NOd32 fails again to delete a virus even in safe mode.

Discussion in 'NOD32 version 2 Forum' started by beatnik, Sep 15, 2004.

Thread Status:
Not open for further replies.
  1. beatnik

    beatnik Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    25
    File C:\Documents and Settings\Nikos\Local Settings\Temporary Internet Files\Content.IE5\DL6RSD2Z\0006_cracks[1].cab is infected with trojan Win32/TrojanDownloader.IstBar.NAD. NOD32 cannot clean this infiltration.

    Nod32 couldnt clean this virus in normalm mode neither in safe mode.
    It only gives me the choice of "leave" in both cases.

    Whats good in an AV if it tells you it found a virus but its unable to delete it...

    And why did it let it pass anyway?
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Are you using the latest version 2.12.2?

    Delete your TEMP files by doing the following: open up Internet Explorer> Tools> Internet Options> General TAB> Temporary Internet Files> Delete Files> Delete All Offline Content.

    Reboot into Safe Mode and run a further scan.

    Let us know how you go...

    Cheers :D
     
  3. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    I think this "trojan" is actually adware that is difficult to remove. Give Spybot or Adaware a try also.
     
  4. beatnik

    beatnik Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    25
    Actually, i did what BlackSpear said and immediately after a run a new normal scan, but no virus found this time.

    That's glad to know but i wonder why Nod32 couldnt delete the virus by itself (without my manually interference) as well as how it did get infected. Why IMON didnt protect it? i use 2.12.2

    Temporary files are not a protected area as system restore area is. It should have been aable to delete it.
     
  5. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    Do you have the IMON HTTP scanner enabled? Or did you get a warning from the HTTP scanner and maybe didn't click "Terminate"?

    Checking a machine used by a bunch of teenages, (which is a bit of a honey pot for that sort of stuff:) ), the IMON HTTP scanner did detect that trogan on this end and they selected "Terminate" which stopped if from downloading.

    Time Module Object Name Virus Action User Info
    8/28/2004 2:16:36 AM IMON archive ( edit - removed URL) Win32/TrojanDownloader.IstBar.NAD trojan connection terminated
     
  6. leehigdon3

    leehigdon3 Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    132
    Location:
    Plano, TX USA
    Still downloading cracks? The folks in acv didn't get the message across to you, did they? :D
     
  7. rumpstah

    rumpstah Registered Member

    Joined:
    Mar 19, 2003
    Posts:
    486
    That depends on how you have your actions tab set up for archives. i.e If you have it prompt for action and you do not have it set for infection found, clean if possible or delete if not, then it will not work as you intend. Take a look at your actions tab and please tell us what settings you have.

     
Thread Status:
Not open for further replies.