Interesting infection, thought I'd share.

Discussion in 'NOD32 version 2 Forum' started by Lollan, Mar 15, 2007.

Thread Status:
Not open for further replies.
  1. Lollan

    Lollan Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    288
    Below is a screen shot from a customer's PC which was running terribly slow, upon updating the definitions, this was found. Win32/Expiro.A, which seems to be specifically targetting NOD32's kernel, I have not seen this before. I'm running another scan with the updated definitions and it should be removed, but just thought I'd share. I also recieve a CRC error with NOD32 because of this infection, stating a possible (now proven) infection. Not looking for support yet as I should be able to handle this, but congratulations to NOD32, even when specifically targeted, cannot be brought down. :)

    *edit* And I was correct, scan in safe mode started quarantining and deleting the infections right off the bat, hopefully it won't remove it's own Kernel though!
     

    Attached Files:

  2. ASpace

    ASpace Guest

    Yes , interesting . Try booting from a clean media . In this media you should have burnt (clean and updated) NOD32 and run it with commands . Since this is a virus , the clean media and NOD32 should be able to clean the virus using special cleaning algorythm.
    After that you can reinstall NOD32 and ensure it stays updated :thumb:
     
  3. Lollan

    Lollan Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    288
    The scan is still running, but I am not having any issues removing this infection in safe mode. Very nasty infection, seems to have just gone through program files and hit every executable in there! Also, NOD32 did delete the infected nod32krn.exe file, more updates to come!
     
  4. ASpace

    ASpace Guest

    This is a virus , files should be cleaned/not deleted .

    You can also send copies to ESET's support from the encrupted files in the Program files/ESET/Infected folder so that they check them and if necessary improve the cleaning algorythm . Viruses should be cleaned , not deleted ;)
     
  5. Lollan

    Lollan Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    288
    Yes, they were cleaned. Got wrapped up in the excitement of a dynamic infection for a change and just saw the grey text in the log. :p Anyways, it infected 846 files and cleaned them all, no issues with NOD32 stability at any point and it was an enthralling experience. System was running dirt poor, it's excellent now! :)
     
  6. ASpace

    ASpace Guest

    Well , I understand now :)

    You can run a repair installtion of NOD32 to fix things out , make sure NOD32 is ok (because you got CRC error and because of the kernel/control center).The repair installation will replace them with new clean ones.

    Thanks very much for letting me know ;)
     
  7. Lollan

    Lollan Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    288
    No need, NOD32 was not damaged in any way after I booted to normal mode and I stopped recieving infection messages from AMON and CRC errors. This problem was solved quickly and effectively by the indestructable NOD32! :)
     
Thread Status:
Not open for further replies.