I had installed NOD64 5.0 and a virus took control of my NOD64 and infected the PC.

Discussion in 'ESET NOD32 Antivirus' started by mike27928, Sep 1, 2012.

Thread Status:
Not open for further replies.
  1. mike27928

    mike27928 Registered Member

    Joined:
    Sep 1, 2012
    Posts:
    1
    Location:
    Spain
    Hello, since August 30, I am having a total nightmare I cannot scape out.
    I was just browsing the web, to search for a website with cool videos online and found a website... called www . cinetube . es
    *** PLEASE DO NOT CLICK IN THE LINK MENTIONED BEFORE ***

    I was using NOD64 5.0 antivirus.
    I saw that website, and because has a similar name to youtube cinetube I decided to enter inside.
    The website took control of my antivirus and de-activated it in seconds, infecting my PC !!!! IMMEDIATELY, MY NOD64 ANTIVIRUS BEGAN TO DISPLAY RED ALERTS, AND TOLD ME THE HTTP PROTOCOLS (OR SOMETHING SIMILAR) WERE DE-ACTIVATED. THE ANTIVIRUS STOPPED TO WORK, AND TURNED FROM GREEN TO RED.

    ALSO, VERY STRANGE, MY COMPUTER ASKED ME TO RESTART IMMEDIATELY.
    IT RESTARTED.

    PLEASE NOTE: THIS WEBSITE TOOK CONTROL OF NOD64 ANTIVIRUS, TURNED IT OFF... AND RESTARTED MY COMPUTER.

    Because NOD64 was not working anymore, I decided to uninstall it, and re-install it and here we have the problem... it is completely impossible to install any antivirus from any brand.

    Here is where my nightmares begin...

    Because NOD64 was not working and was impossible to install it... I decided to install a free antivirus... AVAST! in my computer... and when it was installed... AVAST was showing a red X saying the antivirus was not working...
    ok... then I decided to install again NOD... reaching the end of the installation... the process reverted and was impossible to install the antivirus.

    okay... now I try to install KASPERSKY INTERNET SECURITY 2013, and also the same... was impossible !!!
    First try, Kaspersky recommended me to download an utility to scan for viruses or create the RESCUE CD...
    ok... I created the RESCUE CD and began to scan the computer... it found the following:

    HEUR:trojan.wiin32.generic (infected the file syshost.exe inside the Windows directory)
    HEUR:exploit.java.cve-2012-4681.gen

    BACKDOOR.WIN32.ZACCESS.YDV
    C:\Documents and Settings\ORION\AppData\Local\Temp\85046051.exe

    EXPLOIT.JAVA.CVE-2012-1723.DJ
    C:\Documents and Settings\ORION\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\510d7203-3e55cea4/bkwa/bkwa.class

    HEUR:EXPLOIT.JAVA.CVE-2012-4681.GEN
    C:\Documents and Settings\ORION\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\510d7203-3e55cea4

    • I don't know if this has any relationship with the Java vulnerability people is talking in Internet o_O?

    After passing the scan in the RESCUE CD, I began to perform actions... deleting the infected files, and puting one of them in quarantine...

    Okay... windows 7 start again... and I try to install Kaspersky, and it's imposible... impossible.

    I tried to install again NOD64 5.0 and it's impossible!

    I try to install any other antivirus... impossible!

    Is like if someone touched my machine in such a way is not possible to have an antivirus in it !!! :mad:

    I was suggested by someone in Facebook to take a look to the service BASE FILTERING ENGINE which control the internet protocol and firewall... okay, this is weird because this service was de-activated ! so this bug, worm, or virus have modified things and services in my PC in such a way I cannot install any antivirus!!! :(

    Okay. I active again the service BASE FILTERING ENGINE, restart the PC again... and it continue the same... impossible to install any antivirus.

    I really don't know what to do.

    Before taking the format C: solution, I would beg you please, if you could help me, give me a solution to escape from this nightmare and being able to install an antivirus again. NOD64 in this case.

    Thanks
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  3. volvic

    volvic Registered Member

    Joined:
    Aug 17, 2009
    Posts:
    220
    *
    2) run Hitman Pro / MBAM and see how you get on.
     
    Last edited by a moderator: Sep 1, 2012
  4. manak

    manak Registered Member

    Joined:
    Aug 12, 2012
    Posts:
    78
    NOD64? I've never heard of it. It sounds like FakeAV.
    Anyway, Malwarebytes Anti-Malware and Hitman Pro are good second opinion scanners.
     
  5. volvic

    volvic Registered Member

    Joined:
    Aug 17, 2009
    Posts:
    220
    *
    is it not permitted to critically assess a av on here?
     
  6. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I think he means Nod 64 bit.At this point suggesting other installation is probably not going to happen as the infected PC is being blocked from installing security and pretty common.


    @ The OP, follow cudni suggestions is your best chance of resolving it,Good luck.
     
  7. manak

    manak Registered Member

    Joined:
    Aug 12, 2012
    Posts:
    78
    Good info :)
    1. Malware Removal - HijackThis Logs Forum at Malwarebytes.org ( http://forums.malwarebytes.org/index.php?showforum=7 )
    2. HijackThis Logs and Virus/Trojan/Spyware/Malware Removal at BleepingComputer ( http://www.bleepingcomputer.com/forums/forum22.html )

    They are the folks to really provide support in getting rid of rootkits, malware and other nasties.
     
  8. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    499
    Location:
    Nottingham
    I would not worry about installing another AV, as none of them will rid you of Zeroaccess rootkit. I would strongly recommend using one of the specialist forums already mentioned ( bleeping computer/ geekstogo etc )
    This malware you have does cause damage, so even after disinfection, you may still encounter problems ( eg, safe mode, task manager etc )
    I see you have also posted on Kaspersky forums, no disrespect to them, but i think you would be better using one of the forums already recommended.:)
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'd recommend contacting Customer care or emailing ESET's malware research lab and providing them with an install log created as per the instructions here. If the failure turns out to be causes by malware, you'll be provided with other tools that will help pinpoint the issue.
     
Thread Status:
Not open for further replies.