I'm infected with win32/spy.ursnif.A My previous anti-virus never picked up. I recently installed ESET NOD32 which picked it up but was unable to clean or delete it. I contacted ESET and have copied and pasted their response and recommendations for removal below my post. I have gotten as far as downloading combofix but have been unable to run it in safe mode because it keeps telling me ESET is still running. I disabled ESET manually and also from the start up menu using msconfig but it keeps telling me it's still running. Not sure what to do....here's a copy of what ESET emailed me.
Hi there, please make sure that you have the latest version of ESET NOD32 Antivirus 4.0 or ESET Smart Security 4.0 (depending upon your license); I am not referring to the “virus signature updates”, I am referring to the actual software version number: 4.0.XXX. You can locate the version number in main ESET Control Center, “Help and Support> About… section: http://kb.eset.com/esetkb/index?page=content&id=SOLN758
You can find the latest product version on our website: www.eset.com in the download section alongside the product that you would like to download.
If you need to UPGRADE to version 4.0, please download and SAVE the installer to your DESKTOP, then UNINSTALL YOUR CURRENT VERSION, only after this install version 4.0.
Next, please complete the following:
1. Clean your Temp folders:
Start > All Programs > Accessories > System Tools > Disk Cleanup > push OK
2. Configure ESET version 4.0 software to maximize scanning: http://kb.eset.com/esetkb/index?page=content&id=SOLN2115
3. Run a “Custom scan” after changing the settings above.
4. Check the scan results.
ONLY if the infection remains, please complete the following:
1. Download and SAVE ComboFix from here: http://www.combofix.org
2. Boot into Safe mode please see the following link:http://www.pchell.com/support/safemode.shtml
- do NOT use the MSCONFIG method.
3. Run ComboFix. Further instructions for its use can be found here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
ONLY if the issue remains please refer to the following ESET Knowledgebase article:http://kb.eset.com/esetkb/index?page=content&id=SOLN2103
Once you have made a SysRescue CD please boot your computer from it. In order to have your computer boot from the SysRescue Disk, please complete the following:
1. Totally closed down your computer.
2. Power your computer back up. The second you see the black screen with white writing start to populate, use one of the following keys (usually the DELETE key pressed rapidly) to get you into the BIOS setup area.
3. Once in the BIOS you will need to use the Enter key (on your keyboard), Up/Down keys and Plus Minus keys to navigate with and make the changes, each BIOS is different so you will have to look for the BOOT SEQUENCE AREA and make the changes so that your CD/DVD ROM is the first Boot device, and your Hard Disk Drive is the 2nd device. Once this has been done be sure to SAVE the settings.
4. Reboot your computer with the SysRescue CD/DVD in the drive.