What do I do ???

Discussion in 'ESET NOD32 Antivirus' started by Phazor, Jun 13, 2009.

Thread Status:
Not open for further replies.
  1. Phazor

    Phazor Registered Member

    Joined:
    Jun 27, 2002
    Posts:
    111
    Was surfing and all of a sudden.. everything is in the quartine folder. Ran a scan and Nod said it deleted 2 infections but thats it.
    What should I do...


    6/13/2009 12:01:05 PM Real-time file system protection file C:\WINDOWS\st_1244921286.exe Win32/BHO.NOE trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.

    6/13/2009 12:01:05 PM Real-time file system protection file C:\WINDOWS\st_1244922868.exe Win32/Tinxy.AD trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.

    6/13/2009 11:48:50 AM HTTP filter file ~Removed~ Win32/Tinxy.AD trojan connection terminated - quarantined Threat was detected upon access to web by the application: C:\WINDOWS\ld08.exe.

    6/13/2009 11:48:49 AM HTTP filter file ~removed~ Win32/BHO.NOE trojan connection terminated - quarantined Threat was detected upon access to web by the application: C:\WINDOWS\ld08.exe.

    6/13/2009 11:11:57 AM HTTP filter file ~Removed~ Win32/Tinxy.AD trojan connection terminated - quarantined Threat was detected upon access to web by the application: C:\WINDOWS\ld08.exe.

    6/13/2009 11:11:55 AM HTTP filter file ~Removed~ Win32/BHO.NOE trojan connection terminated - quarantined Threat was detected upon access to web by the application: C:\WINDOWS\ld08.exe.

    6/13/2009 11:09:44 AM Real-time file system protection file C:\WINDOWS\sysguard.exe a variant of Win32/Kryptik.TC trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\DOCUME~1\LOCALS~1\Temp\install[2].exe.

    6/13/2009 11:09:44 AM HTTP filter file ~Removed~ Win32/Tinxy.AD trojan connection terminated - quarantined Threat was detected upon access to web by the application: C:\WINDOWS\ld08.exe.

    6/13/2009 11:09:40 AM HTTP filter file ~removed~ Win32/BHO.NOE trojan connection terminated - quarantined Threat was detected upon access to web by the application: C:\WINDOWS\ld08.exe.

    6/13/2009 11:09:30 AM Real-time file system protection file C:\DOCUME~1\LOCALS~1\Temp\install[2].exe a variant of Win32/Kryptik.TC trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\QE3ER220\install[2].exe.
     
    Last edited by a moderator: Jun 13, 2009
  2. pondlife152

    pondlife152 Registered Member

    Joined:
    Apr 23, 2008
    Posts:
    105
    Location:
    UK
    Personally I would do a manual in-depth scan with NOD first.

    Then, to be sure, download a copy of Malwarebytes Anti-malware (the free version). Perhaps use an alternative browser if you have one installed.
    Just Google for their website where you can download the latest version. Install this, then do a full scan of your system.

    I usually find that a combination of a NOD scan and a Malwarebytes scan usually removes any nasties.

    Andy
     
  3. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  4. Phazor

    Phazor Registered Member

    Joined:
    Jun 27, 2002
    Posts:
    111
    So just clicking delete in the quarantine area. Doesnt remove the issue? or is just removing the notes

    On some of those entries it says its removed..
    But when I turn on the computer I get two Nod alerts.. for ~Links removed. No need to post links to possible malware here.~
     
    Last edited by a moderator: Jun 13, 2009
  5. pondlife152

    pondlife152 Registered Member

    Joined:
    Apr 23, 2008
    Posts:
    105
    Location:
    UK
    Obviously something remains on your system. You could boot into Safe Mode then scan with NOD there to see if it removes the infections, but Malwarebytes Anti-malware should remove everything in normal mode, maybe requiring a reboot to completely remove them. Hence my suggestion to use both products.

    NOD is not alerting you to malware that it has quarantined. It is alerting you because it hasn't been able to remove every piece of malware properly and keeps finding it.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If C:\WINDOWS\ld08.exe is not detected, send it to samples[at]eset.com with this thread's url in the subject. In the mean time, rename it and restart the computer so that the malware is not loaded in memory and running.
     
Thread Status:
Not open for further replies.