update problem-failure to open a socket

In trying to speed up a final solution I contacted Eset Technical support through the website and included all the standard information including a link to this thread.
This is the reply I got, which is totally unacceptable to me as a paying customer of this product.

"Update for Case #3787 - "unable to open a socket"
An ESET Tech Support Representative has updated this case with the following information:
Hello,
All support for this version of NOD32 is done through that link."

The link referred to is this thread. I am so disapointed at the Eset response that I have had to redo my response here 4 times as what I have written and edited out is as inapproriate as Eset's. Ridiculous is all I can say and a copout on Eset. Nice way to deal with a 5 year paying customer. Makes me want to buy this product again? I will stop with my feelings on Eset, as hard as it is, but I remain focused on solving the problem.

Moving forward here as this thread is my only hope of curing my issue.
NOD found that I was infected with these 2 trojans:

Win32/TrojanDownlaoder.Agent.AZR.trojan
C:\system.exe

and

Win32/TrojanDownlaoder.Small.CCN trojan
C:\ms32.sys
I did a google search and found this info on it.
"- injects its code into EXPLORER.EXE
- Access's the Internet and communicates with a remote server via HTTP.
- it downloads a file from a remote website from the location C:\MS32.SYS and runs a script from a jpg."
In conjunction with the aforementioned Trojan I got this trojan from the remote website, Win32/DNSChanger trojan with a url that was quarantined.

I think this is why NOD can't update but can't figure out where it changed by settings. In Network settings none of the boxes are checked for DNS. My router is the only place where I found any DNS settings at all.

I found that 1 other security program could NOT update from my box either. However, Spybot could update and did update but found nothing.

I remember that my other security tool, RegRun Gold informed me on a reboot that Explorer.exe had been moved and I should move it back to it's original location, which I/we did. The last time this happened, a few years ago, my system crashed because Explorer.exe was moved. I did a system scan once I booted but did not find the aforementioned trojans at that time so I thought I had cured the issue.
RegRun has a unique feature of being able to execute and thus trace the trojan without giving it write ability which follows the paths as to what it is modifying and or changing deleting etc. It is too complex for me to understand.


I use AdawareAway and it found this issue yesterday:
"auto run - ini file
shell=C:\WINDOWS\explorer.exe System.ini
load: link file Win.ini
run: link file Win.ini"
I am not sure what to make of this. Need some help with this issue.

Then, I ran a different scanner from NOD32 and it found this:
troj/taladra-f BackDoor found in File System/ registry. I deleted the registry keys for this trojan. NOD32 did not find this issue.

Remember now I am using 2.7.
Does customer support at Eset not deal with 2.7 issues because it is a beta or just 2.5 issues. Neither version is updating on my box.

 

Correct, there are specific instructions for Beta support issues.

Please complete the following and have the logs ready for further instructions (do NOT post them here):

Download and run HijackThis from here: https://www.wilderssecurity.com/showthread.php?t=12516

Download and run Autoruns from here: http://www.sysinternals.com/Utilities/Autoruns.html

Download and run Lookinmypc from here: http://www.lookinmypc.com

Please send me by email your original license that contains your Username and Password: blackspear @ wilderssecurity.com and I will check this as well.

Cheers

 

Thanks Blackspear!
OK, will do it now.
On the LookInMyPc page it says it works with XP, 2000 and 2003.
I will run the other two.

"talk" to you soon!
zappa

 

A happy ending is always nice!!
Blackspear went way above and beyond the call of duty in helping me. Big thanks to Blackspear!

Also some big thanks to Dmitri at RegRun for his help to! RegRun is a very powerful security program that has saved my backside more times then I want to admit to!

This was the final fix solution:
1) removed key with kontakt904.exe and reboot.
2) removed the NOD separate feature "advanced hueristics"
3) reboot
4) removed execution protection (from TDS-3) as it had many sockets protected and maybe something got corrupt somehow with trojan infection?
5) reboot
6) uninstalled NOD
7) reboot
ran LSP fix-nothing showed as usual- hit finish.
9) reboot
10) boot again
11) boot again
12) installed NOD 2.70.10 and bingo, got updates!

P.S.-Eset now supports V-2.70.10 through tech support just in case Blackspear ever goes on vacation for a day or two.

Thanks to all those who helped me!
zappa

 

You are welcome zappa.

Cheers

 

Hello,

Just to confirm, TDS-3 is Diamond Computer System's Trojan Defence System-3 program, correct?

Regards,

Aryeh Goretsky

 

Correct.

Cheers