Bad1bad2bad3 in msconfig NOD32 won't pick up!

Discussion in 'ESET NOD32 Antivirus' started by mak1, Aug 28, 2008.

Thread Status:
Not open for further replies.
  1. mak1

    mak1 Registered Member

    Joined:
    Jul 24, 2008
    Posts:
    4
    Hi all,

    I would appreciate some help removing what I believe is Virus Win32/Autoit.AC from a number of machines.

    When I look at msconfig> start up I see: Bad1 bad 2 bad 3 listed along with msnmg. I have unchecked them all, scanned with NOD32 V3 and also Malwarebytes but they are still present in the start up viewer. This is not a new virus so I am surprised that it is not removable easily. When I do a search online I cannot find a seperate removal tool either.

    Some advice would be appreciated on this.


    Mak
     
  2. BFG

    BFG Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    482
    Location:
    San Diego
    Hello,

    Was this resident on the machine prior to installing NOD32? If so, there's no telling how entrenched it may be or whether or not it might be more practical to wipe the drives and start over. That will have to be up to you.

    You might contact support with a SysInspector log and link to this thread

    One of it's aliases is W32/SillyFDC-AP. You may find help by searching for that also.

    Thank you,
    BFG
     
  3. mak1

    mak1 Registered Member

    Joined:
    Jul 24, 2008
    Posts:
    4
    Thank you for the reply. In answer to your question, yes it was resident previously. I take it from your suggestions that this is a particularly nasty little thing to remove. Knowing very little of virus structures why is it not something NOD can detect and remove if installed after it has infected the machine?

    Many thanks
     
  4. BFG

    BFG Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    482
    Location:
    San Diego
    Hello,

    Removing an existent threat is much different than not allowing it on the machine to begin with. You may have to use multiple applications multiple times and even then can one be absolutely sure that no data was compromised?

    In most large networks removing any threat isn't even a consideration. The box is taken off the network as quickly as possible and formatted. But again, that's the Admin's decision or the security policy of the company that will dictate those actions.

    Thank you,
    BFG
     
Thread Status:
Not open for further replies.