Trojan downloader.getcodec.gen

Discussion in 'ESET NOD32 Antivirus' started by joe123, Aug 3, 2009.

Thread Status:
Not open for further replies.
  1. joe123

    joe123 Registered Member

    Joined:
    Jan 22, 2007
    Posts:
    14
    Hi.

    I have enjoyed NOD32 for many years of virus free setup, until now :'(

    I recently got hit with the trojan downloader.getcodec.gen virus.

    Nasty virus. NOD32 detected it and remove some of it, but it is not catching all of it.

    I ran a full scan on my system, removed it, re-ran NOD32 full scan, found nothing. However, when I reboot, the virus is still there.

    I took the system drive to another PC which has NOD32, scan that disk and NOD32 finds zero viruses. I put the disk back on my machine and NOD32 complains of a virus it finds while botting up.

    The viruses are found on every bootup, but not when I do a full system scan after the system is up and running. So every time I reboot, NOD32 finds this virus and removes it to be repeated on next boot.

    I have NOD32 V4, no other drives (single OS drive). Where is this virus comping from keeps infecting my system and why is NOD32 not finding it during a scan?

    HELP!
     
  2. Bitten By C Bug

    Bitten By C Bug Registered Member

    Joined:
    May 9, 2007
    Posts:
    45
    Hello Joe, I may be out of my realm here but if you are running windows XP Does the detection come up in C:Volume Information?" If so try disabling system restore and boot into safe mode and then rerun nod32, Malwarebytes, and possibly SAS, and then reboot into account and reenable the system restore and let me know if that has possibly rectified the problem of continuously returning. Good luck and I'll be looking to see if my help was of any helpfullness. Have a good evening as well.
     
  3. joe123

    joe123 Registered Member

    Joined:
    Jan 22, 2007
    Posts:
    14
    Hi and thanks for responding!

    I did not try disabling system restore, good idea! I will try that and the other anti-virus programs.

    I have been spoiled by NOD32 for so many years that I don't even think of trying others, but that is a great suggestion.

    I did go into safe mode and ran a full scan and NOD32 found nothing. It only finds the virus after it boots up normal.

    I also booted off the XP CD, cd over to ESET directory and ran it through the command line. Found nothing, but again, after rebooting normal, the virus is back.

    I will try turning off system restore and will report back. I am still confused why NOD32 is not catching it when I boot of CD or when I take the drive to a different system?
     
  4. joe123

    joe123 Registered Member

    Joined:
    Jan 22, 2007
    Posts:
    14
    Hi. I did what you suggested and it found the viruses.

    I turned off auto restore, but I placed the disk on a different machine and downloaded Malwarebytes Anti Malware 1.40.

    Ran it on E: drive which was the original C: drive with the XP OS infected.

    Here is the log with the infected files that NOD32 was not catching:

    Files Infected:
    e:\WINDOWS\system32\4BC.tmp (Trojan.Tracur) -> No action taken.
    e:\WINDOWS\system32\cscdll32(3).dll (Trojan.Tracur) -> No action taken.
    e:\WINDOWS\system32\cscdll32(4).dll (Trojan.Tracur) -> No action taken.
    e:\WINDOWS\system32\cscdll32.dll (Trojan.Tracur) -> No action taken.


    Nasty NASTY virus. It disabled NOD32 network, then it disabled NOD32 completely. I tried re-installing NOD32 with no success.

    I have not place the drive back on the original system, I am running another scan and will report back when I put the disk back in the original system and see if it boots.
     
  5. joe123

    joe123 Registered Member

    Joined:
    Jan 22, 2007
    Posts:
    14
    Looks like all is well now after Malwarebyte found and removed the downloader.getcodec.gen virus.

    Ok, so I will byte. Why did NOD32 NOT detect this virus? Looking at info on this virus, it was discovered months ago.

    I know that not all virus scanners can detect everything, but why is NOD32 so behind on this one virus? Do to my posistion, I have recommended NOD32 to hundreds of people and family members. Most of which have bought NOD32 solely based on my recommnendations. ESET should be paying me royalties :D

    But on a serious note, why?
     
