Why can't NOD32 stop Win32/Kryptik.EQB variant?

Discussion in 'ESET NOD32 Antivirus' started by Batus, May 30, 2010.

Thread Status:
Not open for further replies.
  1. Batus

    Batus Registered Member

    Joined:
    Aug 10, 2008
    Posts:
    19
    I followed a story link on a news site and...wham...a rogue antivirus trojan climbs on board. NOD identified it as a "variant of Win32/Kryptik.EQB trojan" and cut the connection and quarantined it. However, it's still all over my main pc (on the backup pc atm). SuperAntispyware IDed it as a "rogue antivirus program," and gave me the option to remove it. I did so, but upon rebooting I still have it in a big way.

    I can't do anything with it. I cut my internet connection and tried a system restore, but the trojan won't let me do a restore....or much of anything else.

    Any suggestions?

    Also, why is NOD32 unable to deal with this virus?

    My OS is XP SP3.

    Thanks for any info.
     
  2. piranha

    piranha Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    623
    Location:
    Laval, Qu?bec, Canada
    nod32 can detect virus but can not clean it all the time, dont know why, anyway it is in quarantine so your are suppose to be safe

    may be i am wrong but i suggest.....

    go in nod 32 quarantine and delete it, disable system restore and reboot, scan your pc with nod32, hope it will be clean now, enable system restore
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    It sounds like there's an undetected downloader but the actual malware it downloads is detected and blocked. I'd suggest creating a log from SysInspector and submit suspicious files to ESET per the instructions here. If you are unable to find any suspicious files, contact customer care and provide them the log.
     
  4. Batus

    Batus Registered Member

    Joined:
    Aug 10, 2008
    Posts:
    19
    I think you were right about the downloader. I finally got rid of it by restoring the system from Safe Mode (I had an auto save point about 2 hours before my pc was infected). Afterward, NOD32 prompted me to submit the quarantined files and I did so.

    Thanks for the replies.
     
Thread Status:
Not open for further replies.