ESET Allowed A Rootkit In, I Believe.

Discussion in 'ESET Smart Security' started by damrootkits, Jun 6, 2010.

Thread Status:
Not open for further replies.
  1. damrootkits

    damrootkits Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    5
    Hello All,
    I was hoping i could get some answers to a "BIG" problem i seem to have inflicked upon myself, but in my defence i thought eset would have protected me.

    I was stupid enough to copy a friends hard drive which had some mp3 files on it which i desired to have on mine. It also had some game files, which when browsing the drive i thought i might look at too. I had allready scanned the drive for viruses using eset and it had come up clean, so it said.

    The day after i browsed these files, eset decided to start playing up. The icon turned red, it said i was at risk as i did not have the latest update. I disabled eset, reinabled it and all seemed well.

    I then went to do some online banking and firefox warned me that "THIS CONNECTION IS UNTRUSTED"

    ****ALARM BELLS START RINGING****

    Just do a restore i thought to myself, however, all my restore points have goneo_O?

    I investigate this problem and keep finding refrences to "rootkits" and the need to reformat my hard drive.

    I spit my dummy, i throw my teddy bear in the corner, i ask myself why i pay esset to protect my computer. Then i realise, i need some tech help.

    Is the answer to reformat my harddriveo_O If so is it safe to copy my home videos and my mp3 files while i reformat, or will these just carry over the rootkit. And, why, why, why didn't esset smart security 4.2.35 protect me in the first placeo_O?

    Any help would be greatly apprieciated. I do intend to contact esset themselves, but as its a sunday i thought i would try here first. Many regards, STUPID.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,411
    It is a truism that no AV detects 100% all threats and users should pay attention to what they are doing with what kind of rights instead of blindly relying on a particular AV.

    I'd suggest creating a log from SysInspector and supplying it to customer care for perusal. Also create a rescue cd and use it to run a full system scan. Since rootkits would be inactive, there would be higher chance of detecting rootkit malware.
     
  3. pinjoa

    pinjoa Registered Member

    Joined:
    Jan 10, 2008
    Posts:
    74
    Location:
    Braga, Portugal
    Hi "damrootkits",
    all AV products detects only malware that is on their databases...
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,411
    I disagree with that statement if it was meant that every malicious file must have a signature in the database. It's been a must in recent years that security software takes advantage of generic signatures, heuristics or other techniques to ensure detection for new variants.
     
  5. damrootkits

    damrootkits Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    5
    Oh dear! How embarrasing.:oops: But, in the hope that this information can help others i will tell the tale.

    I took your advice Marcos and sent a log to eset customer care. Mind you, it was not with out some pushing. The individual involved was quite insistant i complete all his previous suggestions first. Which i had anyway. To prove this he requested i send the logs from the programs he had suggested i run.

    He immediatly emailed me back informing me my computer clock was incorrect.

    My wife, in her wisdom:rolleyes: , had used the date and time properties, to check a date in the future. Changing the system date at the same time. It was pure coinsadence she had done this around the same time i had opened what i believed was a dodgy file.
    Once i changed the date back, firefox no longer gave me untrusted site, messages. Because all there security signatures were back in date. :blink:

    I am assuming this was also the reason none of my previous restores were present. Although i am still unable to access these. Im assuming ccleaner or one of the programs i ran removed these. Im still a little concerned thou as i cannot navagate through the months.

    Anyway, i have certainly gained some education. I will more than likely do and fdisk anyway and have a good read of the link meriadoc suggested. Well thank you all kindly and i look forward to your jibes.

    PS. excuse my spelling, is there a spell check on the posting page??
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.