Olmarik Rootkit STILL not removed

Referring to this thread from just over a year ago:

https://www.wilderssecurity.com/showpost.php?p=1771504&postcount=30

I can confirm that NOD32 still will not remove this virus (neither from the computer, nor from the rescue environment). It will detect it, and when you tell it to clean it gives no error, but it says 0 / 1 items cleaned.

I can also confirm that the Kaspersky Lab's TDSSKiller app (http://support.kaspersky.com/faq/?qid=208283363) was successful in removing it.

 

What version were you using and did you submit it to Eset?

 

version 5 will take care of this.

 

Did you use the stand-alone Olmarik remover?

 

i don`t think he did...i was infected with olmarik (probably a year back)and the stand-alone tool helped me...don`t know what AV was using back then

 

The stand-alone tool said that I was not infected with it. I even ran it from a WinPE environment. And this is the latest version of the business edition of NOD32 (which is still version 4).

Edit: this was an MBR infection. There was no file to submit. Is there some way to submit my entire MBR for analysis?

 

yes, just follow these intructions

http://kb.eset.com/esetkb/index?page=content&id=SOLN141

, and tell Them that it is the mbr which is infected, and they will send you a tool you shoud run

 

NOTE - I have just had the same experience with my daughters laptop. ESET 4 would report the Olmarik infection. I tried both of the stand alone Olmarik removers and both reported that the computer was NOT infected. I downloaded the Kapersky TDSSKiller tool and it found a Pihar infection which it cured. Unfortunately there isn't a log I can send you.

 

Was Olmarik actually found in MBR or in memory?

 

In my case the ESET warning was an in memory infection.