-- yesterday i brought my laptop to work -- i attached the cable cord to get internet access -- i got a virus/trojan because i think their network is messed up or something. its definitely workplace specific. -- as soon as i noticed it i ran scans -- it didnt come up. i ran multiple scans including the big one scanning everything. no dice. -- i leave work. -- today i boot up my computer at home -- as soon as i start the computer up eset finds rvy.exe, variant of win32/kryptik.lyk trojan -- i go into advanced settings and turn on the heuristics checkbox in the advanced setup tree and i check a bunch of boxes i had not checked before in some of the other advanced setup options. i do not recall unchecking any boxes -- i turn off my laptop and go eat -- i come back and turn it on again -- nod 32 does not auto start like it has been since ive had it -- i happened to try to bring up the calender by double clicking the clock. i get a box that says windows/system32/rundll32.exe is messed up or cannot run it or cannot find it or something -- i go into the start menu and try to start nod32 up by using its folder. the icons and everything are intact -- i try to start it up that way. it says it wants me to find the program to use to start it and gives me the list so i browse-find the gui thingy and click that -- so it runs right? -- but then i turn off comp. and restart it. same thing. including the rundll32 error and having to find the eset gui thing. -- i just tried (while typing this post) going into the control panel to uninstall something -- i get to the control panel and click 'add or remove programs' and i get the rundll32 error this situation has not happened before. thanks in advance. edit: the wierd thing is is that rundll32 is there in the system32 folder. i just checked. its there but its icon is a pictureless blue box/page with the top right corner folded over (not the white box with blue trim at the top) as opposed to having the gears or whatever. i mouse over other dll files and the popup mouse box says stuff like "event notification service" or "xyz script" but when i mouse over the rundll32 the popup window says "Run a DLL as an App" which doesnt sound right. edit 2: if it would be helpful the last 2 things ESET quarantined was 20 days ago #1 - documents and settings\help assistant.RICS\local settings\temporary internet files\content.IE5\OJXZI6GR\AVORP1TREST11[1].htm #2 - documents and settings\help assistant\local settings\temporary internet files\content.IE5\OJXZI6GR\AVORP1TREST11[1].htm
Hello, From your report of the "variant of Win32/Kryptik.LYK trojan" message it sounds to me like you may have been infected by something which is new, but similar enough to Win32/Kryptik.LYK to be detected generically (the variant text indicates it is not the exact threat). I would suggest you take several steps: Run the copy of ESET SysInspector included with your copy of ESET NOD32 Antivirus (also available for download separately here) and create a log file of your system. Submit a copy of the rvy.exe file and the log file from ESET SysInspector to ESET's virus lab by following the instructions in ESET Knowledgebase Article #141, "How to submit virus or potential false positive samples to ESET's labs ." You can also contact a support engineer by using this form to open a ticket, or by calling the office at +1 (866) 343-3738 during business hours. If you are outside the U.S. and Canada, contact the closest ESET distribute or office instead for support. They can help you immediately by further examining the system and assist with removal. Regards, Aryeh Goretsky
ok this stuff is getting real. SOMEBODY PLEASE HELP ME -- i just clicked on internet explorer right? -- it brings up a box that says. it wont work. i was like -- and so i try an alternate route, right? so i go start menu internet explorer which i have pinned to start meny -- it takes me to this 600kb file named "iexplore" with the "e" icon right? -- i dont run it because this is nuts. but i do save it to the desktop -- then i go back to the start menu and internet explorer has been unpinned. there is now a new "e" icon app that is named "Product Registration" -- i right click on properties and this is what i get for the target line ""C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.wave.com/register" -- messed up right? -- so i click the internet explorer icon on my desktop and i get the internet thankfully right? -- so im trying to download google chrome now and i go through all the process and click the 'run' option to install it right? -- so i just get this blank box that says (> for next line) System.ComponentModel.Win32Exception: Application not found' >at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo) >at System.Diagnostics.Process.Start() >at System.Diagnostics.Process.Start(ProcessStartInfo startInfo) >at ClickOnceBootstrap.ClickOnceEntry.Main() --and i just tried to take a screen shot and put it in photobuck to avoid typing all that and i clicked MSpaint on my pinup start menu and it told me to find the appropriate program to run it with and brought up that list so i clicked 'paint' because its a default option and i get this error message in a box entitled "Paint" Paint (title) >C:\WINDOWS\system32\mspaint.exe >Paint cannot read this file >This is not a valid bitmap file, or its format is not currently supported
allright so i just called customer service and they sent me something that worked. thank you very much. i am submitting rvy.exe via nod32 --> quarantined files --> right click submit thanks again.