removal of Win32.daonol.O ??

Hi there,

When installing NOD32 4.2 (instead of nod32 v2.7) the system i got a warning that the system is infected with Win32.daonol.O trojan.
The realtime file scanner is constantly removing a file that is to be created in %temp % by winlogon.exe.

But a full system scan does not find anything.

Is there any kind of info known of a rootkit that wants to install this (or something like this?)

in system.ini i found a link to a screensaver after [boot].
I deleted the link, but still the RTFS is busy with this file.

anyone??

 

Try this Daonol cleaner.

 

thanx, but it does not detect anything

 

If you've identified the file, Unlocker should be able to remove any file locks on it and rename/delete it for you.

 

The eset-tool may have done the trick.

Accidentally i double clicked it from windows via my notebook mousepad
The dosbox flashed over the screen, so i could not see the stats.
But at that time the pop-ups were still there.

After that I ran i manually with "0 found" as result which i posted here.

But now, since the PC is rebooted, i do not see errors anymore

And yes NOD32 is still active and works......


So it seems like Marcos, you're great
So one day when you're in Holland come and let us drink a cup of coffee (or something better )

Greetings and thanks for all help