Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible infection: eset pops up expiro.nbf on iexplorer.exe


  • Please log in to reply
6 replies to this topic

#1 General Public

General Public

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 08 July 2013 - 03:16 PM

Hi:

 

This is my system at work.

 

Windows XP 32 bit

 

Our systems have nod32 running.  This morning, it popped up a warning that expiro.nbf was blocked in iexplorer.exe.  It was unable to quarantine or delete.  

 

I rebooted the system into safe mood, ran tdsskiller and malewarebytes, none of which found anything.  I also ran the program by avast to remove expiro virus, but nothing was found.  Upon rebooting back to normal mode, Eset once again blocked iexplorer.exe, and also blocked Intel's SSD maintenance program I have scheduled to run.

 

Thank you for your help.



BC AdBot (Login to Remove)

 


#2 Kintak

Kintak

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 09 July 2013 - 01:34 AM

Yep, I have this problem as well. A quick Google search brings up a list of ESET definitions updates, one of which is for Expiro.NBF on July 8th. I take it that means it's a new version of the Expiro virus. We're probably going to have to sit tight until the malware removers catch up.

In the mean time, I've got the AVG Expiro Removal Tool running right now, and every so often ESET pops up with a detected infected .exe. I'm just deleting them one by one. Also, check your log in ESET to see which processes are infecting others. For example, I have a bunch of entries saying "Event occurred on a new file created by the application: C:\Windows\System32\msiexec.exe." If it's a system-critical file, find it, right click on it, and try hitting "restore previous versions". Then just drag the old version into the folder and overwrite. That seemed to work for me.



#3 Kintak

Kintak

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 09 July 2013 - 01:35 AM

Accidental double post


Edited by Kintak, 09 July 2013 - 01:36 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:07 AM

Posted 09 July 2013 - 01:51 PM

You can try running the Online scanner as it has the latest update.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 General Public

General Public
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 11 July 2013 - 03:13 PM

Running the on-line scanner appears to have worked.  I unmounted the network drives, and had it scan only my local computer.  C: is the drive, E: was a backup clone when we swapped out to SSD drives to get a little more life out of the XP systems at the office.  I have removed Java from my computer since it's not used at all; it was an old, old version, probably what caused this.

 

 

 

Here is the log:

 

 

C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\vcphq8a9.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}\chrome\content.jar JS/Agent.NJF trojan deleted - quarantined
C:\Documents and Settings\USER\Application Data\Sun\Java\Deployment\cache\6.0\25\62905d19-61182b9f multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\USER\Desktop\PDFXVwer.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
E:\Documents and Settings\USER\Desktop\PDFXVwer.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined



#6 Kintak

Kintak

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 11 July 2013 - 03:23 PM

Is the online scanner any different from having ESET Smart Security installed? Because I ran that on my whole computer and, while it did catch many infections, it did not catch others (such as executables in the system32 folder) , which later attempted to reinfect other parts of the drive. I finally got fed up and just ran system restore, which has gotten rid of all of the infection as of 30 hours ago. If the online scanner is no different, I recommend system restore.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:07 AM

Posted 11 July 2013 - 04:00 PM

I suggested the online scan as it was probably updated first.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users