nod32 error

Discussion in 'NOD32 version 2 Forum' started by paperinik3, Oct 22, 2004.

Thread Status:
Not open for further replies.
  1. paperinik3

    paperinik3 Registered Member

    Joined:
    Aug 10, 2003
    Posts:
    90
    Nod32 has told me that it has detected the presence of
    win32/Flooder UDP20 trojan and has asked me to desinfect.
    But desinfection failed and after that everything else (quarantining,renomination) failed. Now every time I try to run Nod I receive the message that Nod has made en error and will be closed. What should I do ?
    Thanks for the help
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,751
    Location:
    Texas
    If using XP, start in the safe mode and see if NOD will scan. Delete the trojan while in the safe mode. You may have to disable system restore if it comes back and repeat the scan in the safe mode.
    If NOD won't work in the safe mode, let us know.
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Paperinik3, can you please follow the steps found in post number 2 here they are fairly comprehensive and should ensure your system is clean, as well towards the end of the post there are links provided to discussions regarding tightening your security.

    Hope this helps...

    Let us know how you go...

    Cheers :D
     
  4. paperinik3

    paperinik3 Registered Member

    Joined:
    Aug 10, 2003
    Posts:
    90
    Hello ronjor and Blackspear, thank you for your help. Sorry about the delay in answering but first I have been absent from home two days and second ...
    well I'm coming back from hell!
    After receiving your answer I asked myself: why hasn't Process Guard done anything ? I open Process Guard's Protected applications tab and find that everything has been canceled: the processes names and paths, blocked and allowed privileges – everything. (Tabula rasa, if you pardon my french).I am attaching a screenshot so you can appreciate.
    At this point everything goes to hell: I cannot access internet anymore, a reboot takes about ten minutes, the programs are unable to load completely , I cannot shut the system normally anymore. I shut by brute force, ascertain that if I reboot I *won't be able to to run the restore image program . So I boot from the TrueImage emergency recovery disk and restore the canned image.
    Now I run Nod32 in safe mode and it tells me:
    PocoMailBackup\Attach\Attached *message.eml»MIME»Opr003HH.class-Java\ClassLoader.B trojan – quarantined – unable to clean - deleted .
    I try the other things you suggested and find nothing more. So now I cross my fingers and hope for the best.
    I have asked Diamondcs Support about ProcessGuard's flop and got this answer:"PG 2.000 has this problem sometimes, it is a bug in the data*files. This should be solved with the new version and you should upgrade"
    Oh well....
    Thank you again for your help!
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,751
    Location:
    Texas
    paperinik3

    Thank you for the feedback.
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Paperinik3, many thanks for keeping us in the loop, for future reference, with Trojans, they are generally injected into memory, simply reboot into "Safe Mode" and rerun a scan with Nod32, this should remove the pest...

    Hope this helps...

    Cheers :D
     
Thread Status:
Not open for further replies.