Need Further Info

Discussion in 'ESET Smart Security' started by ajhaeglenn, Oct 9, 2008.

Thread Status:
Not open for further replies.
  1. ajhaeglenn

    ajhaeglenn Registered Member

    Joined:
    Oct 9, 2008
    Posts:
    4
    I have this virus on my friend's pc name RVHOST.EXE that look like a folder but its an application together with the New Folder.Exe Virus.

    My question is, I can't or not easy looking for a solution kill this thing cuz Our ESS / Nod32 cant remove them.

    Is there any thread that discuses this issue?

    Need Help.

    Thanks..
     
  2. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hello,

    at first update your ESS and boot your OS to safe mode, where you'll perform In-depth scan. Then, if problem won't be solved, download ESET SysInspector and create log, which should uncover trojan's entries and you'll send to technical support - support[at]eset.com.

    Regards
     
  3. ajhaeglenn

    ajhaeglenn Registered Member

    Joined:
    Oct 9, 2008
    Posts:
    4
  4. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    ESET hasn't got automated tool, because making cleaners for every sample isn't possible. For that v3 cleans not only files, but their entries in Registry. The disadvantage of this is that antivirus needn't detect all variants. If you send log to technicians, they'll make a guide for you.
     
  5. ajhaeglenn

    ajhaeglenn Registered Member

    Joined:
    Oct 9, 2008
    Posts:
    4
    Just found these too:

    http://www.technize.com/2007/07/18/new-folderexe-sohanad-virus-removal-tool/

    http://tec-updates.blogspot.com/2007/10/new-folderexe-virus-removal-tool.html


    But the thing is, 1 of the file as describe contains infection as per ESET Smart Security is Concern..


    Does this helps?

    btw I manage to "capture " new folder.exe and sent it thru 'Submit files for analysis' and Im doing this over and over. Does this helps the technical team to gather info about the virus, - they say is Sohanad virus.
     
  6. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    File Process.exe is detected as Win32/PrcView application - potentially unsafe application (more information in ESS's helper). You can use these applications with disabled ESS. They automatically cleans defined files and writes last created/modified files and Registry entries, services, jobs etc. Suspicious files send to samples[at]eset.com in archive with password "infected" with this thread's url in the subject.
     
Thread Status:
Not open for further replies.