DanGit 0 Posted June 16, 2014 Share Posted June 16, 2014 (edited) Really mad, I paid for this software. I ran tech support only to be told ... "take it to a computer technician" Huh?????? What am I paying for???? If I can't get this resolved I will get eset to pay the techs fee. I got a win32/noonlight.b virus I used eset online scanners x2 malware/virus. I used Housecall-trendmicro I used Malwarebytes-anti malware I used the installed nod32 antivirus. Kapersky Lab free online virus scan After every scanned viruses were removed. I used one program at a time. But when I login, I still get the white screen after login. I have to use task manager and type explorer to see windows again. I can't use system restore it doesn't have a date that goes far back. Only have the last 3 days. plus I have to be careful it doesn't try and reinstall the stuff I just got rid of. I found 3 programs in startup and removed those. I googled them first and found they were viruses. My problem is, how can I log in without getting the white screen all the time. hxxp://www.youtube.com/watch?v=Ml9AMCso3hw Mine doesnt restart. Just loads normally then I log in then I get white screen. Soz I forgot to put up computer specs. I was up for 2 days... hxxp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay?javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%253Demr_na-c01966267-35%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&sp4ts.oid=4079861&ac.admitted=1402950302131.876444892.199480143 Edited June 16, 2014 by DanGit Link to comment Share on other sites More sharing options...
Administrators Marcos 5,288 Posted June 16, 2014 Administrators Share Posted June 16, 2014 Hello, Win32/NoonLight was added in 2006. Why do you think your computer got infected with this particular malware? Are you able to boot to safe mode or safe mode with command prompt? If so, are you able to run an online scan in safe mode? Link to comment Share on other sites More sharing options...
LabVIEW707 13 Posted June 16, 2014 Share Posted June 16, 2014 (edited) Have you tried using Eset Sysrescue? hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3509 99% of newer pc's have a hidden recovery partition built in. Backup what you need to backup and then boot into your recovery partition. What is the m,ake and model of your pc? Also I see your using a VM. So were you malware testing at the time? Edited June 16, 2014 by LabVIEW707 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,288 Posted June 16, 2014 Administrators Share Posted June 16, 2014 Also I see your using a VM. So were you malware testing at the time? Probably not as the OP was complaining like if ESET allowed malware to run on a production system. Correct me if I'm wrong. Link to comment Share on other sites More sharing options...
LabVIEW707 13 Posted June 16, 2014 Share Posted June 16, 2014 (edited) Well he clearly is using a VM. Malware can and does jump from a VM to the host machine. The mystery is if the infection is on the host or the VM. Edited June 16, 2014 by LabVIEW707 Link to comment Share on other sites More sharing options...
DanGit 0 Posted June 16, 2014 Author Share Posted June 16, 2014 (edited) Hello, Win32/NoonLight was added in 2006. Why do you think your computer got infected with this particular malware? Are you able to boot to safe mode or safe mode with command prompt? If so, are you able to run an online scan in safe mode? I did all of that, thank you. The scan showed over 5 thousand noonlight. I have had nothing since then. I keep scanning everyday for a week to be sure, then do it every 5 days. Edited June 16, 2014 by DanGit Link to comment Share on other sites More sharing options...
DanGit 0 Posted June 16, 2014 Author Share Posted June 16, 2014 (edited) Also I see your using a VM. So were you malware testing at the time? Probably not as the OP was complaining like if ESET allowed malware to run on a production system. Correct me if I'm wrong. Eset told me to take it to a tech. No attempt was made to help me correct this. I said I found noonlight virus and Kriptik.bot. I got rid of the noonlight, but the Kriptik.bot remain. Eset - Take it to a tech It took 2 days and youtubing and tomshareware forums and major geeks forums to get help. Just ... take it to a tech. Not angry I got the virus. I'm angry Eset made no attempt what so ever to do anything at all. I have been with eset for years, Edited June 16, 2014 by DanGit Link to comment Share on other sites More sharing options...
DanGit 0 Posted June 16, 2014 Author Share Posted June 16, 2014 Have you tried using Eset Sysrescue? hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3509 99% of newer pc's have a hidden recovery partition built in. Backup what you need to backup and then boot into your recovery partition. What is the m,ake and model of your pc? Also I see your using a VM. So were you malware testing at the time? No haven't tried this. Computer got infected from a friends external hard drive ....sigh. I told her to scan first, then drag photos and such over to comp. Link to comment Share on other sites More sharing options...
