Win32.Delf.rtk

Discussion in 'ESET NOD32 Antivirus' started by rivermobster, Sep 24, 2008.

Thread Status:
Not open for further replies.
  1. rivermobster

    rivermobster Registered Member

    Joined:
    Sep 24, 2008
    Posts:
    12
    This thing has installed a bunch of different files and modifed the registry as well. SpyBot seems to be blocking it, but NOD ignores it completely!!!

    Some of the files are...

    afisicx.exe
    msweew.exe
    tdydowkc.exe
    soxpeca.exe
    wsldoeke.exe
    tpszxyd.sys
    roytctm.exe
    noytcyr.exe
    mabidwe.exe

    These are the ones i can find anyway.

    If i delete the files thru the command line, on reboot, they are put right back in place! I can go in and delete the registry entries, and they are put back in place as well.

    HELP!!!!!!!

    Thanks in adavnce,

    Joe
     
  2. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Hello,
    use winrar or winzip to compress the files. make sure you password protect the archive. use the password "infected"
    send to samples[AT]eset.com or sample[AT]eset.com
     
  3. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    If you want to clean things up fast, download a copy of autoruns and reboot in to safe-mode. Open autoruns and look at the startup entries and remove out the registry keys or startup shortcuts that are launching these things. Also look under your services listing as they may have registered themselves there instead of launching from a registry key, as well as browser helper objects. Reboot and you should have stopped the garbage from executing and getting in to memory unless a system component was trojaned or something really bad got on there at which point you can start submitting samples.
     
  4. rivermobster

    rivermobster Registered Member

    Joined:
    Sep 24, 2008
    Posts:
    12

    Done. Thanks for the quick response!!!

    Joe


    (sent to samples)
     
    Last edited: Sep 24, 2008
  5. rivermobster

    rivermobster Registered Member

    Joined:
    Sep 24, 2008
    Posts:
    12
    Did you guys get the zip file??
     
  6. rivermobster

    rivermobster Registered Member

    Joined:
    Sep 24, 2008
    Posts:
    12
    back to the top
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Unfortunately, I couldn't find that file. We have not received such file from online scanners either. Could you resend it to samples[at]eset.com with this threads url in the subject?
     
  8. rivermobster

    rivermobster Registered Member

    Joined:
    Sep 24, 2008
    Posts:
    12
    your email filters may have blocked it. when i tried to send it through yahoo, it scaned it and said no way!!!

    i sent it thru my pop3 account, but maybe it got blocked on your end.

    ill give it another shot...
     
  9. rivermobster

    rivermobster Registered Member

    Joined:
    Sep 24, 2008
    Posts:
    12
    I just sent you an email with no file attachment. Please reply so i know it went through, then i will reply with the zip file attached.

    Thanks.
     
  10. rivermobster

    rivermobster Registered Member

    Joined:
    Sep 24, 2008
    Posts:
    12
    maybe im doing something wrong here...

    is this the support forum for NOD32 or noto_O

    :doubt:
     
  11. rivermobster

    rivermobster Registered Member

    Joined:
    Sep 24, 2008
    Posts:
    12
    ok,

    i obvously bought the wrong software when i bought NOD. i wont make this same mistake again. ill make sure to pass along to everyone i know, what great support NOD provides.

    thanks for nothing i guess....

    :thumbd:
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It seems you unintentionally expected me to communicate with you through Wilders outside working hours as you posted here your complaint about midnight our time. I'd suggest contacting customer care if there's a problem with samples. As for your samples, I still couldn't find them. Maybe you could upload them to a file sharing service (e.g. Rapidshare) and send only the link to samples[at]eset.com.
     
  13. rivermobster

    rivermobster Registered Member

    Joined:
    Sep 24, 2008
    Posts:
    12
    nice try...

    but i sent you the files, and asked if you recieved them, shortly after you asked me to send them.

    seems your quick to respond to work ethic issues, but a little slow on the actual work that you should be doing.

    i know what i need to know now. NOD support sucks

    :thumbd:
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'm sorry, but the fact that I replied here doesn't mean that I stayed awake and kept monitoring this forum during the night. I think we all are people that need to take rest and do not work 24 hours. As I said, I didn't find your sample, hence I asked you to upload it to a file sharing service and then send the link to samples[at]eset.com with this thread's url in the subject.
     
  15. rivermobster

    rivermobster Registered Member

    Joined:
    Sep 24, 2008
    Posts:
    12
    No worries. I have it handled. You go on back to bed...
     
  16. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Look, we in Slovakia have got 01:07 AM now, so understand that no one is night-bird.
     
  17. rivermobster

    rivermobster Registered Member

    Joined:
    Sep 24, 2008
    Posts:
    12
    hey guess whato_O

    Avast FREEWARE found everyone of those files, and deleted em on the first boot scan!!!! NOD acted like they actually belonged there. What a total waste of money this product is. And I had heard such great things about it. :thumbd: It's only a few hundred dollars i wasted on it. No big deal at all eh? Nothing personal bro, but NOD is completly useless. Any chance i could get a refundo_O
     
  18. hex_614

    hex_614 Registered Member

    Joined:
    Jul 17, 2008
    Posts:
    155
    Location:
    Manila, Philippines
    looks like nod32 is loosing its hold on the top antivirus software. but in vb100 test nod32 always gets an award. i wonder....
     
  19. poep

    poep Registered Member

    Joined:
    Sep 28, 2008
    Posts:
    1
    had the same virus rivermobster. Thanks telling me about avast. Avast found 72 infected files, i just bought nod32 for my mother and told my friends it was the best, now I'm not sure what to believe.

    -edit-still like nod32 it was faster to remove a ravmon virus from my mp3 player then avast, looks like I'll be needing both
     
    Last edited: Sep 28, 2008
  20. rivermobster

    rivermobster Registered Member

    Joined:
    Sep 24, 2008
    Posts:
    12
    I heard it was the best as well. It's hard to know what to belive and what not to belive these days, but it's pretty obvious now. Everything from SpyBot to Avast seem to know about this issue. Do a Google search on anyone of those above mentioned files, and all kind of info shows up! NOD scaned all the files and didn't see anything wrong with them. Theres the whole story right there.

    And if you read the posts here, and look at the time stamps, you can see the support here is lacking as well.

    I will do what I can to get a refund. If ESET will not comply, I'll go throught my credit card company.

    Good luck to the rest of you guys!
     
Thread Status:
Not open for further replies.