I don't think ESET NOD32 is working

Discussion in 'ESET NOD32 Antivirus' started by LtDan, Dec 13, 2010.

Thread Status:
Not open for further replies.
  1. LtDan

    LtDan Registered Member

    Joined:
    Dec 11, 2010
    Posts:
    7
    Location:
    california
    I have been using ESET NOD 32 for several years now and recently it seems that it has stopped protecting anything. I scan for virus/malware and it doesn't find anything yet, there is malware there. It doesn't work in graphics mode when in Safe Mode. Thankfully from this forum Wilders I was able to find a free program (SAS) that found 22 instances of malware. It doesn't recognize that damn Whitesmoke app. It is frustrating. At one time NOD32 was one of the best, I don't know about now, it hasn't caught a darn thing.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Did you actually submit the alleged malicious files to ESET for further analysis per the instructions here ? The fact that certain files are detected by another AV doesn't make them malicious. I wonder if they actually were files and not just registry entries what was detected.
     
  3. LtDan

    LtDan Registered Member

    Joined:
    Dec 11, 2010
    Posts:
    7
    Location:
    california
    Here's your alleged files

    ESET NOD32 found NOTHING Ver 4.2.67.10

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Value: {52794457-AF6C-4C50-9DEF-F2E24F4C8889} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\documents and settings\networkservice\application data\whitesmoketoolbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\documents and settings\networkservice\application data\whitesmoketoolbar\weather (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

    Files Infected:
    c:\documents and settings\networkservice\application data\whitesmoketoolbar\dtx.ini (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\documents and settings\networkservice\application data\whitesmoketoolbar\exeArgs.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\documents and settings\networkservice\application data\whitesmoketoolbar\guid.dat (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\documents and settings\networkservice\application data\whitesmoketoolbar\preferences.dat (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\documents and settings\networkservice\application data\whitesmoketoolbar\stat.log (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\documents and settings\networkservice\application data\whitesmoketoolbar\stats.dat (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\documents and settings\networkservice\application data\whitesmoketoolbar\uninstallie.dat (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\documents and settings\networkservice\application data\whitesmoketoolbar\uninstallstatie.dat (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\documents and settings\networkservice\application data\whitesmoketoolbar\weatherbutton_prefs.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\documents and settings\networkservice\application data\whitesmoketoolbar\weather\3f36704676aeca513c641eec506661b5 (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\documents and settings\networkservice\application data\whitesmoketoolbar\weather\6f855fed069951ec7b3b65ee86123a32 (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\documents and settings\networkservice\application data\whitesmoketoolbar\weather\forecasts_cache.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\documents and settings\networkservice\application data\whitesmoketoolbar\weather\observations_cache.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
     
  4. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    Toolbars are generally only detected if your have the scanning option to look for Potentiall Unwanted Applications, so make sure that is configured if it isn't.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    These are not supposed to be detected, registry entries or directories with a certain name are not malicious themeselves, only files they contain or refer can be:

    Judging from the file extensions, the following files are clean, it's a sort of junk (data or config. files):
    In a nutshell, the log posted does not show anything relevant that's supposed to be detected by ESET.
     
  6. LtDan

    LtDan Registered Member

    Joined:
    Dec 11, 2010
    Posts:
    7
    Location:
    california
    You say that they're not suposed to be detected, this causes a lot of problems, constant red flag alerts, redirects browser constantly. Doesn't allow certain updates on software including virus protection. If these aren't detected by ESET NOD and SAS free edition finds them and so does Malware bytes, doesn't leave me much confidence in ESET.
     
  7. LtDan

    LtDan Registered Member

    Joined:
    Dec 11, 2010
    Posts:
    7
    Location:
    california

    Where is this function in EST NOD32 ?
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Then it must have been another stuff not included in the log you posted that caused these problems. A log from ESET SysInspector would reveal any suspicious files in most cases.
     
Thread Status:
Not open for further replies.