bdenner Posted February 19, 2010 Share Posted February 19, 2010 (edited) This morning my PC was attacked by a variant of the ‘Kryptik’ Trojan some how got through NOD32 initially but was picked up later. Too late damage done, the only way I could get into my machine was via a boot CD. It corrupted the boot.ini file (Xp Prof SP3) although on initial inspection it looked OK but it wasn’t until I built a new file was I able to get past the ‘Disk Error’ message I received on boot up and get in to finish cleaning the mess. A heart stopping couple of hours. Note: Look at your C:\Windows\system32 Look for 3 files NLx.EXE x = B, C, D, Delete them or if unsure move them to another ‘Junk’ folder. Then Look at your C:\Windows\Prefetch folder Look for 3 files starting with NLx.EXE they will look something like NLB.EXE-1E7655f5.pf x = B, C, D, Delete them or if unsure move them to another ‘Junk’ folder. After they have done their damage they get moved to your ……\Local Settings\Temp\ folder as NLD.EXE. It was on the move that NOD32 detected their presence. KEEP A COPY OF YOUR ‘boot.ini’ file on a memory stick as there are many viruses out there that attack it. Edited February 19, 2010 by bdenner Link to comment Share on other sites More sharing options...
welo Posted February 19, 2010 Share Posted February 19, 2010 This morning my PC was attacked by a variant of the ‘Kryptik’ Troj How exactly did you got infected? Did you run any executable? welo Link to comment Share on other sites More sharing options...
stolidfeline Posted February 19, 2010 Share Posted February 19, 2010 And don't use NOD32 ! Link to comment Share on other sites More sharing options...
bdenner Posted February 19, 2010 Author Share Posted February 19, 2010 How exactly did you got infected? Did you run any executable? No I definitely did not run a new executable and normally make a point of scanning anything I (knowingly) download. When NOD 32 alerted me to the problem I was given options on what to do so I selected delete and clean. i was asked to reboot and could not get past "Disk Error" on the boot up stage. F8 was useless so no entry to the 'SAFE MODE'. And don't use NOD32 ! First time in many years it has let me down, they all have idiosyncrasies can you tell me what the 'PERFECT' solution is? Link to comment Share on other sites More sharing options...
welo Posted February 19, 2010 Share Posted February 19, 2010 And don't use NOD32 ! First time in many years it has let me down, they all have idiosyncrasies can you tell me what the 'PERFECT' solution is? No antivirus solution offers 100% protection against zero-day malware. Definition based scanners don't work since even the best lab cannot provide immediate updates. Heuristic and behavioral scanners can detect unknown malware but still nowhere close to 100%. Currently I am testing ThreatFire (behavioral protection, highest level) and Avira (heuristics set to highest level) and during my tests a newly published malware still got through. And ThreatFire is causing all kind of annoyances at this level (slow downs and even crashing some apps). Personally I think NOD32 is hyped in Thailand, but serious reviews always rank it among the TOP10 antivirus solutions, so it is surely a good enough product. welo Link to comment Share on other sites More sharing options...
jonclark Posted February 19, 2010 Share Posted February 19, 2010 Anyone tried Returnil 2010 AV? Seems to be very good and works in a different way to most other AV, but I'm no techie Link to comment Share on other sites More sharing options...
webfact Posted February 20, 2010 Share Posted February 20, 2010 I run NOD32, Malwarebytes and Winpatrol - for me the perfect protection so far Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now