Hello Eset. I was wondering why such kind of malware like Sirefef, ACAD worm, etc are not included in the virus signature update but treated in a stand alone removal tool. Thank you.
Hello, There are numerous reasons to provide standalone removal tools. One reason is for good will, e.g., to provide people who are not ESET customer (or not yet an ESET customer) with a tool to detect and remove a widely-publicized threat, such as ACAD/Medre.A or Win32/Conficker. Another reason is because sometimes it is because it is quicker for customers to boot from outside of their operating system (e.g., from a Windows Recovery Disk or similar) and run the standalone utility from there without the malware being resident in memory. Regards, Aryeh Goretsky
Hi Aryeh, Although I understand your post, may I look at it in a different way if you allow me. Let's look at Sirefef. === The Stand-alone malware removal tools page: http://kb.eset.com/esetkb/index?page=content&id=SOLN2372 Stand-alone malware removal tools KB Solution ID: SOLN2372 Last Revised: June 22, 2012 on that page: Sirefef / ZeroAccess version: 1.0.3.1 Last Updated: April 3, 2012 It points to Win32/Sirefef.A http://www.eset.eu/encyclopaedia/win32-sirefef-a-trojan-dropper-pmax-a-horse-trojandropper And we have How do I remove ZeroAccess (Sirefef) rootkit? KB Solution ID: SOLN2895 Last Revised: March 28, 2012 http://kb.eset.com/esetkb/index?page=content&id=SOLN2895 === Now look at the forum. Lately there were several posts by people who were infected by Sirefef variants. People who were using NOD32. Yes, I understand that no AV can garantee 100% protection. But the question is, how does ESET help those people who pay ESET for their AV? Do those people have to go to forums where volunteers help them in long hours? Does ESET give step-by-step guidelines on the ESET site? Does ESET really answer questions here on the official ESET forum to help those folks? Or is it only: contact Customer Care? And here comes the biggest question: if it is only "contact Customer Care", then what on earth is the reason to have a so-called official ESET forum where folks are often left alone by ESET?
Hello, If you need immediate help with a piece of malware, you can contact your local ESET distributor or office for assistance, a case will be opened in their ticketing system, and someone will assist you with removing the malware. You can post a message here on Wilders Security Forums asking for assistance as well, but keep in mind that it may not be responded to as quickly as directly contacting your local ESET distributor or office. Regards, Aryeh Goretsky
Hi Aryeh. I have a question again. In order to know that a computer is infected by malware like Sirefef/Zero Access or ACAD/Medre.A, should I do on demand computer scan via ESS or can ESS block it with its on access computer scan? Or should I scan it via standalone removal tool? Correct me if I'm wrong : if that malware has been detected in a computer, then the removal process cannot be done by ESS but only by the standalone removal tool. Thank you.
Hello, If you just want to check a computer for one particular threat, such as Win32/Sireref or ACAD/Medre.A, you can use the standalone tool. Otherwise, I would suggest using ESET NOD32 Antivirus or ESET Smart Security to check for and protect against all the threats that ESET detects. You can also use an ESET SysRescue disc to remove malware from an infected system. Regards, Aryeh Goretsky
Encus, I think that he did answer your question, just not in the concise manner that you want. The publication of a standalone removal tool, does not mean that using it is the only way to detect or remove the malware. The malware in question can be detected and removed using the standalone program OR ESS OR NOD32.
Hi terradon, I hope you are right about "The malware in question can be detected and removed using the standalone program OR ESS OR NOD32". Not so long ago some users had problems with the Sirefef services.exe variant. Anyway, Aryeh has already replied on my (I admit, a bit irritating) posting about that.
