NOD32 with Power users

Discussion in 'NOD32 version 2 Forum' started by Aji, Jul 3, 2007.

Thread Status:
Not open for further replies.
  1. Aji

    Aji Registered Member

    Joined:
    May 15, 2005
    Posts:
    42
    We have a network with more than 1000 users where NOD32 is installed recently. We are facing a strange problem with client machines that has power users right. AMON is detecting a lot of trojans with 'delete' and 'rename' options enabled. But when we try to delete or rename we get an error message saying that the file is locked up.

    Is there a way to delete or clean this without going into the safe mode as more than 250 computers are infected and it will be a nightmare logging all these machines in safe mode.:oops:
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Can you delete those files manually or they are in use?
     
  3. Aji

    Aji Registered Member

    Joined:
    May 15, 2005
    Posts:
    42
    No we can not delete these infected files manually.
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Could you please send the following to your local support office:

    1. Click on the NOD32 Control Centre (Green and White split square on the bottom right hand corner of your computers screen).
    2. Click on NOD32.
    3. Click on Run NOD32.
    4. Click on “Scan and Clean”.

    When the scan has completed please continue below:

    Download HijackThis from HERE

    Download Autoruns from HERE

    Download and run Lookinmypc from HERE
    1. Select "Generate report"
    2. Wait - scan results will pop up in a browser
    3. Go to folder with LookInMyPC installed (default in C:\ProgramFiles\LookInMyPC\Reports\username\LookInMyPC.zip), and attach LookInMyPC.zip to an email.

    Then run the other 2 programs and forward the logs from all three programs to your local ESET Support Office together with the following:

    1. Go to the NOD32 Control Centre
    2. Click on Logs
    3. Right Click on one of last completed full system scan logs.
    4. Click on “Details”
    5. Right Click anywhere on the scan log
    6. Click on “copy all”
    7. Right Click in the replying email to me.
    8. Click on “Paste”

    This will paste a copy of one of the scans you have completed.

    They will then provide you with a solution.

    Let us know how you go...

    Cheers :D
     
  5. Megachip

    Megachip Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    243
  6. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    I think his major problem is there are 250 computers spread out all over and he was trying to avoid going to each one which I don't think is possible in this case.
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    What support will require is the logs from above, then an effective solution can be implemented.

    Cheers :D
     
  8. Aji

    Aji Registered Member

    Joined:
    May 15, 2005
    Posts:
    42
    Thank you for your feedbacks. Problem got solved after we tried script for specific trojans. Also changing power users to Admin users solved some problems as NOD32 was able to delete many of the files in the on-demand scan.
     
Thread Status:
Not open for further replies.