NOD32 vs Nachi.B

Discussion in 'NOD32 version 2 Forum' started by kx, Mar 20, 2004.

Thread Status:
Not open for further replies.
  1. kx

    kx Registered Member

    Joined:
    Mar 20, 2004
    Posts:
    2
    Well, we all know that this worm, Nachi.B is a nasty worm that can not be removed easily, and I have seen many instructions to kill the worm and Ive tried them all, but no LOL everytime I try scanning it can not be detected but it pops up at random times.. mostly when I try scanning with "nachi.B Removable tool" it pops up saying "Nachi.B Worm was detected"

    Tried:
    http://www.trendmicro.com/download/dcs.asp
    http://www.sophos.com/support/disinfection/nachia.html
    norton
    macafee

    I also have this trojan, Win32/KillFiles.CX trojan
     
  2. kx

    kx Registered Member

    Joined:
    Mar 20, 2004
    Posts:
    2
    screenshot:
     

    Attached Files:

  3. anders

    anders Eset Staff Account

    Joined:
    Oct 25, 2002
    Posts:
    410
    If it's in the System Volume Information folder, then it's protected by the operating system. The easiest way to remove it then is to disable the system restore function temporarily. However, then you'll also loose any restore points you might have created.

    Disable it, reboot, run the scanner, enable it again, and reboot.

    How to Enable and Disable System Restore
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;264887

    Best regards,
    Anders
     
  4. kx2

    kx2 Guest

    i disabled scanned saw nothing..

    Nod32 didnt even detect the virus when the restore system was disabled..
     
  5. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    By disabling system restore, you basically deleted all the files within, which is where NOD32 was finding Nachi.B. Your scan should have come up clean.

    Just be sure to turn system restore back on and create a new restore point.

    HTH....

    Regards,
    Kent
     
  6. DiGi

    DiGi Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    114
    Location:
    in the middle of nowhere
    One idea about System Volume Information. Isn't better simple add rights to access to this folder for Admin group instead of disabling services? Simple right mouse -> Security -> Add ... and add administrators or nod's service...

    If you haven't Serucity tab in folder properties you have probably enabled "Simpler sharing".
    It can be changed by "Folder options" (in Control Panel or in Explorer's menu Tools -> Folder options): uncheck Tab display -> "Use simpler sharing".
     
Thread Status:
Not open for further replies.