Removal Tool.

Discussion in 'ESET Smart Security' started by encus, Jun 22, 2012.

Thread Status:
Not open for further replies.
  1. encus

    encus Registered Member

    Joined:
    Nov 2, 2009
    Posts:
    535
    Hello Eset.

    I was wondering why such kind of malware like Sirefef, ACAD worm, etc are not included in the virus signature update but treated in a stand alone removal tool.

    Thank you.
     
  2. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    There are numerous reasons to provide standalone removal tools.

    One reason is for good will, e.g., to provide people who are not ESET customer (or not yet an ESET customer) with a tool to detect and remove a widely-publicized threat, such as ACAD/Medre.A or Win32/Conficker.

    Another reason is because sometimes it is because it is quicker for customers to boot from outside of their operating system (e.g., from a Windows Recovery Disk or similar) and run the standalone utility from there without the malware being resident in memory.

    Regards,

    Aryeh Goretsky
     
  3. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hi Aryeh,

    Although I understand your post, may I look at it in a different way if you allow me. Let's look at Sirefef.

    ===

    The Stand-alone malware removal tools page:
    http://kb.eset.com/esetkb/index?page=content&id=SOLN2372
    Stand-alone malware removal tools
    KB Solution ID: SOLN2372
    Last Revised: June 22, 2012

    on that page:

    Sirefef / ZeroAccess
    version: 1.0.3.1
    Last Updated:
    April 3, 2012

    It points to Win32/Sirefef.A
    http://www.eset.eu/encyclopaedia/win32-sirefef-a-trojan-dropper-pmax-a-horse-trojandropper

    And we have
    How do I remove ZeroAccess (Sirefef) rootkit?
    KB Solution ID: SOLN2895
    Last Revised: March 28, 2012
    http://kb.eset.com/esetkb/index?page=content&id=SOLN2895

    ===

    Now look at the forum. Lately there were several posts by people who were infected by Sirefef variants. People who were using NOD32. Yes, I understand that no AV can garantee 100% protection. But the question is, how does ESET help those people who pay ESET for their AV? Do those people have to go to forums where volunteers help them in long hours? Does ESET give step-by-step guidelines on the ESET site? Does ESET really answer questions here on the official ESET forum to help those folks? Or is it only: contact Customer Care? And here comes the biggest question: if it is only "contact Customer Care", then what on earth is the reason to have a so-called official ESET forum where folks are often left alone by ESET?
     
  4. encus

    encus Registered Member

    Joined:
    Nov 2, 2009
    Posts:
    535
    Thanks Aryeh.
     
  5. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    If you need immediate help with a piece of malware, you can contact your local ESET distributor or office for assistance, a case will be opened in their ticketing system, and someone will assist you with removing the malware.

    You can post a message here on Wilders Security Forums asking for assistance as well, but keep in mind that it may not be responded to as quickly as directly contacting your local ESET distributor or office.

    Regards,

    Aryeh Goretsky


     
  6. encus

    encus Registered Member

    Joined:
    Nov 2, 2009
    Posts:
    535
    Hi Aryeh.

    I have a question again. In order to know that a computer is infected by malware like Sirefef/Zero Access or ACAD/Medre.A, should I do on demand computer scan via ESS or can ESS block it with its on access computer scan? Or should I scan it via standalone removal tool?

    Correct me if I'm wrong : if that malware has been detected in a computer, then the removal process cannot be done by ESS but only by the standalone removal tool.

    Thank you.
     
  7. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    If you just want to check a computer for one particular threat, such as Win32/Sireref or ACAD/Medre.A, you can use the standalone tool.

    Otherwise, I would suggest using ESET NOD32 Antivirus or ESET Smart Security to check for and protect against all the threats that ESET detects.

    You can also use an ESET SysRescue disc to remove malware from an infected system.

    Regards,

    Aryeh Goretsky
     
  8. encus

    encus Registered Member

    Joined:
    Nov 2, 2009
    Posts:
    535
    Hi Aryeh.

    Can you answer the question below please?
    Thank you.
     
  9. terradon

    terradon Registered Member

    Joined:
    Nov 5, 2006
    Posts:
    78
    Encus,

    I think that he did answer your question, just not in the concise manner that you want. The publication of a standalone removal tool, does not mean that using it is the only way to detect or remove the malware. The malware in question can be detected and removed using the standalone program OR ESS OR NOD32.
     
  10. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hi terradon,

    I hope you are right about "The malware in question can be detected and removed using the standalone program OR ESS OR NOD32".
    Not so long ago some users had problems with the Sirefef services.exe variant. Anyway, Aryeh has already replied on my (I admit, a bit irritating) posting about that.
     
  11. encus

    encus Registered Member

    Joined:
    Nov 2, 2009
    Posts:
    535
    Thanks Terradon.
     
Thread Status:
Not open for further replies.