DanGit 0 Posted June 16, 2014 Author Share Posted June 16, 2014 (edited) Hello, Win32/NoonLight was added in 2006. Why do you think your computer got infected with this particular malware? Are you able to boot to safe mode or safe mode with command prompt? If so, are you able to run an online scan in safe mode? thank you, yes I have. I did the scan both in safe mode and normal. Came up with noonlight virus. That has been resolved, It's the Kriptik.bot I am trying to get rid of. Edited June 16, 2014 by DanGit Link to comment Share on other sites More sharing options...
Administrators Marcos 5,288 Posted June 16, 2014 Administrators Share Posted June 16, 2014 As I wrote, Win32/Noonlight seems to be an 8-year old malware so there shouldn't be a chance to get infected with it unless ESET's products are misconfigured. Also the name (Kryptik.BOT) suggests that it's actually a very old piece of malware. Regarding cleaning, we don't tell customers to get infected machines repaired by a technician. Instead, we offer a remote session and connect to the clients remotely to clean out malware. If your local customer care represenantive didn't have any clue how to deal with the infection, he or she could have suggested to contact ESET's malware research lab at samples[at]eset.com. Link to comment Share on other sites More sharing options...
Arakasi 549 Posted June 16, 2014 Share Posted June 16, 2014 Also, do you have proof of this "take it to a tech" statement ? Its all hearsay on our end. Did you call a support number ? Which one ? Marcos is correct, usually when you contact ESET support a technician will offer to remote in and repair. Link to comment Share on other sites More sharing options...
DanGit 0 Posted June 16, 2014 Author Share Posted June 16, 2014 As I wrote, Win32/Noonlight seems to be an 8-year old malware so there shouldn't be a chance to get infected with it unless ESET's products are misconfigured. Also the name (Kryptik.BOT) suggests that it's actually a very old piece of malware. Regarding cleaning, we don't tell customers to get infected machines repaired by a technician. Instead, we offer a remote session and connect to the clients remotely to clean out malware. If your local customer care represenantive didn't have any clue how to deal with the infection, he or she could have suggested to contact ESET's malware research lab at samples[at]eset.com. Here is where I strongly disagree. NO attempted was made by eset at all. I really hav to stress this point. Not a single word of help or remote access. Nothing. I can write the 3 times I rang and the person I spoke to. There were 2, but the main person is a male top tech there. No help was offered. I stand by what I post. Link to comment Share on other sites More sharing options...
DanGit 0 Posted June 16, 2014 Author Share Posted June 16, 2014 (edited) As I wrote, Win32/Noonlight seems to be an 8-year old malware so there shouldn't be a chance to get infected with it unless ESET's products are misconfigured. Also the name (Kryptik.BOT) suggests that it's actually a very old piece of malware. Regarding cleaning, we don't tell customers to get infected machines repaired by a technician. Instead, we offer a remote session and connect to the clients remotely to clean out malware. If your local customer care represenantive didn't have any clue how to deal with the infection, he or she could have suggested to contact ESET's malware research lab at samples[at]eset.com. Here is where I strongly disagree. NO attempted was made by eset at all. I really hav to stress this point. Not a single word of help or remote access. Nothing. I can write the 3 times I rang and the person I spoke to. There were 2, but the main person is a male top tech there. The lady I was put through to help put me through to this main guy. No help was offered. I stand by what I post. Edited June 16, 2014 by DanGit Link to comment Share on other sites More sharing options...
DanGit 0 Posted June 16, 2014 Author Share Posted June 16, 2014 (edited) Also, do you have proof of this "take it to a tech" statement ? Its all hearsay on our end. Did you call a support number ? Which one ? Marcos is correct, usually when you contact ESET support a technician will offer to remote in and repair. Excuse me, this isn't a he said or she said post. It is a post asking for help. If eset are happy with me to post the information of the person I spoke to, the day, the time and the phone number I will gladly do so. What I won't do is private message eset with these details, it will be posted here. Monday 16th/06 Times: 9:00am, 11:15am, 2:47pm Phone number and Name with held until I hear from eset forums staff. Off topic citizen. Edited June 16, 2014 by DanGit Link to comment Share on other sites More sharing options...
