Try it for a month, like it - buy it - then Bad Trojan just after purchase!

Discussion in 'NOD32 version 2 Forum' started by paperview, Jun 3, 2007.

Thread Status:
Not open for further replies.
  1. paperview

    paperview Registered Member

    Joined:
    Jun 3, 2007
    Posts:
    1
    Hello everybody! I'm new here. Tried the 30 day version of NOD, liked it, and purchased TWO copies, one for my laptop, and one for my home computer.

    I have, to date not had any problems with my home computer. Used it for years with little problems. NOD did find some minor Trojans when I initially installed the trial version, and worked just fine for the 30 days. I plunked down the money, and just shortly after fully registered version, I started getting a Buffer overrun error pop-up error which causes my system to crash (I have to reboot from whatever I am doing)
    >Microsoft Visual C++ Runtime Library
    >
    >Buffer overrun has been detected in program WINNT/Explorer.EXE which has corurped the program's internal state.Microsoft Visual C++ Runtime Library



    Then running the virus scan , I get this error:
    Time Module Object Name Threat Action User Information
    6/2/2007 19:54:37 PM Kernel file C:\WINNT\System32\ddabc.dll probably a variant of Win32/Genetik trojan

    which I cannot delete, because it is in system memory, it tells me. This is a nightmare.

    Argh. Please help. This only happened just after I paid good money to PREVENT this kind of thing. Right after. NOw I know *Crap* happens, but the timing was bad here.

    Anybody? Thanks in advance.
     
  2. planet

    planet Registered Member

    Joined:
    Apr 1, 2007
    Posts:
    10
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Please remember that NO AV detects 100% of all threats. NOD32 has improved advanced heuristics in the mean time, that's why it didn't initially detect the dll. We will be happy to assist you in removing it, feel free to contact Eset's support at support[at]eset.com. Generally it's very difficult to remove already injected dlls from the system, but we will provide you with instructions how to accomplish it.
     
  4. GAN

    GAN Registered Member

    Joined:
    Mar 3, 2007
    Posts:
    355
    You could try to run msconfig and uncheck everything under Startup except those you know for sure is safe. Then reboot your computer and might be able to delete the dll. Also you could download Process Explorerer from Microsoft (url below). Using process explore you can search for the dll and find out what process is keeping that file locked. Then by killing that process you might be able to delete the dll. There is most likely at least one more file you should delete during the cleanup.

    http://www.microsoft.com/technet/sysinternals/default.mspx

    If using msconfig you should run it again after cleanup and enable the startup items again, but i guess i complete scan of your harddisk could be smart before doing that.
     
Thread Status:
Not open for further replies.