Win32/Dzan.C

Discussion in 'ESET NOD32 Antivirus' started by coiter, Oct 5, 2009.

Thread Status:
Not open for further replies.
  1. coiter

    coiter Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    37
    I have this issue with the above mentioned virus. NOD detects it, but is unable to clean it.

    From google it has been around for a while, so im still worried why NOD cant handle it.

    NOD Also detects it as Win32/Dzan.C

    I also checked the threat center and its not even mentioned there.

    im starting to see more and more of this, all google info relates to other antivirus and please update defintions, but not a single word about it on NOD's websites.
     
  2. bradtech

    bradtech Guest

    Try Strict Cleaning Option in your options. I have noticed by enabling this I get better results.
     
  3. coiter

    coiter Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    37
    did you enable strict cleaning on it all?
     
  4. ASpace

    ASpace Guest

    @coiter
    Do you have a Windows installation disk (handy) ? What is your OS ?
    What exactly NOD32 detects (and where it is detected) ?
     
    Last edited by a moderator: Oct 5, 2009
  5. coiter

    coiter Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    37
    Name Threat Action Information
    C:\WINDOWS\system32\1021\services.exe Win32/Dzan.C virus unable to clean Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\1021\services.exe.
     
  6. ASpace

    ASpace Guest

    Just this services.exe and nothing else or ?
     
  7. coiter

    coiter Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    37
    Re: Win32/Dzan.C aswell

    Name Threat Action Information
    C:\Documents and Settings\xxxxxx\Start Menu\Programs\Startup\ctfmon.exe Win32/Dzan.C virus unable to clean Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\1021\services.exe.
     
  8. ASpace

    ASpace Guest

    It looks like trojan behaviour infecting other files , as well . This C:\WINDOWS\system32\1021\services.exe is active infecting other files

    C:\Documents and Settings\xxxxxx\Start Menu\Programs\Startup\ctfmon.exe is also a trojan (infected) - not a legitimate file.

    Let's try something else first:

    1) Reboot in Safe Mode
    http://kb.eset.com/esetkb/index?page=content&id=SOLN2268

    2) Perform full scan with ESET Command line scanner
    http://kb.eset.com/esetkb/index?pag...earch&viewlocale=en_US&searchid=1254769172955

    Post back the results
     
  9. ASpace

    ASpace Guest

    And do inform us if you have your Windows XP installation disk with you
     
  10. coiter

    coiter Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    37
    Thats my problem, This is a client running on a vessel on the other side of the world, i cant just go up to it and clean it.

    I have 200 clients in my configuration, where 140 of them are on vessels all around the world, africa, gulf of mexico, asia.

    Im dependent on that antivirus solutions like NOD can clean this bastard, like other antivirus software can.
    And i picked NOD because it was suppose to be the best, and had ditributed solutions with centralized management.
     
  11. ASpace

    ASpace Guest

    Then , write him/her instructions . If this is active , there is not way to be cleaned .

    A Safe mode scan or using other 3rd party tools can easily achieve successful removal , I suspect.

    Can't you log in remotely with Team Viewer ?
     
  12. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    ctfmon is for sure a legitimate file, it's for microsoft office I think.As far as that folder 1021 it IS NOT legit.......... delete it, first see what other files may reside in there.
     
  13. ASpace

    ASpace Guest

    Located here is certainly NOT a legitimate file .
    C:\Documents and Settings\xxxxxx\Start Menu\Programs\Startup\ctfmon.exe
     
  14. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    Want to bet money on this ? microsoft office uses this file, and it is meant to go into startup folder and / or the registry startup section.
     
  15. ASpace

    ASpace Guest

    Windows XP SP3
    MS Office 2007 SP2
    and pictures proove it all
     

    Attached Files:

    • 1.PNG
      1.PNG
      File size:
      76.2 KB
      Views:
      1
    • 2.PNG
      2.PNG
      File size:
      45.8 KB
      Views:
      1
  16. ASpace

    ASpace Guest

  17. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    Emmkay.... if he right clicks the file in the startup folder to check it's path, if it points to system32/ctfmon.exe then your good to go :blink:
     
  18. bradtech

    bradtech Guest

    Set your threatsense, and real time protection client to strict cleaning, and run a comprehensive scan from remote administrator..
     
Thread Status:
Not open for further replies.