Infected file - NOD32 can find, but not clean!

Discussion in 'ESET NOD32 Antivirus' started by Terry Sleeper, Jul 6, 2008.

Thread Status:
Not open for further replies.
  1. Terry Sleeper

    Terry Sleeper Registered Member

    Joined:
    May 1, 2006
    Posts:
    35
    Hello from Manchester, UK.

    Does anyone know how I can get rid of this infected file?:

    C:\Windows\System32\Process.exe - Win32/PrcView application - error while deleting (Access denied)

    The "clean" and the "delete" buttons only give: "Error while cleaning - access denied". This leaves the third and last option - "Leave". Obviously, this is not satisfactory. How can I remove this file?

    Terry.
     
  2. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812
    Try ending the task in the task manager if its running then run the scan again. May or may not work but worth a try.
     
  3. dr pan k

    dr pan k Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    204
    use ultimate process manager and portable killbox. (google them) both free..
     
  4. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    hello terry sleeper,
    can you post a screenshot?
    i assume you are using nod32 version 2.7?
    make sure you have your license code username and password avaliable before you do the following.
    just go to www.eset.com login with username and password and download nod32 3.0
    if so it is a good idea to uninstall reboot and install version 3
    then update it and run a scan.
    it should be able to clean it.
     
  5. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hello!

    Terry, have you used "SDFix" before?
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Win32/PrcView application is a legit tool that can be used kill running processes. I guess it can't be deleted because it's in use. There are legit cleaners that have it bundled and use it to kill running malware.
     
  7. Terry Sleeper

    Terry Sleeper Registered Member

    Joined:
    May 1, 2006
    Posts:
    35
    Thanks for the replies.

    1. I will try the Task Manager option.
    2. ditto ultimate process manager and portable killbox.
    3. I am using NOD32 version 3.0.650.0. Will try to post a screenshot, but everything is slowing down!
    4. I have used SDFix before - many moons ago!
    5. Am now getting pop-ups from gambling websites.

    Terry.
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    A log from ESET SysIspector would shed more light. Please send it to samples[at]eset.com with this thread's url in the subject.
     
  9. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    So, part of this cleaning tool - process.exe will be detected. Check this log:

    Code:
    Scan Log
    Version of virus signature database: 3247 (20080707)
    Date: 7. 7. 2008  Time: 22:22:11
    Scanned disks, folders and files: D:\SDFix.exe
    D:\SDFix.exe » RAR » SDFix\apps\Process.exe - Win32/PrcView application
    Number of scanned objects: 83
    Number of threats found: 1
    Number of cleaned objects: 0
    Time of completion: 22:22:15  Total scanning time: 4 sec (00:00:04)
     
  10. Terry Sleeper

    Terry Sleeper Registered Member

    Joined:
    May 1, 2006
    Posts:
    35
    Marcos:

    Thanks - have taken your advice.

    Kosak:

    Sorry - I don't understand. And everything is grindingly slow now . . .

    T.
     
    Last edited: Jul 7, 2008
  11. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Process.exe will be probably part of SDFix.

    You are infected with adware. Wait for ESET's response.
     
  12. Terry Sleeper

    Terry Sleeper Registered Member

    Joined:
    May 1, 2006
    Posts:
    35
    Dear All:

    Thanks for your help and suggestions.

    I did manage to clean everything with help from Bill Castner at AUMHA Forums.

    Terry.
     
Thread Status:
Not open for further replies.