"Error quarantining" problem

Discussion in 'NOD32 version 2 Forum' started by sir gerald, Apr 29, 2007.

Thread Status:
Not open for further replies.
  1. sir gerald

    sir gerald Registered Member

    Joined:
    Mar 2, 2005
    Posts:
    11
    I've been plagued for the last week by the following ...

    Win32/Adware.Virtumonde application ... and several different variations of the same

    It randomly opens IE and opens up windows for junk like online loans ... adult dating.
    NOD reports it but when I try to quarantine it, NOD reports an "error quarantining".

    When I ran a scan it found several trojans but couldn't remove them.

    Any ideas ?

    thanks
     
  2. sir gerald

    sir gerald Registered Member

    Joined:
    Mar 2, 2005
    Posts:
    11
    Here'a a list of the threats found during the scan, none of which NOD was able to remove.

    C:\Documents and settings\Owner\.jpi_cache\jar\1.0\arr3.jar-53b20018-519803ea.zip »ZIP »Gummy.class - Java/Bytverify trojan

    C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\arr3.jar-53b20018-519803ea.zip »ZIP »Counter.class - Java/Exploit.Bytverify.B trojan

    C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\arr3.jar-53b20018-519803ea.zip »ZIP »VerifierBug.class - Java/Exploit.Bytverify.B trojan

    C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\arr3.jar-53b20018-519803ea.zip »ZIP »Beyond.class - a variant of Java/ClassLoader.K trojan

    .
     
  3. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    Try VundoFix then try SUPERAntiSpyware to make sure you're clean.

    EDIT: Which version of Java are you using, by the way? "Start" --> "Control Panel" --> "Java", then in the "Java Control Panel", click "About..." under the "General" tab. Current Java version is 1.6.0 (build 1.6.0_01-b06), if you don't have this you should update it. PS! The exploits/trojans found in the archives you mentioned can be removed by simply navigating to them and deleting them or emptying your Java cache.
     
    Last edited: Apr 29, 2007
  4. sir gerald

    sir gerald Registered Member

    Joined:
    Mar 2, 2005
    Posts:
    11
    k,

    My Java is version 1.4.1_02.
    I'll take your advice and update it.

    There was only one of the four trojans in my Java cache and I deleted it.

    I'll run the two programs you recommended and see what they find.

    thanks
     
  5. sir gerald

    sir gerald Registered Member

    Joined:
    Mar 2, 2005
    Posts:
    11
    I think that did it.

    thanks for your help.

    ~
     
  6. ASpace

    ASpace Guest

    About your "error quarantining" problems:

    Make sure that a folder with name infected exists in C:\Program files\ESET\ . If there is no such folder , manually create it . Otherwise , post back here for instructions to reinstall NOD32 .

    Then make sure your definition is up-to-date by pressing Control Center -> Update -> Update now.

    Make sure your settings are the same as this tutorial.

    Open Control Center -> NOD32 -> Run NOD32 and perforum full Scan&Clean over your hard drives . NOD32 will take care of these threats :)

    If you have problems deleting them in Normal mode , boot in Safe Mode and then perform full scan there .
    You can also use Ewido Micro for second opinion

    :thumb
     
  7. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Question. No "Infected" file has been created on install of NOD32 on both my and wife's disc. However there is a registry entry SOFTWARE\Eset\Nod\CurrentVersion\Common "reserved" for this folder pointing to path C:\Program Files\Eset\Infected.

    Is the "Infected " folder only created once something is placed into quarantine by NOD ? I am pretty sure this is the case as NOD32 was freshly installed on two machines here and in both cases no "Infected" folder was created.

    Would appreciate confirmation. Thanks.
     
  8. ASpace

    ASpace Guest

    Ahum (Yes) ;) ;) ;)

    You are welcome ! :thumb:
     
  9. sir gerald

    sir gerald Registered Member

    Joined:
    Mar 2, 2005
    Posts:
    11
    so, did we decide I should not manually create an infected folder ... but wait and let NOD create it should it ever find something that needs quarantining ?

    ~
     
  10. Get

    Get Guest

    Read this thread starting at post 26 (also read the thread linked in that post) for some background info. The problem will be solved in the new Nod32 btw.
     
Thread Status:
Not open for further replies.