update problem-failure to open a socket

Discussion in 'NOD32 version 2 Forum' started by zappa, Nov 5, 2006.

Thread Status:
Not open for further replies.
  1. zappa

    zappa Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    176
    Location:
    Los Angeles, Ca.
    In trying to speed up a final solution I contacted Eset Technical support through the website and included all the standard information including a link to this thread.
    This is the reply I got, which is totally unacceptable to me as a paying customer of this product.

    "Update for Case #3787 - "unable to open a socket"
    An ESET Tech Support Representative has updated this case with the following information:
    Hello,
    All support for this version of NOD32 is done through that link."

    The link referred to is this thread. I am so disapointed at the Eset response that I have had to redo my response here 4 times as what I have written and edited out is as inapproriate as Eset's. Ridiculous is all I can say and a copout on Eset. Nice way to deal with a 5 year paying customer. Makes me want to buy this product again? I will stop with my feelings on Eset, as hard as it is, but I remain focused on solving the problem.

    Moving forward here as this thread is my only hope of curing my issue.
    NOD found that I was infected with these 2 trojans:

    Win32/TrojanDownlaoder.Agent.AZR.trojan
    C:\system.exe

    and

    Win32/TrojanDownlaoder.Small.CCN trojan
    C:\ms32.sys
    I did a google search and found this info on it.
    "- injects its code into EXPLORER.EXE
    - Access's the Internet and communicates with a remote server via HTTP.
    - it downloads a file from a remote website from the location C:\MS32.SYS and runs a script from a jpg."
    In conjunction with the aforementioned Trojan I got this trojan from the remote website, Win32/DNSChanger trojan with a url that was quarantined.

    I think this is why NOD can't update but can't figure out where it changed by settings. In Network settings none of the boxes are checked for DNS. My router is the only place where I found any DNS settings at all.

    I found that 1 other security program could NOT update from my box either. However, Spybot could update and did update but found nothing.

    I remember that my other security tool, RegRun Gold informed me on a reboot that Explorer.exe had been moved and I should move it back to it's original location, which I/we did. The last time this happened, a few years ago, my system crashed because Explorer.exe was moved. I did a system scan once I booted but did not find the aforementioned trojans at that time so I thought I had cured the issue.
    RegRun has a unique feature of being able to execute and thus trace the trojan without giving it write ability which follows the paths as to what it is modifying and or changing deleting etc. It is too complex for me to understand.


    I use AdawareAway and it found this issue yesterday:
    "auto run - ini file
    shell=C:\WINDOWS\explorer.exe System.ini
    load: link file Win.ini
    run: link file Win.ini"
    I am not sure what to make of this. Need some help with this issue.

    Then, I ran a different scanner from NOD32 and it found this:
    troj/taladra-f BackDoor found in File System/ registry. I deleted the registry keys for this trojan. NOD32 did not find this issue.

    Remember now I am using 2.7.
    Does customer support at Eset not deal with 2.7 issues because it is a beta or just 2.5 issues. Neither version is updating on my box.
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Correct, there are specific instructions for Beta support issues.

    Please complete the following and have the logs ready for further instructions (do NOT post them here):

    Download and run HijackThis from here: https://www.wilderssecurity.com/showthread.php?t=12516

    Download and run Autoruns from here: http://www.sysinternals.com/Utilities/Autoruns.html

    Download and run Lookinmypc from here: http://www.lookinmypc.com

    Please send me by email your original license that contains your Username and Password: blackspear @ wilderssecurity.com and I will check this as well.

    Cheers :D
     
  3. zappa

    zappa Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    176
    Location:
    Los Angeles, Ca.
    Thanks Blackspear!
    OK, will do it now.
    On the LookInMyPc page it says it works with XP, 2000 and 2003.
    I will run the other two.

    "talk" to you soon!
    zappa
     
  4. zappa

    zappa Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    176
    Location:
    Los Angeles, Ca.
    A happy ending is always nice!!
    Blackspear went way above and beyond the call of duty in helping me. Big thanks to Blackspear!

    Also some big thanks to Dmitri at RegRun for his help to! RegRun is a very powerful security program that has saved my backside more times then I want to admit to!

    This was the final fix solution:
    1) removed key with kontakt904.exe and reboot.
    2) removed the NOD separate feature "advanced hueristics"
    3) reboot
    4) removed execution protection (from TDS-3) as it had many sockets protected and maybe something got corrupt somehow with trojan infection?
    5) reboot
    6) uninstalled NOD
    7) reboot
    :cool: ran LSP fix-nothing showed as usual- hit finish.
    9) reboot
    10) boot again
    11) boot again
    12) installed NOD 2.70.10 and bingo, got updates!

    P.S.-Eset now supports V-2.70.10 through tech support just in case Blackspear ever goes on vacation for a day or two.

    Thanks to all those who helped me!
    zappa
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    You are welcome zappa.

    Cheers :D
     
  6. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,034
    Location:
    California
    Hello,

    Just to confirm, TDS-3 is Diamond Computer System's Trojan Defence System-3 program, correct?

    Regards,

    Aryeh Goretsky
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Correct.

    Cheers :D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.