DanGit 0 Posted June 16, 2014 Author Share Posted June 16, 2014 (edited) Hello, Win32/NoonLight was added in 2006. Why do you think your computer got infected with this particular malware? Are you able to boot to safe mode or safe mode with command prompt? If so, are you able to run an online scan in safe mode? thank you, yes I have. I did the scan both in safe mode and normal. Came up with noonlight virus. That has been resolved, It's the Kriptik.bot I am trying to get rid of. Updated file:///C:/ProgramData/Kaspersky%20Lab/KSS2/DataRoot/HtmlReport/index.html Detailed report Problems found Scanning date: Database update date: Product version: 06/17/2014 10:58 AM 05/28/2013 02:35 PM 12.0.1.340 Computer protection (0) Information about anti-virus software and firewalls installed on the computer. Malware (0) Information about malware detected on the computer. Vulnerabilities (3) Information about applications and operating system components in which vulnerabilities have been detected. 1. C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe 2. C:\Program Files (x86)\Google\Chrome\Application\old_chrome.exe 3. C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe Other issues (13) Information about vulnerabilities associated with the settings of installed applications and the operating system. 1. "Autorun from hard drives is allowed" 2. "Autorun from network drives is enabled" 3. "CD/DVD autorun is enabled" 4. "Removable media autorun is enabled" 5. "Windows Explorer - show extensions of known file types" 6. "Microsoft Internet Explorer: clear history of typed URLs" 7. "Microsoft Internet Explorer - disable caching data received via protected channel" 8. "Microsoft Internet Explorer: disable sending error reports" 9. "Microsoft Internet Explorer: delete cookies" 10. "Microsoft Internet Explorer: clear list of pop-up blocker exceptions" 11. "Microsoft Internet Explorer: enable cache autocleanup on browser closing" 12. "Windows Explorer: display of known file types extensions is disabled" 13. "Microsoft Internet Explorer: start page reset" Edited June 16, 2014 by DanGit Link to comment Share on other sites More sharing options...
LabVIEW707 13 Posted June 16, 2014 Share Posted June 16, 2014 (edited) Have you tried using Eset Sysrescue? hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3509 99% of newer pc's have a hidden recovery partition built in. Backup what you need to backup and then boot into your recovery partition. What is the m,ake and model of your pc? Also I see your using a VM. So were you malware testing at the time? No haven't tried this. Computer got infected from a friends external hard drive ....sigh. I told her to scan first, then drag photos and such over to comp. Lol.............So you plugged an infected external hard drive into your machine and your blaming Eset? Thats rich. Blame your friend. Also why are you using a VM? Autorun should be disabled on any pc. If you were dragging unknown files and folders from the external hard drive directly over to your pc then that is directly your fault. Should have scanned the external drive first. Edited June 16, 2014 by LabVIEW707 Link to comment Share on other sites More sharing options...
DanGit 0 Posted June 16, 2014 Author Share Posted June 16, 2014 (edited) Have you tried using Eset Sysrescue? hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3509 99% of newer pc's have a hidden recovery partition built in. Backup what you need to backup and then boot into your recovery partition. What is the m,ake and model of your pc? Also I see your using a VM. So were you malware testing at the time? No haven't tried this. Computer got infected from a friends external hard drive ....sigh. I told her to scan first, then drag photos and such over to comp. Lol.............So you plugged an infected external hard drive into your machine and your blaming Eset? Thats rich. Blame your friend. Also why are you using a VM? Autorun should be disabled on any pc. If you were dragging unknown files and folders from the external hard drive directly over to your pc then that is directly your fault. Should have scanned the external drive first. OMG.... Im not blaming eset, how the h3ll did I know her hard drive was infected. its something I always do with all usb. I'm mad at them because they made no attempt to help at all. Thats what I'm paying for. I feel that this post has gone way off topic. All I asked for was help with the white screen issue because I didn't get any phone support from eset, which is why Im here. I paid for this service/software. I'll log a complaint with our disputes tribunal instead. Lock thread pls. Thanks all to those that helped I paid for eset, because Im not a computer technician. Edited June 16, 2014 by DanGit Link to comment Share on other sites More sharing options...
LabVIEW707 13 Posted June 16, 2014 Share Posted June 16, 2014 (edited) If you are always randomly plugging in your friends USB drives into your pc then you are gonna find yourself infected on a daily basis. Why are you using a VM? Is your VM infected? Was your VM protected? Did you have autorun disabled? Do you know how to immunize a USB drive? If you know how to setup and run a VM then I would assume you know enough about computers to handle a situation such as this. Edited June 16, 2014 by LabVIEW707 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,288 Posted June 17, 2014 Administrators Share Posted June 17, 2014 One may unwittingly connect an infected external drive to a computer, I guess nobody is overcaucious to such an extent that he or she uses only their own USB drive that they don't connect to other computers at all. Of course, disabling Autorun / Autoplay lowers the risk of infection but that's a different story. It's unclear how the OP could get infected given that the threat is very old and ESET uses Advanced heuristics when executing files from removable drives by default to provide even better protection against malware run from removable media. The only thing I can think of is that the OP had ESET misconfigured or real-time protection was not fully functional at the moment of infection. Unfortunately, it's too late to find out what actually happened as the problem has already been fixed. Should you encounter a problem with detection or cleaning malware again, feel free to email samples[at]eset.com or post in our forum and we will be happy to assist you. Link to comment Share on other sites More sharing options...
Recommended Posts