what should my friend do?a stubborn virus

Discussion in 'NOD32 version 2 Forum' started by loong, Feb 20, 2007.

Thread Status:
Not open for further replies.
  1. loong

    loong Registered Member

    Joined:
    Feb 13, 2007
    Posts:
    28
    nod32 detected this virus on his pc
    he clicked “delete” and rebooted his pc,but it appeared again.
    and he tried in safemode,failed.
    what should my friend do?
     

    Attached Files:

  2. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It looks like a rootkit. Does NOD32 find something if you run a scan with all settings maxed out? Especially make sure that Antistealth technology, Advanced heuristics and runtime packers are enabled.
     
  4. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Also you can try to disable system restore before doing a scan, then rebooting and re-activating it (if it is needed). Sometimes you can't repair correctly what's in the system restore folders, and come back.
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I will take it as a wrong advice esp for a beginner. He can,t revert if he by mistake do rather more harm during attempted repair.
    Besides how he can be reinfected from system restore if he is not going to do a restore?
    And what is the evidence that there is something in system restor?

    Just my opinion. I am not expert.
     
  6. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    In fact we had a problem of virus files re-appearing after scans, and this was because some were located in system restore. Also I never, ever used system restore myself since I first used Windows XP because it miserably failed to restore anything when I needed it and takes up much disk space, so I usually de-activate it.

    I didn't say there was something in there, I said there could be. I'm no expert either but write from experience.
     
  7. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    aigle is correct.

    A dirty restore point is better than no restore point at all. Once the infection is elimated from the main system and no issues have surfaced, then the restore points can be cleaned.
     
Thread Status:
Not open for further replies.