Discussion in 'ESET NOD32 Antivirus' started by Philippe_FR22, May 26, 2008.
Why NOD32 does not detect messenger skinner rtk ?
What is Messenger skinner? Could you submit a sample of it to samples[at]eset.com with this thread's url enclosed?
I will ask my friend (she does not speak english that why I'm in charge of investigation on this forum ;-) ) which is currently infected by :
- Spyware-secure (1 élément)
- Freeze (3)
- Messenger Skinner.rtk (1)
- MailSkinner.rtk (1)
-Casino popup (1)
I'm a bit surprise that none of them is detected by NOD32 -Spybot caught them but at this moment I cannot say if there are cleaned... In progress - and therefore she tells me that NOD32 3.0.650 v3 froze at about 14% of scan task...
The only method found on internet to clean those threats is the one using navilog tool (found here, with explaination http://www.malekal.com/Adware.Magic_Control.php#mozTocId213723)
A log from ESET SysInspector should shed more light as well.
Ok I will request it...
But before receiving sysinspector, this is the one generated by navilog (mentionned above)
Those dat files are probably ok. As for teqcbnq.exe, I'd need to check it out as there are no references found via a web search.
No log for sysinspector since navilog succeeded (as it seems) in deleting mentionned files...
However, we still have pb with NOD32 so we decide to clean uninstall and reinstall...
Ok, be carefull file names are ramdomly generated (as it is said on malekal site web). Therefore I will ask my friend to zip and send me those files, I will forward you them ASAP !
Well everything is ok now, thanks to malekal malware deletion program. I will receive by tomorrow zip archive of all deleted programs and I will send to ESET. I hope such malwares and rootkit could be cleaned by EAV in the future...
Complete zipped folder of all files backed up by navilog were sent to samples[at]eset.com.
I hope those samples will allow NOD32 to protect against that kind of pet...
Separate names with a comma.