Home > Eset Nod32 > ESET NOD32 - Variant Of Win32/Sirefef.DN Trojan

ESET NOD32 - Variant Of Win32/Sirefef.DN Trojan

EDIT, we cross posted, what did you scan with, where is the log? s r.o. - All rights reserved. Pre-Run: 121,207,959,552 bytes free Post-Run: 121,837,547,520 bytes free . But I can't seem to get rid of it this time.   My PC doesn't exhibit any of the symptoms for this virus, just the warning from NOD32. http://howto301redirect.com/eset-nod32/eset-nod32-smart-security-operating-memory-svchost-exe-4908-a-variant-of-win32-olmarik-awo-trojan-unable-to-clean.html

I hope to hear from someome tomorrow. 0 Share this post Link to post Share on other sites Arakasi 534 Group: Members Posts: 2393 Kudos: 534 Joined: June 25, 2013 c:\windows\$ntuninstallkb3296$\1644588774\l (Backdoor.0Access) -> Delete on reboot. C:\Documents and Settings\Jeff Lay\My Documents\Downloads\FileFormatConverters.exe.part » CAB » O12Conv.cab » CAB » msvcr80.dll.8.0.50727.762.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E - archive damaged - the file could not be extracted. scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(784) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program Bonuses

The trojan drops one of the following files in the c:\windows\system32\ folder: eventlog.dll(61952B) cngaudit.dll(61952B) The following files are dropped into the %systemdrive%\windows\ folder: win32k.sys:1(12288B) win32k.sys:2(61952B) The trojan may create and run Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List We must prioritize how we spend our resources, and even more so when we are offering services at no cost.

  1. To learn more and to read the lawsuit, click here.
  2. Click here to join today!
  3. I also ran the Windows Malicious Software Removal Tool, and it actually detected malware, but upon a restart ESET gave the same error.   What really baffles me is that ESET
  4. For step-by-step instructions to clean your system using the tool, please our Knowledgebase article. 2 Share this post Link to post Share on other sites Create an account or sign in
  5. Win32/Sirefef.DT Trojan Removal Help Discussion in 'Virus & Other Malware Removal' started by fitted83, Jan 20, 2012.
  6. Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.
  7. C:\Documents and Settings\Jeff Lay\My Documents\Downloads\FileFormatConverters.exe.part » CAB » O12Conv.cab » CAB » CANDARAZ.TTF - archive damaged - the file could not be extracted.

It's free. R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/11/2009 7:23 AM 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/11/2009 7:26 AM 96408] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/11/2009 7:24 AM 735960] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [6/2/2009 2:02 PM 10384] R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER C:\Documents and Settings\Jeff Lay\My Documents\Downloads\FileFormatConverters.exe.part » CAB » O12Conv.cab » CAB » PROTTPLV.PPT_1033 - archive damaged - the file could not be extracted. Sign In Now Sign in to follow this Followers 3 Go To Topic Listing Malware Finding and Cleaning Recently Browsing 0 members No registered users viewing this page.

Try What the Tech -- It's free! Please reply to this thread. When finished, a notepad window will open with the results of the scan. https://forums.whatthetech.com/index.php?showtopic=121631 Marcos may have more to add so stick around just in-case. 0 Share this post Link to post Share on other sites curtp 1 Group: Members Posts: 4 Kudos: 1

Another problem I have is that I can't seem to turn on Windows Firewall. c:\windows\$ntuninstallkb3296$\1644588774\u\[email protected] (Backdoor.0Access) -> Delete on reboot. C:\WINDOWS\system32\drivers\netbt.sys - Win32/Sirefef.DA trojan - unable to clean fitted83, Jan 20, 2012 #6 kevinf80 Kevin Malware Specialist Joined: Mar 21, 2006 Messages: 11,255 Do you have your XP CD? HKCU-Run-winupd - c:\docume~1\JEFFLA~1\LOCALS~1\Temp:winupd.exe SafeBoot-17215410.sys . . . ************************************************************************** .

I have tried several things found on the internet, but none worked. http://forums.whirlpool.net.au/archive/1901224 I was prompted to run the program again, I did so and the computer rebooted again and started up normally. kevinf80, Jan 20, 2012 #7 fitted83 Thread Starter Joined: Jan 20, 2012 Messages: 12 ESET NOD32 Antivirus 4 Here's the full log Scan Log Version of virus signature database: 6812 (20120120) Team Cymru has a proud tradition of providing useful tools to assist the Information Security Community.

I researched on that and it seems to be due to the fact that I can't start the Windows Firewall Authorization Driver. his comment is here C:\Documents and Settings\Jeff Lay\My Documents\Downloads\FileFormatConverters.exe.part » CAB » O12Conv.cab » CAB » nosxs_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E - archive damaged - the file could not be extracted. Register a new account Sign in Already have an account? Tech Support Guy is completely free -- paid for by advertisers and donations.

The process was painless and quick and the reps were professional and friendly. 1 Share this post Link to post Share on other sites Arakasi 534 Group: Members Posts: 2393 I called ESET San Diego and it was necessary for them to take remote control of my machine and manually clean the trojan. c:\windows\$ntuninstallkb3296$\1644588774\u\[email protected] (Backdoor.0Access) -> Delete on reboot. this contact form We listen keenly to the community feedback and we have determined that there are a number of new services that are needed.

Do not start a new topic. is missing!! . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_.netbt . . ((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 ))))))))))))))))))))))))))))))) . . 2012-01-20 01:27 . 2012-01-20 01:27 -------- d-sh--w- c:\documents and C:\Documents and Settings\Jeff Lay\My Documents\Downloads\FileFormatConverters.exe.part » CAB » O12Conv.cab » CAB » nosxs_msvcp80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E - archive damaged - the file could not be extracted.

