What to do about viruses/malware/adware that NOD doesn't catch ?

Discussion in 'ESET NOD32 Antivirus' started by themeishelping, Feb 8, 2009.

Thread Status:
Not open for further replies.
  1. themeishelping

    themeishelping Registered Member

    Joined:
    Feb 8, 2009
    Posts:
    2
    My friend has been having some problems with her computer, namely she has some adware and such that she can't seem to get rid of. I've helped her out as I can, I thought I killed one of them completely [though the other was more elusive], but it seems that they have both come back. I don't really know of a better place to ask for advice here, as this is about as close to an "official" forum as Nod gets, it seems.

    Note: she has Nod32 v3 [forget the version number, but it has updated definitions] in addition to Norton's Internet Security package. We've also used Spybot, Adaware, Hijackthis, and a couple of other scanners, as per recommendations. Nothing seems to fix them.

    One of them appears to do nothing but overwrite the default search engine for FF and IE to some engine called Yoog instead. It doesn't seem to do anything else, hasn't caused any overt problems, and it does appear to be an actual search engine, but I don't really like the idea of any undeletable programs, as they tend to open doors for other ones.

    The other [and more annoying one] is an adbot program that links to "Contextual ads by GlobalAdSolution" or something like that. It gives her popups in both FF and IE [again], even when she's not using either. I have found "fixes" online for this one, but both are FF and IE specific, and take care of the symptoms, but not the problem. I did notice that this process is stemming from one of the svchost entries [the one that also controls DOM info, if that makes a difference]. It is easy to kill if you know what you're looking for, but she doesn't, and I'd rather her not have to kill programs each time she turns her computer on. When I did delete this program, it was listed in at least 2 DLL files in system32, an executable there, and a DLL in the FF plugins folder as well.

    Nod32 doesn't detect either of these programs as "bad". Is this the kind of thing which will be passed out in updates shortly, or should I continue to try to fix this the old-fashioned way ? Much of the advice I've read as to the "fixes" of these are things like "reinstall Firefox". Oh, so very helpful. Thought somebody here might have a better idea.
     
  2. tipo

    tipo Registered Member

    Joined:
    Dec 29, 2008
    Posts:
    440
    Location:
    romania
    just use firefox with adblock plus and nod32 updated and...miracle! u, her and no one else would have adware or virus problems...it`s not about nod32 as an antivirus it`s about you and what you do on the internet.... :mad:
     
  3. themeishelping

    themeishelping Registered Member

    Joined:
    Feb 8, 2009
    Posts:
    2
    Well, she does use Firefox, and I did install ABP on it a few weeks ago, and Nod32 is updated, and I wouldn't really describe her as a "power user" or anything. I don't believe she's ever done anything less-than-credible online, but can't really say for sure. She's not in the list of people I would expect to get lots of viruses, and she usually doesn't. Just these couple that won't go away, apparently.
     
  4. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    You should tell her to right click the file and submit it for analysis.

    Also, making sure as much as possible is on auto update tends to be a good trick that I practice when it comes to securing other peoples PC's. The use of firefox, OpenDNS, and a hosts file helps too.

    Cleaning the PC: Tell her to download ESET SysInspector, create a log and send it to you, then email it to support("at")eset[dot]com with this threads URL in the subject.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.