Full scan

Discussion in 'NOD32 version 2 Forum' started by Gauthreau, Dec 23, 2004.

Thread Status:
Not open for further replies.
  1. Gauthreau

    Gauthreau Guest

    Is there a way to set up NOD32 2.12.3 to perform a full system scan at startup? In recent scans NOD has found a few malware items but it can't clean them due to their location in the active files. I want to get rid of them, but the only option given to me is "leave". Thanks

    Neil
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Have you tried going to scheduler /planner and setting a scanning task at startup yet?
     

    Attached Files:

  3. Gauthreau

    Gauthreau Guest

    I have not. I'll give it a go right now. Thanks!

    Neil
     
  4. Gauthreau

    Gauthreau Guest

    Well, that's not what I was looking for. I need something that will pause the boot and scan the system before anything can be loaded into the memory. Thanks anyway.

    Neil
     
  5. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    you could try running a scan in safe mode, and see if that will then allow for cleaning the malware, or, you could go to "startup", and remove the regkeys that are causing the malware to run at startup.. or, you could try killing the malware's processes in task manager, and then running a scan to clean out the malware..

    to access "startup" in the registry, there are different ways.. one way is to use spybot/tools/system startup.. you could use jv16 powertools, if you have that.. or, you could use regedit, and go to:

    hkey_current_user/software/microsoft/windows/currentversion/run

    hkey_local_machine/software/microsoft/windows/currentversion/run

    if you see regkeys that are causing the malware to run at startup, you can remove them.. it is usually suggested to backup the registry before tampering with it..

    there has to be some way to clean out the malware.. you could put the name of the malware in a google-search, and maybe you can find some instructions for removing it..
     
    Last edited: Dec 23, 2004
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    This has been added to "Future Changes to Nod32" at the top of the forum.

    Cheers :D
     
  7. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Gauthreau,

    Getting back to your original problem, have you tried booting to safe mode and running a scan from there? There are a number of other approaches that can be taken - such as the registry edits - but this is an easy one.

    Blue
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Can you post the part of the log that shows what the files are and where they are, they may be part of Outlook Express and as such are a ".DBX" file, with these files you simply delete the infected email and the virus is gone.

    Cheers :D
     
  9. Gauthreau

    Gauthreau Guest

    All right everyone, I've run a scan in safe mode, but the problem was not resovled. The affected files have come from Bargain Buddy. Ad-aware, spybot search and destroy, and Giant Anti-spyware have not been able to detect and remove the problem.

    NOD32 detects but is not able to remove the following:

    C:\WINDOWS\system32\netut80ex.vxd »ZIP »C:/WINDOWS/system32/exdl.exe - Win32/Adware.BargainBuddy Application
    C:\WINDOWS\system32\netut80ex.vxd »ZIP »C:/WINDOWS/system32/mqexdlm.srg - Win32/Adware.BargainBuddy Application
    C:\WINDOWS\system32\netut80ex.vxd »ZIP »C:/WINDOWS/system32/exul.exe - Win32/Adware.BargainBuddy Application
    C:\WINDOWS\system32\netut80ex.vxd »ZIP »C:/WINDOWS/system32/javexulm.vxd - Win32/Adware.BargainBuddy Application

    I've even tried locating the files on my drive so I can remove them manually, but I can't find them anyware. When I cut and past the directory into the location bar in my computer, I get a popup that tells me that the file can't be opened because of an unknown format.

    I've googled the damn thing, followed the directions on a number of sites, but none point to the entries that I have. I've run HiJackThis and found nothing. I can't seem to shake this damn thing. I have TI8 and was going to backup some files and go back to an image that I created after a clean install.

    Neil
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,768
    Location:
    Texas
    I found this tip. Don't know if it will help or not.

    http://www.askmehelpdesk.com/forum/showthread.php?p=15246#post15246

    Are you running the newer AdAware called AdAware_SE??
    If not, get it, install it, and it will take care of the problem for you.
    Run AdAware_SE in SafeMode. Run it 2 or 3 times, then re-boot into SafeMode again, and run it 2 or 3 times again.
    Then, re-boot.
    All of BargainBuddy should be gone.
    Some of these spyware programs (like also about: blank; will rebuild their own files after some are deleted by AdAware, and after re-booting). That's why you must run the scan multiple times.
    Best of luck,
    fredg
     
  11. Gauthreau

    Gauthreau Guest

    Yes I am running Adaware SE. It is current in definitions, as is Giant and Spybot. I've scanned in Safe Mode a few times as well as in regular mode, but they turn up nothing. Nod is the only one to find the above listed files.

    I'm going to poke around in the link you provided. Thanks for the help.

    Neil
     
  12. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    With this issue can you please send an email to support@nod32.com and place a link to this thread. If you do not hear from Eset within 3 days (allows for weekends), please advise us here...

    We would appreciate if you could keep us in the loop with your progress, as we all learn this way…

    Cheers :D
     
  13. Gauthreau

    Gauthreau Guest

    Things went downhill from my last post (lost internet connection), so I restored an image with TI8. Everything is up and running now. What a pain in the... Bargain buddy is no fun.


    Neil
     
Thread Status:
Not open for further replies.