NOD 32 missed a virus and now I need help

Discussion in 'NOD32 version 2 Forum' started by jimrobinson, Sep 5, 2007.

Thread Status:
Not open for further replies.
  1. jimrobinson

    jimrobinson Registered Member

    Joined:
    Sep 5, 2007
    Posts:
    3
    NOD 32 did not find a virus in a fake flash update and now my laptop is infected. I ran it by VIRUSTOOLS.com and the file is indeed filled with viruses.

    NOD 32 is disabled on that machine. It won't open or scan, either manually or via the control center.

    I've stepped through the startup programs and NOD 32 loads, but when you ask for a scan Windows shuts it down. Also, the mouse cursor is invisible. It disappears during the initial startup of NOD 32. If I load without any of the startup programs the mouse works.

    I just ran a scan of the file on another machine and the response was "install_flvplugin.exe.virus »CAB »INSTAL~1.EXE - a variant of Win32/Packed.Themida application"

    Any help out there. I've already tried to uninstall NOD 32 and install a new copy, but that did not work.

    Thanks in advance,

    Jim R.
     
  2. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    have you tried any of the online scanners?
    bitdefender scans and cleans but don't know if it detects what you're PC is infected with
     
  3. GhostMan

    GhostMan Eset Staff Account

    Joined:
    Jun 8, 2007
    Posts:
    99
    Location:
    Bratislava
    Hi

    considering your description, I assume that updated NOD32 can catch mentioned malicious code but you can't run on-demand scan on infected PC, right? If yes, then copy from computer with updated NOD32 files nod32.exe, nod32.000, nod32.001 ... nod32.006 to infected machine. Use safe mode of course. Run nod32.exe and you should have on-demand scanner. Finally, make a full system scan and delete threats.

    Cheers.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Failing this, send a log from Autoruns to support[at]eset.com with this thread's url in the subject.
     
  5. jimrobinson

    jimrobinson Registered Member

    Joined:
    Sep 5, 2007
    Posts:
    3
    I have not connected that computer to the internet (or my network) since the virus was detected, as I don't know what it will do, I don't want to use an online service until I know more about the virus and it's potential.

    After I've exhausted all other possibilities, I'll go online.

    Jim R.
     
  6. jimrobinson

    jimrobinson Registered Member

    Joined:
    Sep 5, 2007
    Posts:
    3
    Thanks for all the help.

    Ghostman, I tried the standalone version of NOD 32, but it didn't find the infection. It's good to know that it can be run that way.

    I ran an AUTORUN and noticed a call to Program Files\Flashupdate\flashupdate.exe that wasn't there last week. Deleted folder in SAFE Mode, downloaded the lastest virus file (250:cool:, rebooted and now NOD 32 is working and found the "flash update" file, using version 2508 of the virus updates.

    I'm running a full scan now to be sure, but the machine seems to be normal again, i.e. NOD 32 working and the mouse cursor is back!! I hope that just deleting the exe file fixed everything, we'll know for sure in a little while.

    Thanks to all for your help.

    Jim R.
     
  7. adargie

    adargie Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    25
    Sounds like the issue has been dealt with. If this was an XP or newer system you could have also run the System Restore feature and reverted back to an previous restore point.
     
  8. Zombini

    Zombini Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    469
    Its funny.. people like NOD32 because its "fast". Its fast for a reason, because it has less features - critical features like self-protection. It is trivial to disrupt NOD32 from properly performing its job.
     
  9. Chamlin

    Chamlin Registered Member

    Joined:
    Aug 8, 2006
    Posts:
    449
    Not sure I understand why/how NOD32 missed that virus. Please explain.
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    No, it is not that easy. And bear in mind that with admin rights there's always a way to kill anything, no matter how the self protection is good.
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    We're not living in a perfect world, each AV misses threats, that's a matter of fact. The only difference is that some miss less than the others.
     
  12. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Can't see anywhere in posts to say which OS he his using,so where have you gained the info from?and system restore doesn't correct every prolem in these "newer systems"
     
Thread Status:
Not open for further replies.