Worried with this virus..

[Cosmin]

Hy. On my second computer from friday a tiny little issue was displayed by Eset Smart Security 7.. all details are available in attached screenshots. Tried to full-scan computer but .. the results are in the log below. What should I do? Try other security suite such as..Kaspersky ? :(

Thanks for any suggestion.

[simonlang]

i would not mess arround with trying to clean this mess up. proper format and re-install.

[Praetor]

wow so many solutions on this thread, i know because i've done it all. :)

 

OP: have you tried to do what warwagon said? what process is hooked on that run32? also did you tried to boot into safe mode and run combofix from there? system restore to a previous point in time? linux live cd/usb and run an AV solution from there?

 

hum.. just saw the behavior of that trojan, in http://www.virusradar.com/Win32_Ponmocup.AA/description?lng=en. Pretty much everything is explained in there and your best bet right now is to boot into another OS (like a Live CD/USB) and run an updated AV solution from there.

Edited October 12, 2014 by Praetor

[Cosmin]

No.. so many steps there.. I'll reinstall o.s. and have another reason for that .. with latest software that I use (Inventor/AutoCAD 2015) too..  :) . I know my solution it's not the best but I highly appreciate all your efforts and details!

Thanks!

 

oh.. and Eset Smart Security 8 it's alive.. should I continue with it :D ?

[goretsky Supervisor]

Hello,

 

Did you check with ESET's technical support to verify it wasn't a false positive alarm of some sort?

 

Regards,

 

Aryeh Goretsky

[John.D]

Try trojan remover if you can get it. Download / update it then scan. Then select all the options under the utilities menu. This will reset everything

 

I would also disable system restore for now

[+Warwagon MVC]

Hello,

 

Did you check with ESET's technical support to verify it wasn't a false positive alarm of some sort?

 

Regards,

 

Aryeh Goretsky

 

I actually thought about posting that too.

[T3X4S]

If you decide against wiping and starting over:

adwcleaner
then uninstall eSet & install webroot's Internet Security trial. (you can re-install eSet afterwards if you want to.
There is a chance it is either a 0-day or a false positive.

Honestly too much time has already been wasted if you haven't started over - I'd go for it - time is money. ;)

[guitmz]

try combofix

[T3X4S]

try combofix

But be careful - you can totally hose a system with combofix if you're not careful.

[guitmz]

But be careful - you can totally hose a system with combofix if you're not careful.

 

usually i dont have problems with it but yeah.. it can happen but still a valid try imo

[sc302 Veteran]

My go to for removing stuff

 

tdsskiller - http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe

combofix - http://www.bleepingcomputer.com/download/combofix/dl/12/

malwarebytes - https://www.malwarebytes.org/mwb-download/

superantispyware - http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

hitman pro - http://dl.surfright.nl/HitmanPro_x64.exe

 

If that doesn't remove it, nuke it from orbit. 

[Tews]

All of this could have been avoided with an image of your system drive you know. ;)

[Krome]

lol 30+ Rootkit on one system... That's a record.  And I bet there are more that would have not been detected by the TDSSKiller.  :)  I feel bad for the computer that had been neglected. :)  Wipe the drive for the sake of mankind.  I bet that system is part of a botnet base on that scan.  Hope you recover the computer.

[sc302 Veteran]

I don't think he has 30+ rootkits on the system, I think he was just quoting the page from kaspersky that he linked to.  If he had that many rootkits, the computer would be inoperable. 

 

this is what he linked to

 

http://support.kaspersky.com/viruses/solutions/2727#block1

 

I don't even think he ran tdsskiller, I think he went to that website and assumed it ran (without downloading anything, or running anything) and picked up all of that nonsense.

[xrobwx71]

Malwarebytes/Superantispyware/Hitmanpro/Kaspersky

 

In that order. Will get pretty much everything.

I would have added combofix to that list but it currently doesn't work on Win8/8.1 sigh.

[Praetor]

he said he run it but didn't catch anything. Also that was a list of the threats TDSSKiller catches on.

[Krome]

Oh ok... thanks for clearing that...

[Cosmin]

I don't think he has 30+ rootkits on the system, I think he was just quoting the page from kaspersky that he linked to.  If he had that many rootkits, the computer would be inoperable. 

 

this is what he linked to

 

RIGHT!

 

http://support.kaspersky.com/viruses/solutions/2727#block1

 

I don't even think he ran tdsskiller, I think he went to that website and assumed it ran (without downloading anything, or running anything) and picked up all of that nonsense.

 

VERY WRONG!

 

he said he run it but didn't catch anything. Also that was a list of the threats TDSSKiller catches on.

TRUE

 

Did you check with ESET's technical support to verify it wasn't a false positive alarm of some sort?

 

Never done that.. details ?

[goretsky Supervisor]

Hello,

 

From looking at the contact page on ESET's web site, here are the main phone numbers for each office:

 

ESET Headquarters (Slovakia) +421 (2) 322 44 111

ESET Argentina +54 (11) 4788 9213

ESET Australia +61 (2) 8080 4300

ESET Czech Republic +420 233 090 233

ESET Germany  +49 (0) 3641 3114 100

ESET North America +1 (619) 876-5400

ESET Singapore +65 6308 9680

 

Keep in mind, thouse are just the actual ESET offices.  They have over 100 distributors world-wide, according to this list of partners on their web site.

 

Regards,

 

Aryeh Goretsky

[+InsaneNutter MVC]

You have been working on this for weeks now, even if you get some antivirus / malware programs to state the system is clean would you really trust it again?

 

I personally wouldn't put it that way.

[T3X4S]

^^^   This.


Its nice to see when people look @ the bigger picture and say what needs to be said.

In other words...

Time to move on - you've wasted enough time with this (assuming you are still wasting time with this) ;)