V3.0.672 Can't detect or remove problem?

Discussion in 'ESET NOD32 Antivirus' started by Chris74656, Dec 3, 2008.

Thread Status:
Not open for further replies.
  1. Chris74656

    Chris74656 Registered Member

    Joined:
    Feb 15, 2007
    Posts:
    24
    Sorry if this is the wrong forum for this but I'm stuck and at a loss as to what to do next about this problem.

    I'm working on the computer of a friend of mine who had V2.70.39, I've managed to upgrade him to 3.0.672 but regardless of the fact that I've scanned (multiple times and the system now scans clean) and removed the problems that were found from what I can see there is still something either virus / spyware / malware on the system that's causing problems that Nod32 isn't detecting.

    For instance, I couldn't (and still can't) run Spybot S&D or install the latest HiJackThis!. When I went to run either Spybot or the HiJackThis installer I could see them in Process Explorer however neither program window would come up and eventually they would terminate without ever running. I was able to run Spybot by renaming the executable and then running it but I couldn't update it as I kept getting a stream read error when searching for updates (I did turn the Windows Firewall off), so I manually downloaded the latest detection updates (and I had to rename that installer to get it to run as well) and ran that and then scanned and removed 130 something problems. But still have this problem.

    I've also run WinsockFix and LspFix to see if there are any unusual protocol drivers that could be blocking the Spybot update program and there's nothing wrong that I can see.

    I've read about rootkits but never had to actually deal with one and I'm not entirely certain that's the problem but what are the recommended tools for detecting if there's a rootkit? I've read a little about Mark Russinovich's RootKitRevealer but it's mainly a detection tool and the results can be somewhat cryptic?

    I'd appreciate whatever advice I can get on a course of action to find and remove whatever the problem is here.

    Thanks,

    - Chris
     
  2. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    ESET offers a utility program named ESET SysInspector to help in the diagnosis of undetected/non-removable malware (amongst other things).

    You can download a copy of ESET SysInspector from ESET, create a log file on your friend's PC and mail it to support@eset.sk for analysis by a support engineer, who can then provide further assistance with removing any undetected threats which may still be present on the system.

    Regards,

    Aryeh Goretsky
     
  3. Chris74656

    Chris74656 Registered Member

    Joined:
    Feb 15, 2007
    Posts:
    24
    I'm sorry, I don' want to start a flame war here but I posted this three and a half weeks ago and the only suggestion is send an info file to Eset and let them research it?

    Doing a lot of Googling, I found some information on the Spybot Search & Destroy forums about a tool called ComboFix that was suggested for problems such as what I described. I downloaded it and ran it and it found "Rootkit Activity" and was able to remove the rootkit and restore the system to normal operation.

    Again, I'm sorry but I've been an NOD32 user for six years and I've really come to expect more from NOD32 than this. Why doesn't V3 have this type of detection and removal capability? Why should I have to root around the internet for some third party tool when the anti-virus that I've paid for (and this person has paid for) should be doing this job? Sorry but in my opionion Eset / Nod32 fell flat on their face on this one and they really need to get their act together.

    - Chris
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    It does have rootkit detection, but like all anti-viruses, you can only help detect more by submitting files. On that note, I totally agree the 3 weeks response time is ridiculous. But I'm pretty sure agoretsky gets told be hes superiors to reply to X, X and X as there's been no replies or something.
     
  5. Chris74656

    Chris74656 Registered Member

    Joined:
    Feb 15, 2007
    Posts:
    24
    The fact is that the computer in question did have a rootkit type virus / spyware and NOD32 3.0.672 was not able to detect it let alone do something to remove it.

    I realize that people have to submit files for analysis so that new virus's can be added to the detection database but NOD32 has for years toted it's ability of using advanced heuristics to detect potential threats not in the detection database. What happened to that?

    I was really looking for idea's, you know "try this, try that" and not necessarily anything official but just someone pointing me in a direction but I didn't even get any other end users trying to help out.

    - Chris
     
  6. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
Thread Status:
Not open for further replies.