messenger skinner rtk : why nod32 cannot detect or clean it?

Discussion in 'ESET NOD32 Antivirus' started by Philippe_FR22, May 26, 2008.

Thread Status:
Not open for further replies.
  1. Philippe_FR22

    Philippe_FR22 Registered Member

    Joined:
    Sep 6, 2007
    Posts:
    249
    Hello,
    Why NOD32 does not detect messenger skinner rtk ?

    Regards
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    What is Messenger skinner? Could you submit a sample of it to samples[at]eset.com with this thread's url enclosed?
     
  3. Philippe_FR22

    Philippe_FR22 Registered Member

    Joined:
    Sep 6, 2007
    Posts:
    249
    I will ask my friend (she does not speak english that why I'm in charge of investigation on this forum ;-) ) which is currently infected by :

    - Spyware-secure (1 élément)
    - Freeze (3)
    - Messenger Skinner.rtk (1)
    - MailSkinner.rtk (1)
    -Virtumonde (1)
    -Casino popup (1)


    I'm a bit surprise that none of them is detected by NOD32 -Spybot caught them but at this moment I cannot say if there are cleaned... In progress - and therefore she tells me that NOD32 3.0.650 v3 froze at about 14% of scan task...

    The only method found on internet to clean those threats is the one using navilog tool (found here, with explaination http://www.malekal.com/Adware.Magic_Control.php#mozTocId213723)
     
    Last edited: May 26, 2008
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    A log from ESET SysInspector should shed more light as well.
     
  5. Philippe_FR22

    Philippe_FR22 Registered Member

    Joined:
    Sep 6, 2007
    Posts:
    249
    Ok I will request it...

    But before receiving sysinspector, this is the one generated by navilog (mentionned above)
     
    Last edited: May 26, 2008
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Those dat files are probably ok. As for teqcbnq.exe, I'd need to check it out as there are no references found via a web search.
     
  7. Philippe_FR22

    Philippe_FR22 Registered Member

    Joined:
    Sep 6, 2007
    Posts:
    249
    Ok thanks...
    No log for sysinspector since navilog succeeded (as it seems) in deleting mentionned files...
    However, we still have pb with NOD32 so we decide to clean uninstall and reinstall...

    Regards
     
  8. Philippe_FR22

    Philippe_FR22 Registered Member

    Joined:
    Sep 6, 2007
    Posts:
    249
    Ok, be carefull file names are ramdomly generated (as it is said on malekal site web). Therefore I will ask my friend to zip and send me those files, I will forward you them ASAP !
    Regards
     
  9. Philippe_FR22

    Philippe_FR22 Registered Member

    Joined:
    Sep 6, 2007
    Posts:
    249
    Well everything is ok now, thanks to malekal malware deletion program. I will receive by tomorrow zip archive of all deleted programs and I will send to ESET. I hope such malwares and rootkit could be cleaned by EAV in the future...
    Regards
     
  10. Philippe_FR22

    Philippe_FR22 Registered Member

    Joined:
    Sep 6, 2007
    Posts:
    249
    Hi,
    Complete zipped folder of all files backed up by navilog were sent to samples[at]eset.com.

    I hope those samples will allow NOD32 to protect against that kind of pet...

    Regards
     
Thread Status:
Not open for further replies.