Windows 7, nod32 and a Trojan!

  herc182 09:41 22 Nov 2009
Locked

Dear all,

Seems like i am not having much fun. I have windows 7 and nod32. Not had a problem with it in the past, and whilst looking for the answer to my read only problem (also on this forum) one of the website I visited caused nod32 to go mental. Ever since I have had this sort of warning everytime I start windows:

C:\windows\temp\vrtc1f7.tmp

click here

Both apparently are a variant of Win32/kryptik.bbl

I have run:

- a nod 32 virus scan
- a2 (squared scan) - there are various files it says it can't delete
- spybot
- adaware
-  Malwarebytes

I have run them on my profile, another admin profile and in safe mode

Can't get rid of this. 

Other problems I am having (also coincident with this issue) which may be connected:

- windows logging me randomly into a temp profile 
- google chrome won't work (says it can't start and has an error 0xc0000005)

Anyone have any ideas how to get rid of this Trojan??

Thanks 

  herc182 09:44 22 Nov 2009

DO NOT CLICK ON THAT LINK!!
sorry it turned this into a link automatically:

...://colopin.cn/oc/boxv.txt

I forgot to mention i have not yet done a system restore. Last resort

  herc182 13:33 22 Nov 2009

Any thoughts?

Thanks

  Ashrich 14:32 22 Nov 2009

I would try posting your question at Wilders Security forum for Nod32 , click here , scroll down to the Eset forum , the makers/writers of Nod32 use this forum .

Ashley

  DieSse 14:36 22 Nov 2009

I suspect that all you've got a link of some kind to a trojan file which no longer exists, as it's been removed.

But I don't full understand where you say

"I have had this sort of warning everytime I start windows:

C:\windows\temp\vrtc1f7.tmp"

You haven't quoted a warning, just a file name. What exactly is the "warning" you have had, in all it's fullness please.

  herc182 14:50 22 Nov 2009

I don't have a word for word warning message unfortunately. Nod32 gives a pop up balloon saying that a Trojan was quarantined from that location (the website I quoted above and the temp file location) and that they are a variant of this win32/kryptik Trojan.

Sorry for "brief" replies but am not on my computer right now, on my phone.

Is that enough info?

Thanks

  herc182 15:00 22 Nov 2009

Ashrich

thanks for that link. I had a look on there and I found that it could be a false positive.

See here click here

I have seen something before that might suggest a false positive. But will it go away?!

Thanks

  herc182 15:10 22 Nov 2009

Also found this which may suggest it is a Trojan. God!! Confusing. I was hoping it could be a false positive if all the other programs didn't find it

click here

  herc182 07:22 23 Nov 2009

Should I be thinking of deleting nod32? It will keep quaranteening important windows files otherwise (alssuming it's a false positive?)

  Input Overload 11:14 23 Nov 2009

I've used Nod for over 5 years & as yet it has never flagged a false positive. I'm not saying that it never does but not with me & Eset is on 3 PC' here & I have a friend who has Eset on 4 PC's & never had a FP.

  herc182 11:22 23 Nov 2009

just not sure what to do. I have read a lot of posts regarding this as being a false positive.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Fujitsu Lifebook P727 laptop review

Microsoft Paint set to die after 32 years

Mac power user tips and hidden tricks

Comment désactiver la saisie intuitive et paramétrer votre clavier ?