Does ESET AV remove malware Antivirus 2009?

Discussion in 'ESET NOD32 Antivirus' started by markchicobaby, Dec 18, 2008.

Thread Status:
Not open for further replies.
  1. markchicobaby

    markchicobaby Registered Member

    Joined:
    Dec 18, 2008
    Posts:
    7
    Hi A client's PC became infected with Antivirus 2009. Another tech worked on it remotely, and said it needed a full reinstall of XP, so I rebuilt it. I didn't have time to re-scan with NOD again.

    The PC had NOD 3.0 AV, the tech said he ran a full NOD AV scan, but it didn't remove the virus completely. Or rather, it removed the malware program itself, but IE still had the pop-ups after about 10 secs on the internet, saying they needed to re-install Antivirus 2009. So the PC wasn't completely fixed.

    Does anyone have any similar experiences? Does NOD remove this bug normally?

    Thanks
    M
     
  2. CivilTaz

    CivilTaz Registered Member

    Joined:
    Nov 19, 2008
    Posts:
    146
    No, unfortunately nod32 can't remove this pest, it detects many variants of it, but there are new variants everyday. If u get infected again, there's no need to reinstall windows, u can get rid of it easily with some anti-malware tools like this one http://www.malwarebytes.org/index.php

    There are other tools like this one that can help u, but i've used this and it has worked very well.
     
  3. markchicobaby

    markchicobaby Registered Member

    Joined:
    Dec 18, 2008
    Posts:
    7
    That's really strange. Why is it that malwarebytes can get rid of it, but somehow ESET can't?

    Would anyone from ESET like to comment? My clients are asking....

    M
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Correct me if I'm wrong, but certain security applications are not much targeted by malware writers and thus can recognize certain malware better than AV programs at which malware writers target their creations. I won't go into discussion about MB here, I'll rather leave it up to you to find out how good it's in removing other malware whose writers don't target famous AVs, how many FPs it may cause, or if it removes malware in a safe manner which, for instance, may not cause system restarts or other severe problems. I'm not entitled to compare products from different AV vendors so you must make a test and the conclusion yourself. However, take into account that there are millions of malware variants in the world and the fact that a particular application is better in recognizing certain malware families doesn't mean it will protect you better against all other threats.

    If you notice a strange behavior and are unable to identify the file that is causing it, send a log from ESET SysInspector to samples[at]eset.com with this thread's url in the subject and we'll check it for you and give you further instructions or provide a cleaner to remove it.
     
  5. 0verlord

    0verlord Registered Member

    Joined:
    Dec 18, 2008
    Posts:
    17
    For proper removal of Antivirus 2009 or any of its variants, please remember to turn off system restore before attempting to clean this pest, otherwise it will always re-infect on reboot. Run the latest Microsoft Malicious Software Removal Tool, as far as I know the only software that can properly access the system restore folder for cleanup. Then run malwarebytes or whatever other anti-malware tool you like.
     
  6. PaulB2005

    PaulB2005 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    525
    Why? How does that work? I was under the impression that files can only come out of the System Restore folder when explicitly told to by performing a Restore. What mechanism results in Antivirus 2009 being able to repair itself in this manner? I know some of them will re download missing files and components from the server they arrived from but this is different from resurrection from the SR folder.

    Also many experts don't recommend this - see this page
     
    Last edited: Dec 19, 2008
  7. 0verlord

    0verlord Registered Member

    Joined:
    Dec 18, 2008
    Posts:
    17
    Dont' ask me how, but I had a couple of machines where they would always reinfect on boot (If i logged with account with administrative rights) it wasn't until i disabled system restore and ran the microsoft tool that I finally was able to get rid of Antivirus 2009.

    What troubles me is that the only people who seem to have access to the System Restore database appears to be virus/malware authors and microsoft. Most antivirus/antimalware programs dont' seem to have access to this area of the system. I hope i am wrong though.
     
  8. PaulB2005

    PaulB2005 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    525
    I'm afraid you are.

