Axel 0 Posted December 13, 2016 Share Posted December 13, 2016 Hello, I have a big problem, my antivirus (nod 32) is constantly deleting normal .exe like adode suite, nvidia driver, notepad ++ and many more (like a LOT...). It is very disturbing because I can't put everything in the exclude list, it would be too time consuming ! I tried to install an other antivirus (avast), and the same thing happened ! So i tought I would probably have a virus... I did a full clean install of windows 10, back to nod 32 and boom, same thing happened ! I managed the antivirus to ask me if I want to ignore or clean if it find something, but in the options I can't select the "add file to exclusion list" option ! It very very annoying, maybe it's just a matter of antivirus configuration, but 1-2 month ago, everything was fine (I think it's from the latest big update of windows 10, not sure) I hope someone could help me ! OS : Windows 10 x64 Pro Thanks a lot, Axel Link to comment Share on other sites More sharing options...
Administrators Marcos 5,281 Posted December 13, 2016 Administrators Share Posted December 13, 2016 I don't believe ESET would detect executables of popular applications and nobody else would complain. Please post a screen shot of the alert you're getting. Link to comment Share on other sites More sharing options...
Axel 0 Posted December 13, 2016 Author Share Posted December 13, 2016 Hi Marcos, Unfortunately, this is my case. When I reactivated the antivirus and went to disk local C:, I had about 60-70 alerts of bad .exe, here is somes (attached) : - Photoshop.exe - Nvidia display driver - Intel wifi driver - Uninstaller of the game Trackmania Turbo - Installer of Trackmania Turbo After that I saw a lot of .exe alerts from nvidia folder, wifi folder, microsoft office, etc Thanks, Axel Link to comment Share on other sites More sharing options...
Administrators Marcos 5,281 Posted December 13, 2016 Administrators Share Posted December 13, 2016 It's likely the variant you have overwrites original files with malware. Have you had ESET installed and regularly updated for a longer time? Link to comment Share on other sites More sharing options...
Axel 0 Posted December 13, 2016 Author Share Posted December 13, 2016 (edited) "you have overwrites original files with malware", do you mean a crack ? Because those exe are not cracked ones (anyway I had a lot nvidia exe alerts, which exe that are not crackable because no need to). My current ESET has just been installed yesterday, because I re-installed windows. But before that, yes I had ESET for a loooong time with no problems ! Now that you say that, it makes me remember that this problem came after I upgrated to ESET nod32 10. Also as you can see in one image attached, I can't choose the "exclude from detection list" option". How can I do that ? Thanks, Axel Edited December 13, 2016 by Axel Link to comment Share on other sites More sharing options...
Administrators Marcos 5,281 Posted December 13, 2016 Administrators Share Posted December 13, 2016 I don't mean cracks. I mean the worm which rewrites legitimate files with its own code. If you installed the operating system from scratch, it must have been that it got infected before installing and updating ESET if the files started to be detected immediately after install. I would not make any exclusions as it's not a false positive but actual malware detection. Link to comment Share on other sites More sharing options...
Axel 0 Posted December 14, 2016 Author Share Posted December 14, 2016 So even if I installed a new OS from scratch, the malware can stay in the computer ? What do you suggest to do ? Thanks a lot, Axel Link to comment Share on other sites More sharing options...
itman 1,752 Posted December 14, 2016 Share Posted December 14, 2016 (edited) If you have multiple internal HDDs or an external HDD that is always connected, malware could be present on those drives. Go into Eset scan options. Select advanced scans -> Custom scan. Select "This PC" which will scan everything on your PC. Then run scan "As Administrator." Note: If you have Network drives, make sure all those are also selected. If malware persists after this, you're going to have to use a drive "wipe" utility to thoroughly clean your boot drive prior to reinstalling the OS. Make sure the utility you use conforms to U.S. DoD standards or the like. This will perform multiple passes on the HDD. Obviously, you will have to run such a utility from standalone bootable media such as CD/DVD/or reformatted USB drive. Note: Do not create bootable media w/wipe utility from the infected OS. Edited December 14, 2016 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 5,281 Posted December 14, 2016 Administrators Share Posted December 14, 2016 You could use a SysRescue CD or USB to scan all your hardrives and other media offline. Link to comment Share on other sites More sharing options...
Recommended Posts