MFC80U.DLL and now gui is dead

Discussion in 'ESET NOD32 Antivirus' started by aluminex, Mar 2, 2010.

Thread Status:
Not open for further replies.
  1. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143
    Wow...

    I have a few boxes that nod32 has actually quarantined MFC80U.DLL and now the GUI doesn't work. Why would it do that?

    I need to fix this without reinstall because access to these machines are limited.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Under what name was the file detected? The file might have been patched by malware.
     
  3. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143
    Scanner Startup scanner
    Object file
    Name C:\Program Files\ESET\ESET NOD32 Antivirus\MFC80U.DLL
    Threat a variant of Win32/Kryptik.AMQ trojan
    Action cleaned by deleting (after the next restart) - quarantined
    User
    Information
    Details Ready
     
  4. PaulB2005

    PaulB2005 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    525
    Nothing detected in that file here

    Database 4910
     
  5. dorgane

    dorgane Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    362
    lol nod32 owned by nod32 :argh:
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Most likely the dll got patched by malware. I'd suggest submitting it to ESET and reinstalling EAV so that the dll is replaced with a clean one.
     
  7. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  8. estbird

    estbird Eset Staff

    Joined:
    Feb 19, 2009
    Posts:
    97
    I guess you have ESET Nod Antivirus 3.0.xxx.
    Is it right?
     
  9. jack701

    jack701 Registered Member

    Joined:
    Mar 3, 2010
    Posts:
    2
    I Have the same problem after upgrade NOD from 2.7 to 4 :

    Critical Warning Startup scanner file C:\WINDOWS\system32\msxml3.dll a variant of Win32/Kryptik.AMQ trojan unable to clean

    Warning Startup scanner file C:\Program Files\ESET\ESET NOD32 Antivirus\MFC80U.DLL a variant of Win32/Kryptik.AMQ trojan cleaned by deleting (after the next restart) - quarantined

    Warning Startup scanner file C:\WINDOWS\system32\igfxpers.exe a variant of Win32/Kryptik.AMQ trojan cleaned by deleting - quarantined

    Critical Warning Startup scanner file C:\WINDOWS\system32\dbghelp.dll a variant of Win32/Kryptik.AMQ trojan unable to clean

    Critical Warning Startup scanner file C:\WINDOWS\system32\SXS.DLL a variant of Win32/Kryptik.AMQ trojan unable to clean

    Critical Warning Startup scanner file C:\WINDOWS\system32\comctl32.dll a variant of Win32/Kryptik.AMQ trojan unable to clean

    Critical Warning Startup scanner file C:\WINDOWS\system32\RPCRT4.dll a variant of Win32/Kryptik.AMQ trojan unable to clean

    I have send files msxml3.dll and SXS.DLL to www.virustotal.com and they seems to be clean.
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please create a log from SysInspector and compress it along with the detected dlls, put your nick in the archive's name and upload it to ftp.nod.sk/incoming. Let me know when done so that I can download the files and check them out.
     
  11. jack701

    jack701 Registered Member

    Joined:
    Mar 3, 2010
    Posts:
    2
    Done.
     
  12. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143

    This is pretty much the same issue but with just a few .dll files. Will you let me know if you here anything back?
     
  13. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143

    Marcos

    Will I need to RIP Eset and reboot and then reinstall or can I just do a reinstall over the current install...
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Try reinstalling over the current version. Once gui starts, you should be able to restore the files from quarantine to their original location.

    As for the files you've submitted, they are not flagged at all and my ESS reports them all clean. The Kryptik signature you have in the log was created about 6 months ago.

    I wonder if you could provide step-by-step instructions to replicate the problem. Had you had EAV 4 installed for some time or it was a fresh installation when the files were detected and quarantined? Or was it a fresh upgrade from v2/v3?
     
  15. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143

    I never submitted files....
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Sorry, it was Jack.
     
Thread Status:
Not open for further replies.