  6. Bitten By C Bug

    Bitten By C Bug Registered Member

    Joined:
    May 9, 2007
    Posts:
    45
    Hello again Joe, Yea you are right not any 1 scanner is 100% gonna catch all, altho I am glad to hear that Malwarebytes helped correct your problem. You might wanna send those infected files to Eset zip in password archive so they can examine and get them into detection database if not already there. Looks like you took means into your own hands and your own knowledge base which has seem to done the trick. Just to be sure all remeants are removed ya might wanna dl and scan with SuperAntiSpyware also. At least they have been detected and taken care of, and if I helped any, I am happy to of been some assistance. You can install prevx free and it will run smoothly along side any of your security apps and it will tell you if anything else is looming around. It won't remove via the free version as I run the RT with Eset and MB RT and WD with NO conflicts along with Key scrmabler Prem. Just a few suggestions to help you be at ease with not having anything left lurking around. Prevx Free, and superantispyware would be good starts to ease your mind. Have a good day and I'll dig into those infections and get back to ya as well. "Peace"
    BTW, I also live and die by nod32 and Prevx and have recommended and had MANY buy Esets product without any worries, always keep in mind that nothing is 100% guaranteed, have ya added WOT to your browser? Web Of Trust? Might be of benefit, to let ya know if site is ok and or bad.
     
  7. joe123

    joe123 Registered Member

    Joined:
    Jan 22, 2007
    Posts:
    14
    Thanks again Bitten for all of your help!

    Yes, I fully understand that not one single scanner is going to find all. My concern was more along the lines of why did it not catch it since it has been out for so many months now. Maybe it's a new variation? Yes, I tried sending it to NOD32 and they originally asked me to send the NOD32 report back to them even when I expecitely told them that I could not send a report becuase the virus had completely disabled NOD32 and re-installing NOD32 was failing. Funny support people.

    I also have and LOVE SuperAntiSpyware. Many moons ago, I was also hit with a spy ware that NOD32 did NOT catch and someone suggested SuperAntiSpyware which I dowloaded and it caught it right away. I became a life time member for $19 bucks.

    Here is what is bugging me ( excuse the pund :) ) at present. NOD32 used to be "cheap" or better said, reasonably priced. Right now, it's not that cheap at $60 bucks a pop per year. I don't mind paying that, and I don't mind paying 2x, or 3x more IF and I do mean IF it was not missing so many viruses.

    For me, I have 4 systems at home and the costs starts adding up. Again, I will gadly pay that, but it better do one hell of a job.

    I will agree that I have been spoiled by NOD32 in that I have enjoyed virus free systems for many years. I have become so spoiled that when a virus does hit and NOD32 misses it, I am shocked. So I will give NOD32 that!

    Thanks again for coming to the rescure and for the other suggestions for scanners.

    Have a good weekend!
     
  8. Bitten By C Bug

    Bitten By C Bug Registered Member

    Joined:
    May 9, 2007
    Posts:
    45
    Joe, I totally grasp and understand the frustration completely, and honestly given your scenerio, I'd d/l and install Prevx 800kb to run with your security setup to see if all is well. Grant it, that yes it will alert you via any funny sh!t happening but won't remove unless paid version RT Protection. Prevx free will let you know but yes won't clean BUT, the excellent and I MEAN EXCELLENT Tech support they have is def worth the look inside this program let alone all the other benefits this small footprint based on the "Cloud" has to offer. www.prevx.com

    In regards to those other infection MBAM found, I'm finding kinda strange myself nod didn't pik up as yes they have been out awhile but as you stated the Variation of Trojan has been altered to prevent detection as Malware Authors are so good at doing. I'm sure you know of Virustotal.com which you can always upload any files you are still suspicious of or not sure that AV/AM/AS scanners might not have a bead on, upload to there and see what all the other vendors have to report. Glad to have been assistance to ya Joe and most importantly, glad to know you are back up and running again. You also have a great weekend and I will still keep digging into what I see "OLD" Variants of these Trojan Tracur but again they very well could have been altered to avoid detection. Til' Next time Joe. "Peace" and YW!:thumb:
     
Thread Status:
Not open for further replies.