Bagle Worm and Bad Customer Service

Discussion in 'ESET NOD32 Antivirus' started by warguelles, Sep 12, 2008.

Thread Status:
Not open for further replies.
  1. warguelles

    warguelles Registered Member

    Joined:
    Sep 8, 2008
    Posts:
    4
    Last Saturday (Sept. 6) I catch a virus (or worm), which disarmed my NOD32 Program. Then Sunday (Sept. 7), I wrote to the Customer care through the "Support request", but NOT ANSWER!!!!!!!!!!!!!!!!!!

    ESET says that they will respond within the other bussiness day... but you see: already 5 days and NO ANSWER at all. I would wish somebody from ESET to listen about this complaint! This is not a good Customer Service, I though!

    So, since there is no customer support from the Company, I wish to ask here for some support. I am supposing my Desktop PC had been infected last Saturday with a kind of Bagle worm. The first action it did was to disarm my NOD32 antivirus. You can see the screen in the attached JPG file.

    The online NOD32 program did not detected any problem!!!

    Only the small SysInspector informed about the following files:
    1) winitems.exe (located in windows/system32)
    2) hldrrr.exe (located in windows/system32/drivers)

    I have not found a way no kill this worm: To startup windows in secure mode does not run, neither to restore the system to a previous point of restoration.

    Any help, please!!!!!!

    Op. System: Windows XP SP3
    NOD32 Antivirus v. 3.0.621 Updated to the infection date

    Thank you very much in advance!

    PS: Please, forgive my bad English writing...
     

    Attached Files:

  2. demonio

    demonio Registered Member

    Joined:
    Oct 21, 2007
    Posts:
    48
  3. warguelles

    warguelles Registered Member

    Joined:
    Sep 8, 2008
    Posts:
    4
    Thank you very much Demonio!

    I succeed in killing this virus by the first method… Then, I uninstalled and re-installed NOD32 Antivirus.

    There is only a detail: now, when Windows starts up there is an application that runs in the command window, and closes it immediately. Any idea? Should I remove any file after that procedure?


    It is a pity NOD32 Customer Care service :'( :'(
     
  4. warguelles

    warguelles Registered Member

    Joined:
    Sep 8, 2008
    Posts:
    4
    According to SysInspector it seems that the above mentioned application is related with:

    "combofix" = "cmd /c "C:\DOCUME~1\WALDOA~1\CONFIG~1\Temp\RarSFX0\8agle.cmd"" ( 5: Unknown ) ;

    Could somebody give any help?

    Thank you in advance!
     
  5. demonio

    demonio Registered Member

    Joined:
    Oct 21, 2007
    Posts:
    48
  6. warguelles

    warguelles Registered Member

    Joined:
    Sep 8, 2008
    Posts:
    4
    YES... It did!!!!

    Thank you a lot, Demonio! :) :) :) :) :) :)
     
  7. demonio

    demonio Registered Member

    Joined:
    Oct 21, 2007
    Posts:
    48
    Has a lot of work eset;)
    wilder help anyway!:thumb:
     
Thread Status:
Not open for further replies.