Windows 7, nod32 and a Trojan!

  herc182 09:41 22 Nov 09
Locked

Dear all,

Seems like i am not having much fun. I have windows 7 and nod32. Not had a problem with it in the past, and whilst looking for the answer to my read only problem (also on this forum) one of the website I visited caused nod32 to go mental. Ever since I have had this sort of warning everytime I start windows:

C:\windows\temp\vrtc1f7.tmp

click here

Both apparently are a variant of Win32/kryptik.bbl

I have run:

- a nod 32 virus scan
- a2 (squared scan) - there are various files it says it can't delete
- spybot
- adaware
-  Malwarebytes

I have run them on my profile, another admin profile and in safe mode

Can't get rid of this. 

Other problems I am having (also coincident with this issue) which may be connected:

- windows logging me randomly into a temp profile 
- google chrome won't work (says it can't start and has an error 0xc0000005)

Anyone have any ideas how to get rid of this Trojan??

Thanks 

  herc182 09:44 22 Nov 09

DO NOT CLICK ON THAT LINK!!
sorry it turned this into a link automatically:

...://colopin.cn/oc/boxv.txt

I forgot to mention i have not yet done a system restore. Last resort

  herc182 13:33 22 Nov 09

Any thoughts?

Thanks

  Ashrich 14:32 22 Nov 09

I would try posting your question at Wilders Security forum for Nod32 , click here , scroll down to the Eset forum , the makers/writers of Nod32 use this forum .

Ashley

  DieSse 14:36 22 Nov 09

I suspect that all you've got a link of some kind to a trojan file which no longer exists, as it's been removed.

But I don't full understand where you say

"I have had this sort of warning everytime I start windows:

C:\windows\temp\vrtc1f7.tmp"

You haven't quoted a warning, just a file name. What exactly is the "warning" you have had, in all it's fullness please.

  herc182 14:50 22 Nov 09

I don't have a word for word warning message unfortunately. Nod32 gives a pop up balloon saying that a Trojan was quarantined from that location (the website I quoted above and the temp file location) and that they are a variant of this win32/kryptik Trojan.

Sorry for "brief" replies but am not on my computer right now, on my phone.

Is that enough info?

Thanks

  herc182 15:00 22 Nov 09

Ashrich

thanks for that link. I had a look on there and I found that it could be a false positive.

See here click here

I have seen something before that might suggest a false positive. But will it go away?!

Thanks

  herc182 15:10 22 Nov 09

Also found this which may suggest it is a Trojan. God!! Confusing. I was hoping it could be a false positive if all the other programs didn't find it

click here

  herc182 07:22 23 Nov 09

Should I be thinking of deleting nod32? It will keep quaranteening important windows files otherwise (alssuming it's a false positive?)

  Input Overload 11:14 23 Nov 09

I've used Nod for over 5 years & as yet it has never flagged a false positive. I'm not saying that it never does but not with me & Eset is on 3 PC' here & I have a friend who has Eset on 4 PC's & never had a FP.

  herc182 11:22 23 Nov 09

just not sure what to do. I have read a lot of posts regarding this as being a false positive.

This thread is now locked and can not be replied to.

Huawei P10 review

1995-2015: How technology has changed the world in 20 years

An overview: What leading creative agencies are doing to improve diversity

New iPad, iPhone SE & Red iPhone 7 on sale now