Discussion in 'ESET NOD32 Antivirus' started by Andrew Carey, Mar 7, 2009.
I pulled the drive, got tired of messing with it.
Well scanning with NOD32 v4 on an external drive found and deleted Win32/Olmarik.GC
Still waiting on Win32/Agent.ODG
NOD32 v4 does not find Win32/Agent.ODG when the drive is pulled and scanned off a USB connection.
If it's in your temp folder then you need to inherit it.
Some folders might not be accessible if you did not inherit the permissions. You basically don't have the Security Permissions to scan the folder so it's skipped.
Right click on the folder go to Sharing and Security -> got To SEcurity -> Click ON Advanced tab -> go to Owner Tab -> Choose your username that is currently running and check the REplace Owner on Subcontainers and Objects.
Then go to the Permissions TAB and add yourself to it meanwhile clicking the Replace Permission on all Child and Objects.
It will take a few second to min to finish, I would recommend doing that to every folder on the C drive...the top level folders, that way you can scan everyrthing off the USB drive.
Also, keep in mind that if you used the NTFS ENcryption on any folder, then that folder will not be accessible (ever!). So before doing that, make sure that no folder was NTFS encrypted.
Or use ScriptLogic Security Explorer, which is a great Admin tool
Thanks for the reply, has anyone been able to clean Win32/Agent.ODG yet?
Thanks for the tool, will take a peek at it.
Did you find the infection when resetting the permissions? Or is it still invisible?
I tried EsetRescue (on USB drive), it found the suspect dll, deleted it. On reboot infection back.
I tried Malwarebytes - couldn't get to run.
Friend suggested that I try ComboFix. http://www.bleepingcomputer.com/combofix/how-to-use-combofix.
Ran and found a RootKit: gaopdxp.........dll and similar but .sys. After a couple of reboots, machine clear of infection. On last reboot, ESET antivirus finally said, can I submit these suspicious files for a lookat
Eset antivirus knew about the virus, but I guess, not the rootkit.
Hey i had troubles with this exact Virus just this morning
I have managed to remove it
What i did
First download Gmer
Its is a rootkit revealer.
Once downloaded reboot into Safe mode.
Once logged into safe mode run gmer(i had to rename the exe i called it Rootkit lover and it worked great)
It will run a scan of your system
When it finds the rootkit entry (will be highlighted in red)
right click on all the entries till you get the option to delete, definately delete.
Once you have deleted all the red ones you can restart.
I use Nod32 along with Malwarebytes Anti-Malware and SPybot
Firstly Scan with Nod32 (Indepth scan , strict cleaning)
And Malwarebytes(Not all 3 together max's a machine)
then when Malwarebytes has finished scan with Spybot, without restarting.
Remove any bad things found with these 3 programs and you should be clean and good to go
Separate names with a comma.