HELP!!!

Discussion in 'NOD32 version 2 Forum' started by Dariusz82, Jun 4, 2006.

Thread Status:
Not open for further replies.
  1. Dariusz82

    Dariusz82 Registered Member

    Joined:
    Jun 4, 2006
    Posts:
    13
    i got NOD32 antivirus system warning: AMON - File system monitor showing that i have a threat Win32/TrojanDropper.VB.NAI and norton anti virus shows its W32.Alcra.F and is unable to repair it.... I have tried everything i have read on the web about it and can't get rid of it.... it keeps sreading slowing down my pc :( HELP
     
  2. Dariusz82

    Dariusz82 Registered Member

    Joined:
    Jun 4, 2006
    Posts:
    13
    i have version 2.5 and it does not let me clean, quarentine, delet or anything....
     
  3. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    Could you please tell us where is file located? Have you tried running in-depth scan of your computer with NOD32 on-demand scanner?
    Btw, are you running NORTON and AMON both in realtime ?
     
  4. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Try running the scan in safe mode. Boot into safe mode without networking. Then run an on demand scan.
     
  5. ASpace

    ASpace Guest

    Yes , it won't because this is loaded in the memory . You have to boot in Safe Mode immediately and perform full scan .
    How to boot your computer in SAFE MODE
    Do this by repeatedly typing F8 while Windows is starting before
    Windows logo appears.
    Then you'll open the Windows Advanced menu where you can choose to boot
    the hard drive in SAFE MODE




    I suggest you use the so called "My profile" and configure it to scan

    as show in the screenshots + see this link:

    https://www.wilderssecurity.com/showthread.php?t=37509&page=3


    In addition to NOD32 , please download , install , update and use Ad-Aware SE Personal by Lavasoft
    http://www.lavasoftusa.com

    :)
     

    Attached Files:

    • 1.gif
      1.gif
      File size:
      39.6 KB
      Views:
      461
  6. ASpace

    ASpace Guest

    Number 2 :D
     

    Attached Files:

    • 3.gif
      3.gif
      File size:
      37.1 KB
      Views:
      478
  7. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    HiTech_boy your definitions are a little bit out-dated. :D :D (1.1089 and 1.1096)
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I think he took them from Blackspear's guide :)
     
  9. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    uuu...he's a little stealer. :D
     
  10. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Yup, I recognize those red arrows and blue numbers anywhere :D
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Any chance you could post a screenshot of the AMON alert window you get here?
     
  12. Dariusz82

    Dariusz82 Registered Member

    Joined:
    Jun 4, 2006
    Posts:
    13
    how do i post a screen shot??
     
  13. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    well, when AMON appears you hit Prt Sc button on your keyboard than open Paint (Start-> All programs-> Accesories-> Paint) , go to Edit-> Paste, save the image as .gif and then go here to the forum.
    Hit post reply and then Manage Attachements and Upload the image from your computer. Hope this helps you. :)
     
  14. Dariusz82

    Dariusz82 Registered Member

    Joined:
    Jun 4, 2006
    Posts:
    13
    HEres the pic....on the Nod32 antivirus system warning the end tmp17.tmp file name keeps changing every time it reopens when i close it same goes for the norton antivirus object name. on the omen the infected numbe keeps growing rapidly along with the scanned #.
     

    Attached Files:

    Last edited by a moderator: Jun 4, 2006
  15. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Now we can see what the problem is :)
    Norton and NOD32 are fighting each other.
    I already know which one will win.
    Do anything Marcos suggests and Disable, uninstall, clean out and clean up after Norton till it's gone and you should be just fine :)
    After that I would check out Blackspears Extra Settings guide if you haven't already - it is a sticky thread near the top

    Cheers :)
     
    Last edited: Jun 4, 2006
  16. Dariusz82

    Dariusz82 Registered Member

    Joined:
    Jun 4, 2006
    Posts:
    13
    THANKS TO ALL..... i have deleted norton just as told, ran nod32 in safe mode as told and so far have not recieved any pop ups from NOD32 or amon. GREAT SITE GREAT HELP GREAT PEOPLE!!!! Thanks a million.
     
  17. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    No worries - mine was the easy part.
    Thanks for posting back to let us know all is OK now :D

    Cheers :)
     
  18. ASpace

    ASpace Guest

    Me , too , great you are fine ( thanks to my little stealing abilities from Blackspear pics) :D :D :D :p :p
     
  19. Daze

    Daze Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    3
    I am quite sure I have this same trojan. Last week I downloaded a study guide from BearShare, now I made the unbeleivably stupid assumption that malware is only bundled on pirated software on P2P. I also knew that exe's were commonly known to have viruses, and yet I installed it anyway.

    Now I have popups all over the place and they are constantly downloading, absolutely killing my dialup. So the problem is NOD32 was running with fully updated definitions, yet it didn't detect anything. The funny thing is when I re-downloaded the archive and scanned the exe, it detects this particular virus you all are discussing.

    I have booted in to safe mode and ran a scan, and I get the same problem as I do in normal mode: it won't delete the infected files(by this I mean the already installed malware and not the archive containing the virus). The only thing Safe Mode would do differently is let me manually delete the infected files, but of course the virus had already cloned itself or whatever it does, and reinstalled.

    So has NOD32 failed or is there a solution to this?

    -Also I would like to add, Dariusz82, check your temporary internet files(C:\Documents and Settings\*ACCOUNT NAME*\Local Settings\Temporary Internet Files) I am curious if NOD32 actually deleted this from your computer, since you never directed it to or anything, it just went away as you said. If I am correct then you will have numerous cookies you know you've never set, such as mine (Cookie:chris@www.ticketsnow1.com/) where I have about 200 Cookie:chris@* (of which Ad-Watch will block..not that it does much) followed by thousands of pictures and whatnot. Oh make sure you clear this folder prior to checking it for these things, trust me they will come back without you even browsing..if in fact you do still have it.
     
  20. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Daze, welcome to Wilders.

    Could you please check your settings against this found HERE After this please run a scan; NOD32 Control Centre> NOD32> Run NOD32> Scan and clean

    Let us know how you go...

    Cheers :D
     
  21. Daze

    Daze Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    3
    I read over your guide, my NOD32 settings are configured the same way. The only thing I have different from you is that I did not enable IMON and DMON as I don't use either. I don't think this has and relevance to my problem, but if it does please let me know. Thank you.
     
  22. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    So are your scan settings the same as Post number 47 to 60? and have you run a scan with these settings?

    Cheers :D
     
  23. Daze

    Daze Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    3
    Haha I didn't realize there was more than one page. I didn't have those settings configured as you did, I changed them and then did a scan and nothing was detected. It's hopeless ><
     
  24. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    No, I have sent you a Private Message.

    Cheers :D
     
  25. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    VB.NAI is a quite old worm and had been detected proactively by ThreatSense from the very beginning. However, later it used to be distributed via uu-encoded email which was not scanned by NOD32, but the file was actually detected and blocked at an attempt to access the attachment.
     
Thread Status:
Not open for further replies.