Pending: Is there a malware that beats Nod32 ?

nlty2000 · 02-26-2009

My laptop got infected with some kind of virus that disguises itself in system .exe files. I did fdisk /mbr, killdisk, dos format, windows format and reinstalled XP. I further ran "Killamvo", installed Nod32 and performed full scan. Now it seems to be clean, but;

While Nod32 runs:
I can connect to internet with or without having my wireless router plugged.

When uninstalled Nod32:
I cannot connect to internet if I plug the cable directly to cable-modem, but some background application constantly downloads, just like the pc was infected.

I connect to internet and the suspicious download disappears when I plug the ethernet cable to the router. I rescan the drive but it seems clean.

What the hell is happening? Any idea?

Ps: Nod32 is up-to-date, connection is cable, Emule doesn't connect after format.

Arctos · 02-26-2009

I have found that when you set up Nod 32 correctly you are 100% safe.

Here are the settings I use from Blackspear, who is a moderator at Wildings and a guru with Nod32.

The easiest way (remember to put your username and password back in after importing the settings).

Wilders Security Forums - View Single Post - EAV 3.0 Tutorial - 15 Jan 2008

The whole tutorial explaing the whole thing...

EAV 3.0 Tutorial - 15 Jan 2008 - Wilders Security Forums

Emule is a malware magnet so Nod32 will be blocking it most probably...

nlty2000 · 02-27-2009

The settings on my Nod32 were very similar. I scanned the machine with Bitdefender, it found some "backdoor" things in two proxy forwarding software, i deleted them permenantly, now the system is supposed to be clean but same thing happens. I think I'm going to change both the modem and hard drive. Or what?.. #½@@!

DCiAdmin · 03-08-2009

Nlty2000,

Apologies for missing your thread. Please download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please download from one of these webpages .
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.
Double-click on ComboFix.exe & follow the prompts.
If it will not run rename Combofix to xxx.exe and run that.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

DCiAdmin · 03-25-2009

Nlty2000,

Do you wish to pursue your issue any futher? We are here to assist you if you do. Please post an update if you wish to continue support for this issue.

Crush · 04-09-2009

Hello,

This thread has been moved into the Unfinished HJT forum due to inactivity. Please follow the procedure at the top of the forum if you still require assistance

Regards,
Crush
PCHF Security Team Leader

02-26-2009	#1
nlty2000 New Poster Join Date: Feb 2009 Posts: 2 PC Experience: Some Experience	Is there a malware that beats Nod32 ? My laptop got infected with some kind of virus that disguises itself in system .exe files. I did fdisk /mbr, killdisk, dos format, windows format and reinstalled XP. I further ran "Killamvo", installed Nod32 and performed full scan. Now it seems to be clean, but; While Nod32 runs: I can connect to internet with or without having my wireless router plugged. When uninstalled Nod32: I cannot connect to internet if I plug the cable directly to cable-modem, but some background application constantly downloads, just like the pc was infected. I connect to internet and the suspicious download disappears when I plug the ethernet cable to the router. I rescan the drive but it seems clean. What the hell is happening? Any idea? Ps: Nod32 is up-to-date, connection is cable, Emule doesn't connect after format.

02-26-2009	#2
Arctos Tech Member Join Date: Sep 2006 Location: Bundaberg, Australia Posts: 4,308 PC Experience: RTM Assoc. Dip.	Re: Is there a malware that beats Nod32 ? I have found that when you set up Nod 32 correctly you are 100% safe. Here are the settings I use from Blackspear, who is a moderator at Wildings and a guru with Nod32. The easiest way (remember to put your username and password back in after importing the settings). Wilders Security Forums - View Single Post - EAV 3.0 Tutorial - 15 Jan 2008 The whole tutorial explaing the whole thing... EAV 3.0 Tutorial - 15 Jan 2008 - Wilders Security Forums Emule is a malware magnet so Nod32 will be blocking it most probably... __________________ PCHF open 24/7 - Antiques made daily... Join the PC Help Forum WCG Team and fight cancer with us!

02-27-2009	#3
nlty2000 New Poster Join Date: Feb 2009 Posts: 2 PC Experience: Some Experience	Re: Is there a malware that beats Nod32 ? The settings on my Nod32 were very similar. I scanned the machine with Bitdefender, it found some "backdoor" things in two proxy forwarding software, i deleted them permenantly, now the system is supposed to be clean but same thing happens. I think I'm going to change both the modem and hard drive. Or what?.. #½@@!

03-08-2009	#4
DCiAdmin Tech Team Leader Join Date: Sep 2008 Location: Heart of the US Midwest Posts: 7,518 PC Experience: Perpetual Student	Re: Is there a malware that beats Nod32 ? Nlty2000, Apologies for missing your thread. Please download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please download from one of these webpages . http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. Double-click on ComboFix.exe & follow the prompts. If it will not run rename Combofix to xxx.exe and run that. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. __________________ DCiAdmin PCHF Rules / PreWork / AfterWork / PCHF Downloads / System File Checker** Thank you for entrusting your system to PCHF!

03-25-2009	#5
DCiAdmin Tech Team Leader Join Date: Sep 2008 Location: Heart of the US Midwest Posts: 7,518 PC Experience: Perpetual Student	Re: Is there a malware that beats Nod32 ? Nlty2000, Do you wish to pursue your issue any futher? We are here to assist you if you do. Please post an update if you wish to continue support for this issue. __________________ DCiAdmin *PCHF Rules* / *PreWork* / *AfterWork* / *PCHF Downloads* / *System File Checker* Thank you for entrusting your system to PCHF!

04-09-2009	#6
Crush Tech Support Team Join Date: Sep 2008 Location: Caldwell, New Jersey Posts: 10,666 PC Experience: Always Learning New Things	Re: Is there a malware that beats Nod32 ? Hello, This thread has been moved into the Unfinished HJT forum due to inactivity. Please follow the procedure at the top of the forum if you still require assistance Regards, Crush PCHF Security Team Leader __________________ Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this

Similar discussions...
Thread	Thread Starter	Forum	Replies	Last Post
<News> Wii Beats PS3 in Europe	Newsie	IT News	0	06-12-2007 07:42 AM
<News> HP Beats Dell in PC Sales	Newsie	IT News	0	03-08-2007 06:36 AM
Nvidia 7800 GTX beats ATI Radeon X1800XT	DarkLord7854	The Lounge	4	11-15-2005 02:10 AM
Solved: zonealarm security suite and nod32 conflict?	Ali2005	Firewalls	4	08-25-2005 02:24 AM
[Pending] NOD32 Prob	Stepes	Anti-Virus	3	08-10-2005 10:36 AM

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode