Olmarik.ayh - how to remove?

Discussion in 'ESET NOD32 Antivirus' started by Reedmikel, Apr 14, 2012.

Thread Status:
Not open for further replies.
  1. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    Once again I have a customer's PC that ESET BE 4.2 detects a threat on, but simply reports "unable to clean". No further guidance is provided when using the console. WHY isn't there at least a link to a manual removal tool, further instructions, or a link to request help removing it with their support dept? WHY do we have to hunt thru their web site and forum to find a possible solution?

    It would be a win-win if ESET would add some simple enhancements to their Business Edition so admins could solve issues like this much faster. Very frustrating when all you see is "unable to clean" :mad:

    Oddly, "Olmarik.ayh" is not listed in ESET's virus encyclopedia on their site. I would think there should be an encyclopedia entry for EVERY threat that ESET has identified.

    I will try the 2 Olmarik standalone removal tools again, but when I tried them earlier it did not detect this variant.
     
  2. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    Tried both of the Olmarik standalone removal tools, yet both report Olmarik not found. Seems like ESET needs to update their standalone tools more frequently.
     
  3. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    Did some research at other AV web sites and saw suggestions to fix the master boot record (MBR). Since the infected machine is XP Prof. SP3, I booted from a XP installation CD and went into the Recovery Console and executed a "FIXMBR" command. Then I rebooted and noticed NOD32's Startup Scanner no longer displayed an alert for "Operating memory > svchost.exe" which it describes as "a variant of Win32/Olmarik.AYH trojan". Guess I'll know in a few days if it's fully fixed...

    SO, WHY DOESN'T EAV BUSINESS EDITION OFFER MORE GUIDANCE TO ADMINS IN CASES LIKE THIS? WHAT A WASTE OF MY TIME TO HAVE TO HUNT ALL OVER THE PLACE FOR POSSIBLE SOLUTIONS. ADD AN ENHANCEMENT TO THE CONSOLE THAT PROVIDES REMEDIATION INSTRUCTIONS. WHAT GOOD DOES IT DO TO HAVE A DEFINITION TO BE ABLE TO DETECT A PARTICULAR THREAT, YET NOT BE ABLE TO REMOVE IT OR PROVIDE ANY MANUAL REMOVAL INSTRUCTIONS?

    COME ON ESET, GET WITH IT AND MAKE YOUR PRODUCT MORE MATURE!
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Since every piece of malware is unique and even malware variants may behave differently and carry out different actions, dealing with malware issues often requires an individual approach which may vary from case to case. I'd suggest contacting Customer Care or emailing ESET's viruslab in case of malware-related issues.
     
  5. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    Hi Marcos,

    So you have no information about this Olmarik.ayh threat?

    How can your company have a definition set that includes this threat, yet it is not listed in your encyclopedia?

    I had to go to other AV vendor websites (your competitors) to find out the MBR likely needed to be repaired. Why doesn't ESET share that info?

    Granted, sometimes malware variants require special treatment. BUT, ESET should at least provide basic information about all threats in its definition database, ESPECIALLY THREATS THAT YOUR SOFTWARE IS "UNABLE TO CLEAN".

    As a Managed Service Provider (MSP) I get my ESET licenses thru Labtech. So I am NOT ALLOWED to call ESET support for help. At least that's what I've been told. Supposedly I have to call Labtech support, then they call ESET, and a few days later I MIGHT hear back. That just does not work for me :( I cannot afford to wait days for ESET and Labtech to respond...

    So, please pass on this request to enhance your Business Edition software to provide additional instructions in the ERAC (console) that let us know how to manually clean threats that ESET lists "unable to clean" for.

    The current system just wastes so much of the customer and ESET's time! Let's get in the 21st century and enhance ERAC to start providing links to ALL threats that cannot be cleaned by the software.
     
Thread Status:
Not open for further replies.