Jump to content

mrcina

Members
  • Posts

    1
  • Joined

  • Last visited

About mrcina

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Croatia
  1. Hi, I have the same problems as stated in 3rd post (however, notification is not appearing every 25sec but every few minutes and IP address is different, but host name is the same - differentia.ru/diff.php). ESET Node detects this every time I scan system Operating memory » msiexec.exe(3096) - a variant of Win32/Bundpil.CS worm - cleaned by deleting [1]. Even though it says that it was cleaned by deleting, I think that it wasn't because it appears again and again. I've collected logs as described in 2nd post, but in same post there is a dead link pointing to instruction how to send output to ESET Research Lab. I would really appreciate any help. Few more things. Today when I power up my laptop, "Microsoft Command Prompt" asked for some permission (dimmed display), when I said I won't give them, it asked again and again. I immediately suspected that it was some virus, and found out that I have some unknown startup program (Cat Joy - same as described here) that has two items under - msiexec.exe and obnbfxeskm.exe. Latter was deleted by my first ESET Node scan [C:\Users\user-name\AppData\Roaming\obnbfxeskm.exe - a variant of Win32/Kryptik.DLZA trojan - cleaned by deleting - quarantined [1]] Edit: I went to browser history to see that unknown startup program was Cat Joy. Edit2: It seems that virus is completely deleted by system restart.
×
×
  • Create New...