infected-(106) error occured while extracting archive file

Discussion in 'ESET NOD32 Antivirus' started by billyzaf, Nov 26, 2007.

Thread Status:
Not open for further replies.
  1. billyzaf

    billyzaf Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    10
    Please can anyone help me on this. I got infected by a virus whose first task was to destroy nod32. My adaware deleted a lot of spyware and it still does from time to time.
    But the thing is it won't let me reinstall nod32 and each time I try to do that I get the same message: (106) error occured while extracting archive file.
    Also it will not let me install any other antivirus. I still get an error message.

    Can you please help me out of this?
     
  2. clambermatic

    clambermatic Registered Member

    Joined:
    Oct 10, 2007
    Posts:
    216
    'billy'...don't panic, keep calm. You've come to the right place here & besides, there are lotta NOD resident experts here, k? ;)

    Now.... could you recall your last scan... what did your working scanner then inform you, WHAT TYPE of pest/spywares did it emit??

    If you can't recall, that's fine. Here is what u can do for a '911' Safety Moves...

    a) if you got another rig, go & download a copy of 'cureIT' standalone scanner. The URL is this (copy it or write it on a piece of paper) ~ http://www.freedrweb.com/cureit/?lng=en

    b) samely, shutdown (complete pwr-off) for around 15secs)... then reBOOT into Safe Mode! SafeMode How2 = bootup, at POST screen, hit F8 (continuosly) till Safe-Mode screne appear. That screen contains a lot of choices; SELECT the first line indicated as Safe Mode.

    If you had an admin logon, use it once reaching safemode. 'admin logon' is imperative for usage on such 'infectious' situation!

    c) At desktop (in SafeMode then), transfer your fresh download of cureIT to that the desktop page of your infected rig. Then deploy (keep cool, an click cureIT 'exe' file).

    d) Once cureIT was installed. Select C: drive (coz it contains your OS) and other subsequent drives (aka: partitions) for scanning by cureIT, at its initial 'default' scanning mode.

    ...that's it for now. Don't just stand there, get to work!!!

    If i ain't able to handhold you for your next episode... DON'T WORRY, there are lotta gud fellas in here who can and are much more of an expert than i am!

    ;)
     
  3. billyzaf

    billyzaf Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    10
    Thank you for your reassuring words. It's good to feel you are in the right hands.
    I'm sorry I don't remember what where the last scans of nod32, it had tracked a few viruses now and then, but that is not the case. As soon as I executed the infected file, nod32 went out of business. I only use firefox, but internet explorer windows started to pop up but ad-watch would block most of them.
    I got a message that my windows cd was needed and I inserted that. Then winlogon was taking up all the resources and increasing the cache memory.
    I uninstalled nod32 and ended the nod32 process and that took care of that.
    It found a few spywares, I don't remember the names. Also, I tried x-cleaner micro edition, an online spyware scanner-remover and that located some other spyware. Kaspersky online also found a some infected files but that's only for scanning. Can't remember the names.
    But the problem remains. I can not install an antivirus

    Now I downloaded cureit and I'm right on to it

    I'll let you know how it worked

    Thanks a mil
     
  4. ASpace

    ASpace Guest

    It could be Bagle or Stration
    Contact ESET if the above suggestion doesn't help , email support[at]eset.com
     
  5. billyzaf

    billyzaf Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    10
    Oh, yes, bagle was one of them for sure
     
  6. ASpace

    ASpace Guest


    If you know how to use Gmer , it will cure you
     
  7. billyzaf

    billyzaf Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    10
    I havent hear of gmer before..I can learn though
     
  8. billyzaf

    billyzaf Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    10
    well, it wont let me go into safe mode..So i guess there is no point in running cure it in normal mode, is there?

    What about that gmer?
     
  9. billyzaf

    billyzaf Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    10
    I run cureit either way and it found 2 infections in:

    c:\windows\system32\drivers\hidr.exe
    c:\windows\system32\drivers\srosa.sys

    by Mr. win32.HLLM.Beagle
     
  10. billyzaf

    billyzaf Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    10
    That was in the quick scan.

    I am now running full scan.

    It found DDos.synte.origin but it could not be cleaned. So it was "moved" as it said, I don't know where.
     
  11. billyzaf

    billyzaf Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    10
    On the whole 8 viruses were found. 7 were deleted and 1 was moved.
    But still I can not install nod32 and I get the same message
     
  12. billyzaf

    billyzaf Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    10
    Heeeeeeeeeeeelpppppp!!!!
     
  13. ASpace

    ASpace Guest

    Hello!

    I am not telling you how to use Gmer because it is advanced tool to use to eliminate rootkit types of threats . Bagle is a worm and some variants are with rootkit behaviour.

    I would suggest you one of these things (either 1 or 2):

    1. Contact ESET Support , email support[at]eset.com
    2. Post in forum providing malware cleaning services . I recommend Aumha forums http://forum.aumha.org . If you post there , provide them with a link to this thread and stop posting here til they are helping you :thumb:

    Good luck!
     
  14. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    i think it's because of a nasty file infecter virus(Virut)
     
  15. ASpace

    ASpace Guest

    We can only guess but I think that since CureIt found Bagle , it should be a Bagle ... :thumb:
     
  16. billyzaf

    billyzaf Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    10
    Hi, I searched another forum that people had same problems with their antivirus programs.
    Here's what I did:
    Start->run->msconfig->diagnostic restart->reinstall nod32

    It worked! I updated nod32 afterwards and run a scan which found 2 infections.

    I'm not sure if my system is clean now..My printer displays a funny message as well. When I need to print something another file/document appears in the printing panel. It's functional but I'm not sure if everything is ok now..

    Also something I needed to ask which is important. Do you think it is safe to use the web for internet buying or transactions or web banking (after being infected I mean)?

    Thanks again guys
     
Thread Status:
Not open for further replies.