HELP-- something got past my nod 32

Discussion in 'NOD32 version 2 Forum' started by sisterslee, Oct 11, 2008.

Thread Status:
Not open for further replies.
  1. sisterslee

    sisterslee Registered Member

    Joined:
    Oct 11, 2008
    Posts:
    6
    I have a red X showing up on the bottom of my computer screen that says your computer is infected windows has detected spyware infection etc I have nod32 i have run scans nothing comes up whatever this is it hijacks my browser and makes google instead of msn my home page, computer is extremely slow and freezing, when i first started having problem nod32 said it found spyware and quaranteened it after that the next scan showed nothing, i did have spyware blaster installed on my computer as well but that doesn't seem to help anything any ideas??
     
  2. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hello,

    try to automated cleaning tool SmitFraudFix. If it doesn't help, create log from ESET SysInspector and send it to support[at]eset.com.

    Regards
     
  3. sisterslee

    sisterslee Registered Member

    Joined:
    Oct 11, 2008
    Posts:
    6
    Thanks Kosak but i treid 4 times to get that fix you linked it goes to 99 percent then i get an internet explorer message that says the connection was terminated abnormally
     
  4. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Try safe mode with networking.
     
  5. sisterslee

    sisterslee Registered Member

    Joined:
    Oct 11, 2008
    Posts:
    6
    out of my league!!!!!!!!!!!!!!
     
  6. sisterslee

    sisterslee Registered Member

    Joined:
    Oct 11, 2008
    Posts:
    6
    anyone have any other ideas for a not so computer savy girl?
     
  7. ASpace

    ASpace Guest

    Do you use v2 of NOD32 with Blackspear's settings ?

    You can't get the Smitfraudfix utility because ESET detects it as potentually unsafe application and IMON/web access protection blocks the connection.

    process.png


    In order to download/use the utility , you need to either temporary disable the AV protection/modules , stop detection of potentually unsafe applications or uninstall NOD32 . You haven't provided any background information about your system and trying to clean such an environment is not a professional -in any way .

    Either contact ESET Technical Support or post in a forum which provides malware cleaning services (such as AumHa forums)
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Also I'd suggest that you download and install ESET NOD32 Antivirus (v3) which has better detection than v2 thanks to the improvements it contains.
     
  9. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Easily cleaned with the combo of
    CCleaner
    MalwareBytes
    Spybot Search and Destroy 1.6
    SuperAntispyware
     
  10. sisterslee

    sisterslee Registered Member

    Joined:
    Oct 11, 2008
    Posts:
    6
    I ran Spybot several times and it came up with something called WildTangent each time but says it cant remove or "fix" it because it may be running or in memory or something like that. Then it says to try restarting the computer to fix it but just runs another scan with another can't fix it message. Each restart has a momentary flash of a small black window that shouldn't be there, and it says roughly - win32/command or commandeer (or something)/exe. This has been appearing since the moment the virus struck while downloading a supposed Adobe video add on from some website. That's when I got the immediate NOD32 warning screen that said the threat had been found and quaranteened.

    The computer works fine now (after deleting some spyware with various free scanners) except my browser keeps getting "redirected". And yes I do have NOD32 2.7 with the Blackspear mods done when I first got it.

    Does any of this help or should I just keep running spyware scanners?


    This is what spybot says:

    WildTangent: [SBI $3A3BDC07] Program directory (Directory, nothing done)
    C:\WINDOWS\wt\

    WildTangent: [SBI $76830867] Program directory (Directory, nothing done)
    C:\WINDOWS\wt\wtupdates\

    WildTangent: [SBI $AEA200D6] Program directory (Directory, nothing done)
    C:\WINDOWS\wt\wtupdates\WireControl\
     
  11. xEnvious

    xEnvious Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    15
    This is what you do. The moment you turn on your computer, press the F8 button couple of times (like every second or so). The trick here is to get into the safe mode options before the Windows XP loading screen (assuming you're using XP). There will be a black screen asking you how you want to load windows. Select Safe Mode (with Networking). It will look very plain and when you log into your account, Windows will ask you if you want to continue using safe mode. Select Yes. From there, run SpyBot and you should be able to delete those pesky things. Also, run with the other scanners you have and delete whatever it detects.

    --- Side question to those who are experienced: how do you run a NOD32 scan in safe mode? When I go into safe mode and open NOD32, it says something about kernels not working? Is there a way to go around this so I can scan my computer during safe mode?
     
  12. sisterslee

    sisterslee Registered Member

    Joined:
    Oct 11, 2008
    Posts:
    6
    OK here's what I found, I still couldn't remove Wild Tangent in safe mode (got the same message from spybot - in memory) BUT I also found out that wild tangent ISNT my problem. As explained here -http://forums.spybot.info/showthread.php?t=2313 It's just a game.

    So now I'm back to not knowing what has hijacked my computer! Whatever it is it's gotten by both NOD32 and Spybot.

    Just to recap, it hijacks my browser, sometimes every time I click on something - but only the first try (Yellow Book is a common destination I've noticed) - and other times it's quiet for a while.

    I'll go try some of the other programs StoneCat kindly listed.
     
Thread Status:
Not open for further replies.