Virut infects mi EXE´s, NOD32 delete my EXE´s

Discussion in 'ESET NOD32 Antivirus' started by toxinon12345, Sep 10, 2010.

Thread Status:
Not open for further replies.
  1. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Hello,
    I'm infected with a variant of Win32/Virut.NCF.
    All my EXE's are being infected and deleted. :(

    I sent a sample of an infected file [MD5: 328e39c0668d46a1631b4beda06a2bc0] to samples@eset-la.com and samples@eset.sk, however, only got an automated response (eset-la [Ticket # 2010090810000119])
    that the file was received and minutes later it was automatically analyzed and identified as a variant of Win32/Virut.NCF, with no response if the cure would be added in the next signatures. o_O

    The sample was also sent via EAV 4 GUI two days ago. :ninja:
     
    Last edited: Sep 10, 2010
  2. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Send a private message to one of the ESET Moderators, quoting this thread with a brief explanation of your situation.

    Apparently submitting files from the GUI go to the void, I have stopped doing this since this feature was recently deemed as useless :ouch:

    If you get no reply (assuming you are in the US or Canada) call ESET 1-866-343-3738
     
    Last edited: Sep 11, 2010
  3. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
  4. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    The Virut family of file-infecting viruses will often damage files when it infects them by deleting original portions of their program code. Disinfection in these circumstances is not possible since the anti-virus program cannot re-write the missing parts of the program.


    Regards,

    Aryeh Goretsky
     
  5. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    On an earlier occasion had downloaded a program for GUI´s in Delphi.
    NOD32 automatically alerted me and cleaned / repaired the file (Win32/Virut.NBI)

    Now the detection is a variant of Win32/Virut.NCF
    Free Dr.Web says that "cured" the files to their previous state,
    but when I sent the "cured" file to VirusTotal, Avira says that the file was patched.

    I want an exact disinfection, not a mitigation.
    Apparently, in this case is not possible as before.
     
Thread Status:
Not open for further replies.