what should i do with this error?

Discussion in 'NOD32 version 2 Forum' started by hasit, Aug 10, 2006.

Thread Status:
Not open for further replies.
  1. hasit

    hasit Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    44
    trojan Win32/Zapchast found in operating memory. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed. No action can be taken while the file is in memory. Click "Leave" to continue and subsequently run the cleaning of all local disks. System memory infection originated from file C:\WINDOWS\system32\wintxs32.dll.

    i only found an option of Leave, and nothing else.
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Could you please check your settings against those found HERE

    Then run a scan by clicking on the NOD32 Control Centre> NOD32> Run NOD32> Scan and Clean.
     
  3. hasit

    hasit Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    44
    i have followed all the configuration, still found this error. let me run a scanning now and tell you what i found.
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    More information on that one HERE

    Cheers :D
     
  5. hasit

    hasit Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    44
    this is out of NOD scope? I am referred to some other application called HijackThis? please advice
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    What was the result of your scan?

    Blackspear.
     
  7. hasit

    hasit Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    44
    the result did show me the infected file, it asked me to delete it, and gave that option. Do you think my system is cure now?
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    If you had set your system as per the Tutorial it would not have asked, it would have attempted a clean, failing this it would have deleted and quarantined the infection automatically.

    If you run a further scan, does it now come up clean?

    Blackspear.
     
  9. hasit

    hasit Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    44
    can you advice me with the exact setting that you are referring to? I think i have done the BEST! I just had ignored the schedule, rest all was as you told.
     
  10. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    For scan settings, post number 47 to 60.

    Cheers :D
     
  11. hasit

    hasit Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    44
    i have already been following this rule.
     
  12. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    With those settings your scan will NOT ask anything, or are you talking about a warning when the infected file arrived, in such a case you would need to check your AMON and IMON settings and change from the default, to clean, delete, quarantine.

    Cheers :D
     
  13. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Hasit, if the file is still there, try running the NOD32 on-demand scan from Safe Mode.
     
  14. ASpace

    ASpace Guest


    Hasit , Blackspear was telling you that if you follow his tutorial , NOD32 will not ask the user for action but will first attempt to clean and if not possible will delete it.

    If NOD32 is by default , it will pop-up and ask if a threat is found in Scan&Clean mode

    I'll second alglove .It is better to do the following:

    Make sure your NOD32 is updated.

    Then (if you still haven't) , go through BS's tutorial
    https://www.wilderssecurity.com/showthread.php?t=37509

    Then , as shown here , boot in Safe Mode and scan . Safe Mode is a special Windows mode where several things are loaded and most of the viruses/spywares can't load in that mode . When so , AV softwares can easily kill the viruses :)


    Boot to Safe Mode by pressing F8 while your Windows is starting before the Windows logo appears and choose Safe Mode . Goto Start->Programs->ESET->NOD32
    Goto the Profiles tab and make sure you use Control Center Profile
    When so , make sure your set NOD32 to scan all your hard drives and push Scan&Clean

    NOD32 will automatically take care of everything ;)

    After the malware is eliminated , make sure you also turn off System Restore in Windows XP because it could also keeps tracks of the malware and you don't want to restore to that point . Right click My Computer->Properties->System Restore-> Check Turn off... and press Apply . Then Uncheck Turn off... to turn it back ON

    Restart
    You can provide your computer with second opinion with Ad-Aware se Personal http://www.lavasoftusa.com

    After this , you computer should be clean ! :thumb:
     
  15. hasit

    hasit Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    44
    "trojan Win32/Zapchast found in operating memory"

    this is a trojan, i think i dont need to go in safe mode for that, and after i ran the scan&clean it is not prompting me for that error again.

    now i see that file is being deleted, you think thats OK and now the virus is removed?
     
  16. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Run a further scan to be sure.

    Cheers :D
     
  17. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Try rebooting, then run the scan again, just to be sure. If the file does not come back, then the virus has been removed. :)
     
Thread Status:
Not open for further replies.