C:\Documents and Settings\Jeff Lay\My Documents\Downloads\FileFormatConverters.exe.part » CAB » O12Conv.cab » CAB » XLSRVINTL.DLL_1033 - archive damaged - the file could not be extracted.

Thanks. Consistently helpful members with best answers are invited to staff. C:\Documents and Settings\Jeff Lay\My Documents\Downloads\FileFormatConverters.exe.part » CAB » O12Conv.cab » CAB » XLINTL32.DLL_1033 - archive damaged - the file could not be extracted. Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes

C:\Documents and Settings\Jeff Lay\My Documents\Downloads\FileFormatConverters.exe.part » CAB » O12Conv.cab » CAB » OFFICE.ODF - archive damaged - the file could not be extracted. C:\Documents and Settings\Jeff Lay\My Documents\Downloads\FileFormatConverters.exe.part » CAB » O12Conv.cab » CAB » CONSTANB.TTF - archive damaged - the file could not be extracted. Sign Up All Content All Content Advanced Search Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started Search More Malwarebytes.com Malwarebytes http://howto301redirect.com/eset-nod32/eset-nod32-found-gen-b-trojan-in-services-exe.html Failed to delete .

It's already done it like seven or eight times to no avail. 0 Share this post Link to post Share on other sites curtp 1 Group: Members Posts: 4 Kudos: scanning hidden files ... . The PC then works fine (with the same NOD32 prompts) until I have to restart again DDS Log.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by Yan Fu at 12:58:48 on 2011-11-27Microsoft TDSSKiller Log 11:17:28.0734 3564 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04 11:17:29.0359 3564 ============================================================ 11:17:29.0359 3564 Current date / time: 2012/01/20 11:17:29.0359 11:17:29.0359 3564 SystemInfo: 11:17:29.0359 3564 11:17:29.0359 3564

C:\Documents and Settings\Jeff Lay\My Documents\Downloads\FileFormatConverters.exe.part » CAB » O12Conv.cab » CAB » MSPTLS.DLL_0001 - archive damaged - the file could not be extracted. Please post this log in your next reply. C:\Documents and Settings\Jeff Lay\My Documents\Downloads\FileFormatConverters.exe.part » CAB » O12Conv.cab » CAB » PPCNV.DLL - archive damaged - the file could not be extracted. C:\Documents and Settings\Jeff Lay\My Documents\Downloads\FileFormatConverters.exe.part » CAB » O12Conv.cab » CAB » CAMBRIAB.TTF - archive damaged - the file could not be extracted.

or read our Welcome Guide to learn how to use this site. C:\Documents and Settings\Jeff Lay\My Documents\Downloads\FileFormatConverters.exe.part » CAB » O12Conv.cab » CAB » CORBELZ.TTF - archive damaged - the file could not be extracted. I wonder if this might be a false positive? 0 Share this post Link to post Share on other sites Arakasi 534 Group: Members Posts: 2393 Kudos: 534 Joined: June c:\documents and settings\Jeff Lay\fs11_12_14.exe c:\windows\$NtUninstallKB54541$\1970380924\@ c:\windows\$NtUninstallKB54541$\1970380924\bckfg.tmp c:\windows\$NtUninstallKB54541$\1970380924\cfg.ini c:\windows\$NtUninstallKB54541$\1970380924\Desktop.ini c:\windows\$NtUninstallKB54541$\1970380924\keywords c:\windows\$NtUninstallKB54541$\1970380924\kwrd.dll c:\windows\$NtUninstallKB54541$\1970380924\L\rohepcid c:\windows\$NtUninstallKB54541$\1970380924\lsflt7.ver c:\windows\$NtUninstallKB54541$\1970380924\U\[email protected] c:\windows\$NtUninstallKB54541$\1970380924\U\[email protected] c:\windows\$NtUninstallKB54541$\1970380924\U\[email protected] c:\windows\$NtUninstallKB54541$\1970380924\U\[email protected] c:\windows\$NtUninstallKB54541$\1970380924\U\[email protected] c:\windows\$NtUninstallKB54541$\1970380924\U\[email protected] c:\windows\$NtUninstallKB54541$\3229942629 c:\windows\$NtUninstallKB54541$ . . . .

Double click DeFogger to run the tool. Did we mention that it's free. C:\Documents and Settings\Jeff Lay\My Documents\Downloads\FileFormatConverters.exe.part » CAB » O12Conv.cab » CAB » XLCPRTID.XML - archive damaged - the file could not be extracted. Expect new announcements in the next few months as we roll out new offerings: make sure you follow @teamcymru and apply for our news mailing list via https://www.team-cymru.org/News/dnb.html.

C:\Documents and Settings\Jeff Lay\Desktop\Parts\Royalty Rotors\RR marketing collateral\Royalty Rotors Introduces Flagship Line of Slotted Cross Drilled Performance Rotors.mht » MIME - is OK (internal scanning not performed) C:\Documents and Settings\Jeff Lay\Local Settings\Application Please re-enable javascript to access full functionality. c:\windows\$ntuninstallkb3296$\1644588774\@ (Backdoor.0Access) -> Delete on reboot. C:\Documents and Settings\Jeff Lay\My Documents\Downloads\FileFormatConverters.exe.part » CAB » O12Conv.cab » CAB » WRD12EXE.EXE - archive damaged - the file could not be extracted.