omg omg omg help me out pls...

Discussion in 'NOD32 version 2 Forum' started by faenil, Oct 24, 2007.

Thread Status:
Not open for further replies.
  1. faenil

    faenil Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    88
    Hey guys I was looking for a crack for a software...but there was a virus in it...
    It disabled my Nod32 Security Suite and deleted the ekrn.exe file...

    Now it doesn't start..I tried to unistall it...

    I CAN'T REINSTALL AND I CAN'T INSTALL ANTIVIR!!!

    always gives error while extracting the kernel protecion module, even with antivir....
    Pls admins...help me out...I've got important data there...
    help me out guys... :(

    Thx ;)
     
  2. prozabor

    prozabor Registered Member

    Joined:
    Oct 24, 2007
    Posts:
    38
    Maybe try to use online scanner like as Kaspersy online. It should help You.
     
  3. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    submit the file to virustotal.com to what threat it is. With that info you can start a search for clean/removal instructions.
    That are the risks inherent to cracking apps....try to avoid it
     
  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    And it might help to stay away from the crack sites as there is some really nasty malware out there.
     
  5. faenil

    faenil Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    88
    the virus is seen as bagle.km by Nod32...but it didn't catch it when it got installed...:S

    I'm trying to run a removal utility from eset but it's too slow...coz winlogon.exe uses up 99% cpu..

    any manual removal?
     
  6. DennisTh

    DennisTh Registered Member

    Joined:
    Oct 18, 2007
    Posts:
    9
    Try it in safe mode.
     
  7. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hi,

    I suppose that Bagle created hidden files and was written into windows registry. You have to find and delete these issues. When I solved this problem, I used ComboFix.:thumb:
     
  8. DennisTh

    DennisTh Registered Member

    Joined:
    Oct 18, 2007
    Posts:
    9
    It helps to use an assortment of tools. Some are specific to a problem, IE Combofix, CWshredder, vundofix, etc. and some aren't, IE Adaware, Spybot S&D, SuperAntiSpyware, etc.

    Using the appropriate tools in safe mode usually will clean a system. Of course you should have a backup of all your important data as these tools can fix your system and sometimes the fix is fatal.
     
  9. ASpace

    ASpace Guest


    Well , there are some variant of Bagle with rootkit behaviour which can disabled NOD32 if it is uninstalled before the malware appears . But I know for NOD32 v2 . This doesn't apply for v3 products ,AFAIK.

    I would download fresh installation file from www.eset.eu/download/beta , run it and perform repair .

    Then , if still problem with installation , I would use Gmer to check if there is rootkit stuff on the machine and the install Eset Smart Security.
     
  10. DennisTh

    DennisTh Registered Member

    Joined:
    Oct 18, 2007
    Posts:
    9
    Microsoft's Rootkit Revealer may be a tool you will want to use.
     
  11. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Can you please tell me what a crack site is? Thanks :)
     
  12. DennisTh

    DennisTh Registered Member

    Joined:
    Oct 18, 2007
    Posts:
    9
    It's where you go to download software that is supposed to allow you to generate activation codes but often turns out to be a trojan/spyware.

    :blink:
     
  13. faenil

    faenil Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    88
    I solved the problem guys...I made a script for The Avenger and destroyed the virus! :D

    ps Dennis: Beagle doesn't let u go into safe mode ;)
     
Thread Status:
Not open for further replies.