A virus disguised as ESET NOD32 file scanner

Status
Not open for further replies.
HI, i was trying to install keskpersky internet security (KIS) 2010 on my brothers laptop, and everytime it gave the message that i had to unistall eset nod32 file scanner.
so i tried to remove on the add and remove programes tool, but it wasn't listed there.
so i searched mannually , and deleted it all i found related to eset.
i tried again to install kIS, and still gave me the same msg.

so, i looked on the net for support, i found some forums, were they told me to get into registry and erase it all i found about eset.
when i tried to access the registry editor, it gave me the msg that it was disabled by the admin. so i inserted a code that i found online on run, and enabled it. and i erased it all i found abou eset. i restarted the lap, and tried to install KIS, still gave me the same msg.
i tried to get into registry editor ,again it gave me the same answer, disabled by the admin!
i looked on the net, and i found this forum where they said that when we tried to unnistall a program manually or from the add and remove tooll,and we couldn't, we could try perfect unistaller, so i downloaded this sftware, and still did'nt list this eset nod 32.
so hum,ok, i made a mess with the registries so i installed ccleaner, and when i tried to install it, it opened the ccleaner window, and then closed itself, so i renamed the ccleaner installer to my name.exe, and when i tried to install it worked just fine.
thats when i realized, yeah, this is a virus, and is playing me!!!
i cleaned the registry, rebooted the machine, and tried to istall kIS, gess what! same problem!
i can't open Major antiviruses websites from my brothers laptosp, it clear it's a virus!
and it's also clear, it's disguised as a antivirus file!!!
how can i resolve this problem? whithout having to install windows again?
 
First of all, welcome and compliments on your researching abilities, even if final result has not been achieved.

You can try any of the following, not necessarily in the order I give them.

Try installing a free AV different to Kaspersy, in the hope that it might be more tolerant to the existence of the offender. Suitable choices are the free Avira Anitvir or Avast! If successful, scan for the virus in safe mode.

If unsuccessful, get a portable AV which does not require installation. One suggestion is the free, portable ClamWin, which I use myself as 2nd opinion and does not clash with the resident AV. Get it from here:
http://portableapps.com/apps/utilities/clamwin_portable

There is, at least there was, also a free portable version of the genuine ESET NOD32 itself, which I search for myself in another thread on this page. If you discover it, please inform me in that thread.

Run an online scan at any of the many sites offering it. The following are for guidance, I haven't checked if they are still valid:
http://www.bitdefender.com/scanner/online/free.html/ie.html?url=scan8/ie.html
http://www.f-secure.com/en_EMEA/security/security-lab/tools-and-services/online-scanner/
http://housecall.trendmicro.com/

Burn a bootable rescue CD, which works in safe mode from your CD drive and clears malware, even when the PC cannot be started due to the malware. A good choice is again the Avira Rescue CD, available for free at the Avira site:
www.free-av.com/en/tools/.../avira_antivir_rescue_system.html

Get the RevoUninstaller Pro and run it in hunting mode, which discovers traces of uninstalled programs that don’t appear in the main list. However, since it’s a virus and not a proper program, it may not work.

Get the free (portable version if necessary) HijackThis from Trend Micro and see if it finds anything, which however I do not expect as it is not meant for this job.
http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Theoretically, you can similarly try free anti-trojan tools, but again I don’t expect them to pick a virus, let along leftovers of it. The best choice is Hitman Pro, which works with many of them, including very powerful premium ones during their trial period. Other examples are: Malwarebytes’, Spybot S&D, Super AntiSpyware, A-Squared and The Cleaner.
 
Status
Not open for further replies.
Back