Antivirus 8

Discussion in 'ESET NOD32 Antivirus' started by moulder, Jan 7, 2011.

Thread Status:
Not open for further replies.
  1. moulder

    moulder Registered Member

    Joined:
    Jan 7, 2011
    Posts:
    5
    1st post ;)

    Hi hope someone can help, somehow a Trogan called Antivirus 8 has got into one on my PC's it is proving very difficult to get rid of, I have searced the internet and downloaded "spyware doctor" from googlepack which was suggested by someone- no good, NOD32 wont get rid of it either, any tips?

    I am a bit surprised that it got past NOD32 and that NOD32 wont remove it or have I not followed a proceedure?

    I have done a forum search and found nothing:mad:
     
  2. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Malwarebytes' Anti-Malware is good at removing these rogues, on demand version is free:
    http://www.malwarebytes.org/

    You can also try Hitman Pro(use is free, but for removal a license is needed, however you can activate a 30 day free trial from within the program.) If they are killed by this Antivirus 8 you can start Hitman Pro with the CTRL key held down to do a force breach.(If you have vista or 7, hold the CTRL key down until you clicked yes to UAC prompt.)
     
  3. moulder

    moulder Registered Member

    Joined:
    Jan 7, 2011
    Posts:
    5
    Wow! thanks for the prompt reply:thumb:

    I will try Malwarebytes, I will have to download it to a USB stick on my other machine as the Antvius 8 blocks internet access:mad:

    Not sure I fully understand your second suggestion but will go through it step by step if needed

    Thanks again:D :D
     
    Last edited: Jan 7, 2011
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'd suggest generating a SysInpector log and submitting it to ESET Customer care who will be happy to assist you with locating and removing the malware.

    New variants of Antivirus 8 are added quickly if not recognized by heuristics. At the moment I'm not aware of any undetected variants so please make sure to scan your computer using the most current signature database 5766. You can also submit suspicious files to VirusTotal to see how they are detected by other antivirus vendors.
     
  5. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    OFFT/

    Actually VirusTotal scans cannot show if a samples is detected by given vendor because of the on-demand scanners there. Most vendors with residence outside Slovakia include extra protection and detection technologies (different from the classic on-demand command line scanning in VT) and can protect their users with these technologies despite the fact that a sample might be undetected according to Virus Total. These "technologies" include web-protection , behaviour analysis , HIPS , cloud/reputation , etc...

    Even if very few vendors on VT detected a given real malware samples (a.k.a. they have created signatures for the sample) this still is not an excuse for the other vendors who miss detection for the threat.
     
  6. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    You will definitely need internet connection for Malwarebytes' Anti-Malware (MBAM) to update to the very latest defs.
    You'd better also download RKill (run it first) , then install MBAM and try to update it

    RKill information : http://www.bleepingcomputer.com/forums/topic308364.html
    MBAM instructions and special cases:
    http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please submit the suspicious file to ESET per the instructions here. I'd also appreciate if you could PM me the MD5 or the complete result results from VT so that I can check when exactly the detection was added (make sure you're using the latest version and not an outdated signature database). Also make sure that you have startup scan tasks as well as web protection enabled which also use different approaches to detecting malware than standard on-demand scans.
     
  8. moulder

    moulder Registered Member

    Joined:
    Jan 7, 2011
    Posts:
    5
    Result!! :D :D

    The Malwarebytes download sorted it out, it took some time to do, I don't know exactly how long as i had to go to a meeting and did not get back to the machine until this morning, no trace of Antvirus8 :D

    Made sure my windows and NOD32 were up to date, did a scan, everything clean, sorted:D :D

    @Marcos, I am the limit of my computing skill here:doubt: not sure I will be able to submit the file or even find it for that matter but will give it a try later today.


    Thanks again for your prompt replies and help:cool: :cool:
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    MBAM often identifies threats according to registry keys, folder and files names. Please compress the content of the "C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine" folder and submit it to ESET per the instructions here for perusal.
     
  10. moulder

    moulder Registered Member

    Joined:
    Jan 7, 2011
    Posts:
    5
    Marcos

    Sorry but as I said i am on the limit of my computing skillso_O o_O

    I cant even find the "administrator" file:mad: even if I did I am not sure I have the skills to compress it :doubt:

    I have read the instructions but failed to understand, I would really like to help but I am no computer whizzo, sorry:'( :'(
     
  11. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812

    If you want help them , send me a private message using the forum and I'll send you step-by-step instructructions for newbie users.

    Administrator wouldn't exist if it is hidden or if such an user hasn't been used yet in Windows XP . Perhaps by writing Administrator , he means your user name or he copies the path from another computer.
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hi Moulder, I'm sorry it's my fault. I merely copied the path without noting that "administrator" needed to be replaced with the user name under which you ran MBAM. You can simply search for "quarantine" in the "documents and settings folder". The MBAM quarantine should be found under "..\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine". We'll need to check what was actually detected as ESET does not detect registry keys that refer to non-existing files or folder/file names typical for malware that are detected by MBAM.
     
  13. moulder

    moulder Registered Member

    Joined:
    Jan 7, 2011
    Posts:
    5
    I feel so stupid o_O o_O even with instructions i cant find the file:mad: :'( :oops:

    Sorry people but I am just going to call it a day trying to help.


    Again thanks so much for you help, I couldn't have got rid of Antivirus8 without your help :D :D

    I will leave computing to you experts and if you ever want a precision hole drilled or a injection moulded product you know where to come;) :rolleyes:
     
Thread Status:
Not open for further replies.