Does Anyone Know

Discussion in 'NOD32 version 2 Forum' started by Trooper, May 8, 2006.

Thread Status:
Not open for further replies.
  1. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,508
    If NOD32 can get rid of Backdoor.EggDrop? I have a friend who is infected with this and has had some problems getting rid of it.

    Thanks in advance for any replies.
     
    Trooper, May 8, 2006
    #1
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Have they tried removing it through a scan in "Safe Mode", just make sure Nod32 is set according to this screenshot.

    Cheers :D
     

    Attached Files:

    Blackspear, May 8, 2006
    #2
  3. ASpace

    ASpace Guest

    Download and install

    Ad-Aware SE Personal
    http://www.lavasoftusa.com/software/adaware

    Update it and turn off System Restore . Then scan with it in Safe Mode.

    How to boot your computer in SAFE MODE
    Do this by repeatedly typing F8 while Windows is starting before Windows logo appears.Then you'll open the Windows Advanced menu where you can choose to boot the hard drive in SAFE MODE


    Make sure NOD32 is correctly configured as Blackspear says and again boot in Safe Mode and scan with it.

    Restart and enjoy ! ;)
    If you want more detailed instructions , I can send you a PM
     
    ASpace, May 9, 2006
    #3
  4. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,508
    This is a nasty virus for sure. I will see if I can get him to try a trial version of NOD32. I think he has a lot of it isolated at the moment. It does keep creating regenerating a hidden batch file which does a LOT of sneaky stuff.

    If you want to send me a PM, that's cool.

    Thanks
     
    Last edited: May 9, 2006
    Trooper, May 9, 2006
    #4
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Marcos, May 9, 2006
    #5
  6. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,508
    Marcos,

    All set with that. FYI Scans with NOD32 and AdAware in safe mode did not pick anything up.
     
    Trooper, May 9, 2006
    #6
  7. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,508
    Marcos,

    I never heard back from Eset support. But my friend ended up doing a reformat. He was just spending to much time trying to completely kill it.

    It turns out it was a hack into his FTP server on his machine. I can send you the text of the batch file if you are interested. It did some pretty interesting stuff I tell you.
     
    Trooper, May 10, 2006
    #7
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    OK, you can send it to support[at]eset.com. By the way, the Hijackthis log was clean, I was just trying to figure out something else that might help us pinpoint the problem.
     
    Marcos, May 10, 2006
    #8
  9. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,508
    All set Marcos. I sent two different emails. One with a txt extension and another zipped in rar format. I did not know if your e mail servers accept text files or if they would be filtered.

    I will let him know the Hijackthis log was clean. Thank you.
     
    Trooper, May 10, 2006
    #9
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...