problem plz help virus

Discussion in 'NOD32 version 2 Forum' started by minijumbuk, Jun 16, 2007.

Thread Status:
Not open for further replies.
  1. minijumbuk

    minijumbuk Registered Member

    Joined:
    Jun 16, 2007
    Posts:
    3
    Time Module Object Name Threat Action User Information
    6/17/2007 2:24:57 AM AMON file C:\DOCUME~1\Tao\LOCALS~1\Temp\laf1EA3.tmp Win32/Hoax.Renos.NBN application quarantined - deleted LEO\Tao Event occurred on a file modified by the application: C:\Documents and Settings\Tao\Desktop\setup.exe. The file was moved to quarantine. You may close this window.
    6/4/2007 16:20:00 PM IMON archive ~snip~ a variant of Win32/TrojanDownloader.Small.NUS trojan Connection terminated LEO\Tao

    i have this problem...can anyone help me?
    the Win32/Hoax.Renos.NBN application
     
    Last edited by a moderator: Jun 16, 2007
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi minijumbuk, welcome to Wilders.

    NOD32 has dealt with both: AMON - "application quarantined - deleted" and IMON - "Connection terminated".

    Cheers :D
     
  3. teampump88

    teampump88 Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    13
    Hey try smitfraudfix to clear out the RENOS threat. Just google the word, smitfraudfix
     
  4. minijumbuk

    minijumbuk Registered Member

    Joined:
    Jun 16, 2007
    Posts:
    3
    the problem was not solved and the popups continued to come up...its very annoying!! please help
     
  5. ASpace

    ASpace Guest

    Open Control Center and click on Update -> Update now to ensure your NOD32 is up to date.

    Make sure your settings are the same as this tutorial.

    Open Control Center -> NOD32 -> Run NOD32 and perforum full Scan&Clean over your hard drives . NOD32 will take care of all threats found :)

    If you have problems deleting them in Normal mode , boot in Safe Mode and then perform full scan there .

    If the problem still persists , don't hesitate to contact ESET Tech Support :thumb:
     
  6. minijumbuk

    minijumbuk Registered Member

    Joined:
    Jun 16, 2007
    Posts:
    3
    many pop-ups continue to come up...please help
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi there, the most likely cause is Smitfraud; however I have also included 3 other links for removal of the most prevalent advertising popups.

    Please complete the following, it is required to remove detection of 4 tools that we are about to download and use, these tools may be detected by NOD32 if you have “Potentially Dangerous Applications” (version 2.5) or "Potentially unwanted and unsafe applications" (version 2.7) ticked within NOD32.

    1. Please go to the NOD32 Control Centre (Start> All Programs> Eset> NOD32 Control Centre)
    2. Click on AMON> Setup> Options (tab)
    3. Untick “Potentially Dangerous Applications” (version 2.5) or "Potentially unwanted and unsafe applications" (version 2.7).
    4. Click on OK.
    5. Click on IMON> Setup> Miscellaneous (tab)> Scanner Setup> Setup (tab)
    6. Untick “Potentially Dangerous Applications” (version 2.5) or "Potentially unwanted and unsafe applications" (version 2.7).
    7. Click on OK.
    8. Click on OK


    When the process below is complete, please place a tick back in “Potentially Dangerous Applications” (version 2.5) or "Potentially unwanted and unsafe applications" (version 2.7).


    Please follow the instructions found at the following 3 websites:

    VundoFix here: http://www.atribune.org/content/view/24/2/

    SmitfraudFix here: http://www.bleepingcomputer.com/forums/topic17258.html

    Look2Me Destroyer here: http://www.atribune.org/content/view/28/2/

    Fix Wareout here: Fix Wareout here: http://forums.majorgeeks.com/showthread.php?t=95472


    When the process above is complete, please place a tick back in “Potentially Dangerous Applications” (version 2.5) or "Potentially unwanted and unsafe applications" (version 2.7).

    Please complete the process below to ensure this does not happen again:

    Check your settings against those found in the following NOD32 Tutorial: https://www.wilderssecurity.com/showthread.php?t=37509


    AFTER this run a scan by following these steps:

    1. Click on the NOD32 Control Centre (Green and White split square on the bottom right hand corner of your computers screen).
    2. Click on NOD32.
    3. Click on Run NOD32.
    4. Click on “Scan and Clean”.
    5. Reboot your Computer into “Safe Mode”.
    6. Click on Start> All Programs> ESET> NOD32
    7. Click on “Scan and Clean”.
    8. Check the scan results.

    AFTER and ONLY AFTER the above two scans are complete and ONLY if the infection remains, please complete the following:

    Download HijackThis from here: https://www.wilderssecurity.com/showthread.php?t=12516

    Download Autoruns from here: http://www.sysinternals.com/Utilities/Autoruns.html

    Download and run Lookinmypc from here: http://www.lookinmypc.com
    1. Select "Generate report"
    2. Wait - scan results will pop up in a browser
    3. Go to folder with LookInMyPC installed (default in C:\ProgramFiles\LookInMyPC\Reports\username\LookInMyPC.zip), and attach LookInMyPC.zip to the reply email

    Then run the other 2 programs and forward the logs from all three programs to support @ eset.sk together with the following:

    1. Go to the NOD32 Control Centre
    2. Click on Logs
    3. Right Click on one of last completed full system scan logs.
    4. Click on “Details”
    5. Right Click anywhere on the scan log
    6. Click on “copy all”
    7. Right Click in the replying email to me.
    8. Click on “Paste”

    This will paste a copy of one of the scans you have completed.

    Let us know how you go...

    Cheers :D
     
Thread Status:
Not open for further replies.