virus uninstalled nod32!

Discussion in 'NOD32 version 2 Forum' started by wozza_nz, Jan 4, 2006.

Thread Status:
Not open for further replies.
  1. wozza_nz

    wozza_nz Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    2
    Hi
    on one of our windows 2000 servers , I noticed that some programs had crashed and CF ODBC wouldnt restart , before rebooting , I checked nod32
    and found all the tabs "red" , all the tick boxes were unticked
    so I ticked them and then rebooted

    after reboot , Nod32 had completly disapeared , I checked add/remove programs and it was gone
    in c: program files ESET there was just the .exe file left and a cache folder
    I had to reinstall etc
    then ran update and then scan - it found nothing ...
    I then ran search and destroy spy bot program, and it did find something ..
    Haxdoor-H
    which I removed.
    I'm not totally sure that is what removed nod32 , but first time Ive ever seen anything do that , and we have it installed on 10 servers.

    anybody else seen nod32 removed by a virus or trogan ?
     
  2. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    I certainly havent but this sounds very scary, do you know what virus it is or was ?
     
  3. wozza_nz

    wozza_nz Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    2
    Hi

    I only know that this Haxdoor-H was picked up by "search and destroy" , nod32 didnt find anything at all.
     
  4. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Haxdoor is a trojan, the hacker could have removed NOD once on your system. Not that it makes it any better, but I don't think NOD was removed by the trojan.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Especially given that the nod32kernel service cannot be killed.
     
  6. rumpstah

    rumpstah Registered Member

    Joined:
    Mar 19, 2003
    Posts:
    486
    One typical Haxdoor-H is Remote Administrator by Famatech if my memory serves correctly (version < 2.2).

     
  7. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Not right away but you can disable it considering NOD32 didn't detect it (if he's correct). Havne't thoroughly tested it but you can manually "kill" the kernel, thats for sure.
     
  8. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    the nod32 kernel respawns if killed though...
     
  9. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    No it doesn't if you set it so...
     
Thread Status:
Not open for further replies.