Infected PC

Discussion in 'ESET Smart Security' started by exoomer, Oct 19, 2008.

Thread Status:
Not open for further replies.
  1. exoomer

    exoomer Registered Member

    Joined:
    Aug 22, 2008
    Posts:
    8
    Hello,
    I have some problems with my PC. FOr 6 years, I didn't have any problems with viruses, but few days ago, ESET Smart Security found something. When I deleted it, it comes back. So I turned off my router (suposing that a new IP adress will block it, because when I whasn't connected, the virus wasn't attacking my PC), waited a few minutes for a new IP adress, turned on the router and the virus didn't come back. But from this day, almost every day I have some problems. ESET found a virus, trojan or something else. I cleaned my PC with some anti-spywares, anti-viruses, checked HijackThis, but they found nothing. I send a report log to ESET via e-mail, and the guy told me that he didn't see anything on my PC. What can be the problem? I cannot find any virus or malware on my PC, but I have allways some ERRORS. I tried also SmitfraudFix, but nothing. Is there any posibility to clean my PC, or the only solutin is to reinstall my windows?

    /btw sry for my poor english :X/
     
  2. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    My only suggestion would be to restore to a day before you started having problems. It has worked for me. ;) If that solves it, I would do a check disk.
     
  3. ASpace

    ASpace Guest

    I don't know what the ESET employee told you (one can't see your conversation) but your system must be analysed and check . There must be something undetected . There are always ways to detect malware and for sure always ways to remove it.

    Either contact ESET Support again asking for second examination or post in a forum providing malware cleaning services. I would recommend AumHa forums as such forum
     
  4. exoomer

    exoomer Registered Member

    Joined:
    Aug 22, 2008
    Posts:
    8
    I scanned it with many many programs, the guy in ESET send me SysInspector.exe (something like HijakThis) but nothing founded. Only AdAware found me some malware MRU Object in Document and Setting in my profile. When I remove it, it comes back.
    About system restore, the problem is for few days, so I think that I cannot restore my system 2 weeks ago :eek:)
     
  5. ASpace

    ASpace Guest


    Why not ? It is possible . It doesn't affect documents , pictures , music , vidoes , etc.
     
  6. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    If I remember right, you can set your own restore point in System Restore. Even if you couldn't and the latest restore point is two weeks ago, do it and get rid of the problem. :)
     
  7. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Hi exoomer,

    It would be helpful to have some information on what your ESET Smart Security is detecting before trying to advise too much about which direction may be helpful.

    Can you please copy the line from the 'Detected threats' log and paste it in your reply?

    Cheers :)

    Screenshot - 20_10_2008 , 6_16_13 AM.png
     
  8. exoomer

    exoomer Registered Member

    Joined:
    Aug 22, 2008
    Posts:
    8
    It started with this:
    30. 9. 2008 14:28:13 Real-time file system protection file C:\WINDOWS\System32\mscmsr.dll Win32/Agent.THO trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Windows Defender\MsMpEng.exe.

    and it continues from there. But I supose that you don't whant all the log file : o ) Because from the mscmsr.dll file from 30.09.2008 there were many other viruses :(
     
  9. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    Download and run ESET SysInspector
    http://www.eset.com/download/sysinspector.php
    When the utility has collected the information , click File > Save Log
    Confirm your wish. A log file , placed in a zip archive , will be created.
    Contact ESET Technical Support , samples@eset.com
    and do not forget to send this web page
     
  10. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hello exoomer, boot to safe mode and perform scan via ECLS (more information in ESS's helper). If it doesn't help, download and use UnDLL for removing Dynamic Link Library files.
     
  11. exoomer

    exoomer Registered Member

    Joined:
    Aug 22, 2008
    Posts:
    8
    I send the log file from SysInspector few days ago and the guy found nothing :)
    Kosak: I'll try it tomorrow :)
     
  12. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    I agree with proactivelover's suggestion.

    Open ESET SysInspector and wait until it's ready then press <CTRL> + g to generate suitable for sending. Save that when it finishes.
    Please send the new log from ESET SysInspector to support[at]eset.com and also provide a link to this thread.

    What Kosak has suggested may be the ultimate solution however ESET might wish to gather some more information first, or have some other steps as well. I assume you have a current license.

    Cheers :)
     
    Last edited: Oct 20, 2008
  13. exoomer

    exoomer Registered Member

    Joined:
    Aug 22, 2008
    Posts:
    8
    I repeat that I did it, but they found nothing :eek:)
     
  14. wiak

    wiak Registered Member

    Joined:
    Sep 10, 2006
    Posts:
    107
    restart and boot into safe mode (push F8 before windows loading screen)
    then run Eset Smart Security

    and let it run ;)
    this way it wont start anything else than microsoft services on startup
    and will be alot easier to clean
     
  15. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Boy what a case for FD-ISR. :p
     
Thread Status:
Not open for further replies.