Try it for a month, like it - buy it - then Bad Trojan just after purchase!

Discussion in 'NOD32 version 2 Forum' started by paperview, Jun 3, 2007.

Thread Status:
Not open for further replies.
  1. paperview

    paperview Registered Member

    Jun 3, 2007
    Hello everybody! I'm new here. Tried the 30 day version of NOD, liked it, and purchased TWO copies, one for my laptop, and one for my home computer.

    I have, to date not had any problems with my home computer. Used it for years with little problems. NOD did find some minor Trojans when I initially installed the trial version, and worked just fine for the 30 days. I plunked down the money, and just shortly after fully registered version, I started getting a Buffer overrun error pop-up error which causes my system to crash (I have to reboot from whatever I am doing)
    >Microsoft Visual C++ Runtime Library
    >Buffer overrun has been detected in program WINNT/Explorer.EXE which has corurped the program's internal state.Microsoft Visual C++ Runtime Library

    Then running the virus scan , I get this error:
    Time Module Object Name Threat Action User Information
    6/2/2007 19:54:37 PM Kernel file C:\WINNT\System32\ddabc.dll probably a variant of Win32/Genetik trojan

    which I cannot delete, because it is in system memory, it tells me. This is a nightmare.

    Argh. Please help. This only happened just after I paid good money to PREVENT this kind of thing. Right after. NOw I know *Crap* happens, but the timing was bad here.

    Anybody? Thanks in advance.
  2. planet

    planet Registered Member

    Apr 1, 2007
  3. Marcos

    Marcos Eset Staff Account

    Nov 22, 2002
    Please remember that NO AV detects 100% of all threats. NOD32 has improved advanced heuristics in the mean time, that's why it didn't initially detect the dll. We will be happy to assist you in removing it, feel free to contact Eset's support at support[at] Generally it's very difficult to remove already injected dlls from the system, but we will provide you with instructions how to accomplish it.
  4. GAN

    GAN Registered Member

    Mar 3, 2007
    You could try to run msconfig and uncheck everything under Startup except those you know for sure is safe. Then reboot your computer and might be able to delete the dll. Also you could download Process Explorerer from Microsoft (url below). Using process explore you can search for the dll and find out what process is keeping that file locked. Then by killing that process you might be able to delete the dll. There is most likely at least one more file you should delete during the cleanup.

    If using msconfig you should run it again after cleanup and enable the startup items again, but i guess i complete scan of your harddisk could be smart before doing that.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.