Infected PC

Hello,
I have some problems with my PC. FOr 6 years, I didn't have any problems with viruses, but few days ago, ESET Smart Security found something. When I deleted it, it comes back. So I turned off my router (suposing that a new IP adress will block it, because when I whasn't connected, the virus wasn't attacking my PC), waited a few minutes for a new IP adress, turned on the router and the virus didn't come back. But from this day, almost every day I have some problems. ESET found a virus, trojan or something else. I cleaned my PC with some anti-spywares, anti-viruses, checked HijackThis, but they found nothing. I send a report log to ESET via e-mail, and the guy told me that he didn't see anything on my PC. What can be the problem? I cannot find any virus or malware on my PC, but I have allways some ERRORS. I tried also SmitfraudFix, but nothing. Is there any posibility to clean my PC, or the only solutin is to reinstall my windows?

/btw sry for my poor english :X/

 

My only suggestion would be to restore to a day before you started having problems. It has worked for me. If that solves it, I would do a check disk.

 

I don't know what the ESET employee told you (one can't see your conversation) but your system must be analysed and check . There must be something undetected . There are always ways to detect malware and for sure always ways to remove it.

Either contact ESET Support again asking for second examination or post in a forum providing malware cleaning services. I would recommend AumHa forums as such forum

 

I scanned it with many many programs, the guy in ESET send me SysInspector.exe (something like HijakThis) but nothing founded. Only AdAware found me some malware MRU Object in Document and Setting in my profile. When I remove it, it comes back.
About system restore, the problem is for few days, so I think that I cannot restore my system 2 weeks ago )

 

Why not ? It is possible . It doesn't affect documents , pictures , music , vidoes , etc.

 

If I remember right, you can set your own restore point in System Restore. Even if you couldn't and the latest restore point is two weeks ago, do it and get rid of the problem.

 

Hi exoomer,

It would be helpful to have some information on what your ESET Smart Security is detecting before trying to advise too much about which direction may be helpful.

Can you please copy the line from the 'Detected threats' log and paste it in your reply?

Cheers

 

It started with this:
30. 9. 2008 14:28:13 Real-time file system protection file C:\WINDOWS\System32\mscmsr.dll Win32/Agent.THO trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Windows Defender\MsMpEng.exe.

and it continues from there. But I supose that you don't whant all the log file : o ) Because from the mscmsr.dll file from 30.09.2008 there were many other viruses

 

Download and run ESET SysInspector
http://www.eset.com/download/sysinspector.php
When the utility has collected the information , click File > Save Log
Confirm your wish. A log file , placed in a zip archive , will be created.
Contact ESET Technical Support , samples@eset.com
and do not forget to send this web page

 

Hello exoomer, boot to safe mode and perform scan via ECLS (more information in ESS's helper). If it doesn't help, download and use UnDLL for removing Dynamic Link Library files.

 

I send the log file from SysInspector few days ago and the guy found nothing
Kosak: I'll try it tomorrow

 

I agree with proactivelover's suggestion.

Open ESET SysInspector and wait until it's ready then press <CTRL> + g to generate suitable for sending. Save that when it finishes.
Please send the new log from ESET SysInspector to support[at]eset.com and also provide a link to this thread.

What Kosak has suggested may be the ultimate solution however ESET might wish to gather some more information first, or have some other steps as well. I assume you have a current license.

Cheers

 

I repeat that I did it, but they found nothing )

 

restart and boot into safe mode (push F8 before windows loading screen)
then run Eset Smart Security

and let it run
this way it wont start anything else than microsoft services on startup
and will be alot easier to clean

 

Boy what a case for FD-ISR.