ESET Allowed A Rootkit In, I Believe.

Discussion in 'ESET Smart Security' started by damrootkits, Jun 6, 2010.

Thread Status:
Not open for further replies.
  1. damrootkits

    damrootkits Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    5
    Hello All,
    I was hoping i could get some answers to a "BIG" problem i seem to have inflicked upon myself, but in my defence i thought eset would have protected me.

    I was stupid enough to copy a friends hard drive which had some mp3 files on it which i desired to have on mine. It also had some game files, which when browsing the drive i thought i might look at too. I had allready scanned the drive for viruses using eset and it had come up clean, so it said.

    The day after i browsed these files, eset decided to start playing up. The icon turned red, it said i was at risk as i did not have the latest update. I disabled eset, reinabled it and all seemed well.

    I then went to do some online banking and firefox warned me that "THIS CONNECTION IS UNTRUSTED"

    ****ALARM BELLS START RINGING****

    Just do a restore i thought to myself, however, all my restore points have goneo_O?

    I investigate this problem and keep finding refrences to "rootkits" and the need to reformat my hard drive.

    I spit my dummy, i throw my teddy bear in the corner, i ask myself why i pay esset to protect my computer. Then i realise, i need some tech help.

    Is the answer to reformat my harddriveo_O If so is it safe to copy my home videos and my mp3 files while i reformat, or will these just carry over the rootkit. And, why, why, why didn't esset smart security 4.2.35 protect me in the first placeo_O?

    Any help would be greatly apprieciated. I do intend to contact esset themselves, but as its a sunday i thought i would try here first. Many regards, STUPID.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It is a truism that no AV detects 100% all threats and users should pay attention to what they are doing with what kind of rights instead of blindly relying on a particular AV.

    I'd suggest creating a log from SysInspector and supplying it to customer care for perusal. Also create a rescue cd and use it to run a full system scan. Since rootkits would be inactive, there would be higher chance of detecting rootkit malware.
     
  3. pinjoa

    pinjoa Registered Member

    Joined:
    Jan 10, 2008
    Posts:
    74
    Location:
    Braga, Portugal
    Hi "damrootkits",
    all AV products detects only malware that is on their databases...
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I disagree with that statement if it was meant that every malicious file must have a signature in the database. It's been a must in recent years that security software takes advantage of generic signatures, heuristics or other techniques to ensure detection for new variants.
     
  5. damrootkits

    damrootkits Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    5
    Oh dear! How embarrasing.:oops: But, in the hope that this information can help others i will tell the tale.

    I took your advice Marcos and sent a log to eset customer care. Mind you, it was not with out some pushing. The individual involved was quite insistant i complete all his previous suggestions first. Which i had anyway. To prove this he requested i send the logs from the programs he had suggested i run.

    He immediatly emailed me back informing me my computer clock was incorrect.

    My wife, in her wisdom:rolleyes: , had used the date and time properties, to check a date in the future. Changing the system date at the same time. It was pure coinsadence she had done this around the same time i had opened what i believed was a dodgy file.
    Once i changed the date back, firefox no longer gave me untrusted site, messages. Because all there security signatures were back in date. :blink:

    I am assuming this was also the reason none of my previous restores were present. Although i am still unable to access these. Im assuming ccleaner or one of the programs i ran removed these. Im still a little concerned thou as i cannot navagate through the months.

    Anyway, i have certainly gained some education. I will more than likely do and fdisk anyway and have a good read of the link meriadoc suggested. Well thank you all kindly and i look forward to your jibes.

    PS. excuse my spelling, is there a spell check on the posting page??
     
Thread Status:
Not open for further replies.