Strange Update problem

Discussion in 'Other ESET Home Products' started by Hawkes, Dec 30, 2010.

Thread Status:
Not open for further replies.
  1. Hawkes

    Hawkes Registered Member

    Joined:
    Sep 2, 2010
    Posts:
    3
    Hey everyone. I am reaching out to your collective expertise because I am flat out of ideas. Here's what I have...

    I have a Windows SBS 2003 server. I installed the ESET server and console without a problem. I had some trouble with the client since there were some remnants of F-Secure Gatekeeper installed, but I eventually found the registry keys to delete (two of them). Once I deleted those, I was able to install the client. The trouble I am having is with the server trying to download updates. When I do an NSLOOKUP on update.eset.com I receive the IP's back without a problem. Unfortunately, I am unable to ping the URL or any of the IP's as they all time out. I have gone to the other workstations on the network and have no problem pinging the URL or IP's.

    Any ideas anyone? I think I've looked at this too long and might be overlooking the obvious.

    Thanks.
     
  2. Hawkes

    Hawkes Registered Member

    Joined:
    Sep 2, 2010
    Posts:
    3
    Got it...

    The server was infected with Redosdru.GF. A file named wwfwv.cc3 was running under a process called Comhidserv. Once I cleared out all the registry entries pointing that filename, I was able to kill the svchost.exe process that was protecting it, delete it, reboot and I can now hit the update servers. ESET kept picking up the file when I would log in and said it was being removed after reboot, but apparently wasn't able to finish it off.
     
  3. Brambb

    Brambb Registered Member

    Joined:
    Sep 25, 2006
    Posts:
    411
    Location:
    The Netherlands
    You may want to send that file to ESET for inspection (with sysinspector log) if you still have it, there could be more traces left cause NOD32 couldn't handle cleaning/deletion of that file well enough.
     
Thread Status:
Not open for further replies.