    Joined:
    Dec 23, 2004
    Posts:
    718
    Ok, I did the online scan, and it found I think 58 infections.
    Then I did my NOD32 scan, and it didn't find any. What's up with that? Why didn't NOD32 find what the online scan found?
     

    Attached Files:

  18. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Thats because Panda does do a bit better than NOD for detection of some malware. NOD's strong point is its heuristics.

    It is, however, very likely that Panda actually found spyware, not a virus or Trojan. NOD32 only covers spyware in the latest beta versions.

    Hmm....If this is what you seem to find (and it really is true), I *might* just take BitDefender and stay with it..I'm still so undecided in my AV purchase! :doubt:
     
  19. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
    Can you say what infections the online scan found? Names?
     
  20. SonyaM32

    SonyaM32 Registered Member

    Joined:
    Dec 23, 2004
    Posts:
    718
    Yes, here are the names of all of them.
    Do you know how I can get rid of them?
    Thanks

    Incident Status Location

    Adware:Adware/Lop No disinfected C:\DOCUME~1\sonya\APPLIC~1\CASTID~1\DoesFour.exe
    Adware:Adware/Lop No disinfected c:\docume~1\sonya\locals~1\temp\oikbjizb.exe
    Adware:Adware/eZula No disinfected Windows Registry
    Spyware:Spyware/New.net No disinfected C:\Program Files\NewDotNet
    Adware:Adware/SaveNow No disinfected Windows Registry
    Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\vx0.nls
    Adware:Adware/Gator No disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Gain Publishing
    Adware:Adware/MyWay No disinfected C:\Program Files\MySearch
    Adware:Adware/nCase No disinfected C:\Program Files\instafin
    Adware:Adware/KeenValue No disinfected C:\Program Files\Common Files\SearchUpgrader
    Adware:Adware/PortalScan No disinfected C:\WINDOWS\system32\winupdt.bin
    Adware:Adware/FunWeb No disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup*
    Spyware:Spyware/Searchcentrix No disinfected Windows Registry
    Adware:Adware/BookedSpace No disinfected C:\WINDOWS\bsx32
    Adware:Adware/FavoriteMan No disinfected C:\WINDOWS\downloaded program files\ATPartners.inf
    Adware:Adware/AdDestroyer No disinfected C:\Program Files\AdDestroyer
    Adware:Adware/VirtualBouncer No disinfected C:\Documents and Settings\All Users\Application Data\VBouncer
    Adware:Adware/Sqwire No disinfected C:\Program Files\Common Files\tsa
    Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\sonya\Application Data\tvm*.dll
    Adware:Adware/IEDriver No disinfected C:\WINDOWS\system32\IEDriver.exe
    Adware:Adware/QuickSearch No disinfected C:\Program Files\QuickSearch
    Spyware:Spyware/MarketScore No disinfected C:\WINDOWS\system32\osconfig.dll
    Adware:Adware/MyWebSearch No disinfected Windows Registry
    Spyware:Spyware/Search3 No disinfected C:\Program Files\Search3 Toolbar
    Virus:Trj/Downloader.AEE Disinfected Operating system
    Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\Mags up copy bib\audioinside.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\Mags up copy bib\biasload.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\Mags up copy bib\draw audio.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\Mags up copy bib\flap chic.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\Mags up copy bib\mags load.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\Mags up copy bib\Name Date.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\Mags up copy bib\PURE SECOND.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\Mags up copy bib\Wavebags.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\erica\Application Data\2typemath\GLOBAL PLATFORM.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\erica\Application Data\2typemath\holdaxisuploadfind.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\erica\Application Data\2typemath\Love About Move.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\erica\Application Data\2typemath\omgzcpks.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\erica\Application Data\2typemath\qsckoixy.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\erica\Application Data\2typemath\tnaxcnca.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\erica\Application Data\CastIdleSoft\DoesFour.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\erica\Local Settings\Temp\jmeptcbw.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\sonya\Application Data\2typemath\cyrsyqxe.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\sonya\Application Data\2typemath\dyypmbrp.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\sonya\Application Data\2typemath\GLOBAL PLATFORM.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\sonya\Application Data\2typemath\gucdltrv.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\sonya\Application Data\2typemath\hrpklxji.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\sonya\Application Data\2typemath\Love About Move.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\sonya\Application Data\2typemath\scjuebvr.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\sonya\Application Data\CastIdleSoft\DoesFour.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\sonya\Local Settings\Temp\euqwkhgv.exe
    Adware:Adware/Lop No disinfected C:\Documents and Settings\sonya\Local Settings\Temp\oikbjizb.exe
    Adware:Adware Program No disinfected C:\Program Files\5y7m2o9o\339075.exe
    Spyware:Spyware/ClearSearch No disinfected C:\Program Files\5y7m2o9o\lkvuf1jc.DLL
    Spyware:Spyware/ClearSearch No disinfected C:\Program Files\5y7m2o9o\pxw1ywz1.DLL
    Spyware:Spyware/ClearSearch No disinfected C:\Program Files\5y7m2o9o\v24or2oe.DLL
    Adware:Adware/Minibug No disinfected C:\Program Files\aim\Sysfiles\WxBug.EXE
    Adware:Adware/NetPals No disinfected C:\WINDOWS\Downloaded Program Files\ATPartners.inf
    Adware:Adware/FunWeb No disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.8.inf
    Spyware:Spyware/Search3 No disinfected C:\WINDOWS\Downloaded Program Files\search3.dll
    Adware:Adware/ISearch No disinfected C:\WINDOWS\system32\HLInstaller1.exe
    Spyware:Spyware/MarketScore No disinfected C:\WINDOWS\system32\osconfig.dll
    Spyware:Spyware/MarketScore No disinfected C:\WINDOWS\system32\osmim.dll
     
  21. SonyaM32

    SonyaM32 Registered Member

    Joined:
    Dec 23, 2004
    Posts:
    718
    Thanks :) :) :) :)
     
  22. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Hmm...so my hunch was right! Those are all Adware and Spyware. But it doesnt seem to have been disinfected, I guess you'll need to unistall some apps that are related to those files....
     
  23. SonyaM32

    SonyaM32 Registered Member

    Joined:
    Dec 23, 2004
    Posts:
    718
    And just how do I do that?
     
  24. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
    I think it would be best if an Eset moderator takes a look at that list.
     
  25. SonyaM32

    SonyaM32 Registered Member

    Joined:
    Dec 23, 2004
    Posts:
    718
    How do I get them to look at the list?
     
Thread Status:
Not open for further replies.