Is ESET treatment to win32/Patched.N virus OK?

Discussion in 'ESET Smart Security' started by binbonbao, Sep 30, 2008.

Thread Status:
Not open for further replies.
  1. binbonbao

    binbonbao Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3
    HI. I don't know if this question go here, sorry.

    I have SO Win CP SP3 and Eset Smart Security v. 3.0.672.0.
    I update the virus firm to NOD32 - v.3481 (20080929)

    and then I received alert to win32/Patched.N every moment for diskeeper, winpatrol, ZA forfield, and the eset options is 2: erase or ignore.

    the problem is that infected file is: C:\WINDOWS\system32\spoolsv.exe.

    spoolsv.exe is a Microsoft Windows system executable which handles the printing process. This program is important for the stable and secure running of your computer and should not be terminated.

    Note: spoolsv.exe is a process registered as a backdoor vulnerability which may be installed for malicious purposes by an attacker allowing access to your computer from remote locations, stealing passwords, Internet banking and personal data. If unaccounted for, this process should be removed immediately.

    What´s the problem? That ESET only erase this file (spoolsv.exe). Is this ok? I tried to restore to one or two week back but I have the same problem again... I disabled restore option and erase the file...but now Do I need to get a clean spoolsv.exe file?. (where or how).

    Sorry. Thanks
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Could you please submit the file in a rar/zip archive protected with the password "infected" and a link to this thread in the subject to samples[at]eset.com?
     
  3. binbonbao

    binbonbao Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3
    Thanks... but Like I said you I erased that file. In this time I got the same in another laptop, but first I stopped the spoolsv service (ctrl+alt+scp), then eset erased the file, but when i restarted, the file is there again but not infected already. If I find the spoolsv file infected again I sent to you (they). I will try to copy this new file to another pc (the first). If ESET keep a copy to all infected files. where is this file (carpet)? thanks again.
     
  4. binbonbao

    binbonbao Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3
    Hi

    I copied the clean spoolsv.exe file from de laptop to desktop (first) to system32 original place. Then reboot the PC.. All works fine again. I scanned with eset and all is clean now. Thanks.
    PD; I upload the spoolsv.exe file (clean) Here: http://rapidshare.com/files/149844661/spoolsv.rar
     
  5. Gaza222

    Gaza222 Registered Member

    Joined:
    Oct 2, 2008
    Posts:
    1
    Ok i have an infected version of the file sat in my system32 dir i'll email it in.
     
Thread Status:
Not open for further replies.