    No program can spontaneously regenerate from SR. Chances are there are other undetected processes repairing and maintaining the malware.

    Some AV can remove files from the SR folder but this is not advisable. Many fail when they try - "Access denied".

    Many anti virus products can detect files in the SR folder but they are always old copies that were backed up when the original file was deleted. Some AV elect not to scan the SR as it produces "false" detections. I had a machine here last week where it was continuously stating it had detected x, y and z virus. A quick check of the logs showed that it was the AV detecting the files in the SR folder. I could find corresponding entries in the log from when they were originally deleted a few days before. The PC wasn't actually infected any more and in this case flushing the SR did stop the problem of the "false" alerts.
     
  9. bradtech

    bradtech Guest

    This is odd because I've had two-three machines that brought up that the user tried installing this and NOD32 seemed to quarantine the exe before anybody could install it??

    MB, Adware, and NOD32 say the system is clean.. As much as I like NOD32 I do not trust it to be my sole confirmation after I see a hit on a machine..
     
  10. markchicobaby

    markchicobaby Registered Member

    Joined:
    Dec 18, 2008
    Posts:
    7
    Must be a variant sneaking its way through. Or maybe we didn't have HTTP download protection turned on for the machine in question.

    AGREED!! Unfortunately we only have limited billable time to fix a machine. Its actually faster to rebuild than it is to run a full scan, repair, find it's still infected, try another tool, rescan again, repeat..... Rebuild = 1-2 hours max, 100% fix rate!!! Scan alone takes at least 30min....
     
  11. ASpace

    ASpace Guest

    That is because you don't know what tools exactly to use ;) Scanning with one program , waiting , removing , using another signature based program , updating , scanning , removing , trying 3rd signature based program , scanning , removing ... is an outdated solution to deal with todays' threats. There are other methods which guarantee faster way to deal with malware and do not work the same way as signature based tools - which guarantee removal of both know and unknown threats . Actually ALL threats could be unknown , but not all are known.
     
  12. markchicobaby

    markchicobaby Registered Member

    Joined:
    Dec 18, 2008
    Posts:
    7
    I thought that it was the security applications that are supposed to target the malware! I guess it works the other way around too.

    Look, all I'm saying is that there is a tool out there, Malwarebytes, that everyone is recommending is the best thing for this pest. I've not tried it yet because by the time I've run a scan with NOD and with MB, my client time is exhausted and I could have rebuilt the machine faster anyway. Now as I'm paying for ESET, and this failing is costing client's time and money, I'm going to be on ESET's case if you don't keep up with your security vendor competitors.

    If the best you can do is claim that MB's removal process could/maybe/might damage the machine in some way, well that's not good enough. It is up to ESET to keep up with trends in AV malware which of course you do, but so far no-one is recommending ESET for this pest! So get it on the hit list please!

    Fair enough; fact is that basic scan of MB is claimed to remove AV2009. So far, no-one seems to be recommending ESET for this particular virus. So you guys should please add it to your hit list, and make sure you are the recommended tool so I can continue to recommend it to my clients!

    The last thing I need is to tell the client that my recommended security tool didn't protect them, that is the LAST thing I need. So please, raise the importance of this pest in your malware hit list, and make sure that ESET is still the best product for removing malware.
     
  13. markchicobaby

    markchicobaby Registered Member

    Joined:
    Dec 18, 2008
    Posts:
    7
    OK now I'm intrigued. Please share, what method and tools do you recommend, HiTech_boy?
     
    Last edited: Dec 20, 2008
  14. redfive

    redfive Registered Member

    Joined:
    Mar 23, 2007
    Posts:
    12
    I use HijackThis, Avenger, Killbox, HostsXpert. That's it and I can remove 100% of any new threat. It may take me a bit to figure a new one out (such as the new kind which hid in the %userprofile%/ApplicationData/Google folder) but I can get them out.
     
Thread Status:
Not open for further replies.