Help needed: infection with variant of Win 32/keylogger.Ardamax

Discussion in 'ESET NOD32 Antivirus' started by Superman20, Dec 24, 2007.

Thread Status:
Not open for further replies.
  1. Superman20

    Superman20 Registered Member

    Joined:
    Dec 24, 2007
    Posts:
    39
    Hi,
    nod32 has detected 3 files and quaratined them. Everytime I delete them they are found again. The infected files are:

    C://WINDOWS/system32AKV.exe (size 402944 bytes)
    C://WINDOWS/system32YERM.exe (size 482816 bytes)
    C://WINDOWS/system32YERM.007 (size 5632 bytes)

    Reason (for all 3 files): a variant of Win32/Keylogger.Ardamax

    Is this a false positive or a malicious file, if so then how do i go about removing it?


    Any comments appreciated
     
  2. ASpace

    ASpace Guest

    Ardamax is potentially unsafe application , a commercial keylogger program . If you haven't installed it yourself , it is strongly recommended to delete it .

    Try to uninstall it first , if there is an entrie in Add/Remove programs
    Then boot in Safe Mode . When in Safe Mode , open Start->Programs->ESET->ESET NOD32 Antivirus and attempt to start the GUI . It will ask you if you want to perform full scan , confirm with Yes and leave ESET Command line scanner finish its job.

    After the scan is finished , restart in Normal Mode
     
  3. Superman20

    Superman20 Registered Member

    Joined:
    Dec 24, 2007
    Posts:
    39
    I tried running a full system scan in safe mode and it took 4 hours to complete (in a dos window). I restarted the computer after the scan finished and a few moments later I noticed that the same files were still in quarantine along with a new SWF trojan file.

    I went on eicars website and downloaded the test antivirus and nod32 (version 3 - 621 build) did not detect this. Does that mean nod32 is disabled and / or my computer is still infected ?

    Any comments will be greatly appreciated
     
  4. ASpace

    ASpace Guest

    You may have changes settings so that it is now not working...

    Perform reinstallation so that you will now install the very latest 3.0.621 build:

    1. Download fresh new Eset v3 product from http://www.eset.com/download .Make sure that you choose the correct version.
    2. Uninstall your current version from Control Panel -> Add/Remove programs
    3. Reboot the computer when prompted
    4. Delete manually this folders:

    - C:\Documents and Settings\All users\Application data\Eset

    5. Reinstall your ESET smart protection with the file you just downloaded . Use typical install.


    6. Make sure the antivirus updates to the latest protections
    7. Open the UI , press F5 to enter the Advanced Setup Tree

    • Open Antivirus/Antispyware (start-up) protection , enter the Setup of ThreatSense engine -> Options and enabled Potentially unsafe applications
    • Open Real-time file system protection , enter the Setup of ThreatSense engine -> Options and enabled Potentially unsafe applications
    • Open On-demand scanner, enter the Setup of ThreatSense engine -> Options and enabled Potentially unsafe applications

    1.PNG

    2.PNG



    8. Perform full scan from Computer Scan -> Standart scan
     
Thread Status:
Not open for further replies.