Does Anyone Know

Discussion in 'NOD32 version 2 Forum' started by Trooper, May 8, 2006.

Thread Status:
Not open for further replies.
  1. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    If NOD32 can get rid of Backdoor.EggDrop? I have a friend who is infected with this and has had some problems getting rid of it.

    Thanks in advance for any replies.
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Have they tried removing it through a scan in "Safe Mode", just make sure Nod32 is set according to this screenshot.

    Cheers :D
     

    Attached Files:

  3. ASpace

    ASpace Guest

    Download and install

    Ad-Aware SE Personal
    http://www.lavasoftusa.com/software/adaware

    Update it and turn off System Restore . Then scan with it in Safe Mode.

    How to boot your computer in SAFE MODE
    Do this by repeatedly typing F8 while Windows is starting before Windows logo appears.Then you'll open the Windows Advanced menu where you can choose to boot the hard drive in SAFE MODE



    Make sure NOD32 is correctly configured as Blackspear says and again boot in Safe Mode and scan with it.

    Restart and enjoy ! ;)
    If you want more detailed instructions , I can send you a PM
     
  4. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    This is a nasty virus for sure. I will see if I can get him to try a trial version of NOD32. I think he has a lot of it isolated at the moment. It does keep creating regenerating a hidden batch file which does a LOT of sneaky stuff.

    If you want to send me a PM, that's cool.

    Thanks
     
    Last edited: May 9, 2006
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
  6. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Marcos,

    All set with that. FYI Scans with NOD32 and AdAware in safe mode did not pick anything up.
     
  7. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Marcos,

    I never heard back from Eset support. But my friend ended up doing a reformat. He was just spending to much time trying to completely kill it.

    It turns out it was a hack into his FTP server on his machine. I can send you the text of the batch file if you are interested. It did some pretty interesting stuff I tell you.
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    OK, you can send it to support[at]eset.com. By the way, the Hijackthis log was clean, I was just trying to figure out something else that might help us pinpoint the problem.
     
  9. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    All set Marcos. I sent two different emails. One with a txt extension and another zipped in rar format. I did not know if your e mail servers accept text files or if they would be filtered.

    I will let him know the Hijackthis log was clean. Thank you.
     
Thread Status:
Not open for further replies.