nideiect.com non detected in my USB???

Hello,

I have been using Avast Home several months ago. It works fine, but yesterday mi PC has been infected by Beagle-AAW and a Rootkit (srosa.sys, hldrrr.exe and mdelk.exe). I couldn’t restore the system at a time before the infection. Also, my hidden files dissapeared and I could’t boot in safe mode because my registry was changed

Now, more or less I think I have killed the Beagle. I have rebuilded the registry, my hidden files and folder options works again (added the HKLM.…Hidden\NOHIDDEN and SHOWALL). I added a new safemode following
http://blog.didierstevens.com/2007/02/19/restoring-safe-mode-with-a-reg-file/

I think all the system works again. I have used also Elibagla 11.41, I have installed Avast4.8 and used Antirootkit 0.9.6.

Today I have seen a hidden file in my USB memory called nideiect.com . Of course, I scanned it with Avast but nothing happend (no detection). I deleted the file and searched information by the web.

I know nideiect.com is a virus and the question is Why Avasta doesn’t detect it???

Bye.

Please send the file to VirusTotal- this will ensure avast! and all other AV companies get it:

http://www.virustotal.com/

Hi ElTron,

Just the manual removal instructions for this:
Removing the ntde1ect.com and autorun.inf files

There is a trojan/virus (either the Win32/Pacex virus or the Win32/PSW.Agent.NDP trojan) that uses those two files. Here is how you can get rid of them:

  1. Open up Task Manager (Ctrl-Alt-Del)
  2. If wscript.exe is running, end it.
  3. If explorer.exe is running, end it.
  4. Open up “File | New Task (Run)” in the Task manager
  5. Run cmd
  6. Run the following command on all your drives by replacing c:\ with other drives in turn (note: if you have autorun.inf files that you think you need to backup, do so now):

del c:\autorun.* /f /a /s /q

  1. Go to your Windows\System32 directory by typing cd c:\windows\system32
  2. Type dir /a avp*.*
  3. If you see any files names avp0.dll or avpo.exe or avp0.exe, use the following commands to delete each of them:

attrib -r -s -h avpo.exe
del avpo.exe

  1. Use the Task Manager’s Run command to fire up regedit
  2. Navigate to HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run (as usual, take a backup of your registry before touching it!)
  3. If there are any entries for avpo.exe, delete them.
  4. Do a complete search of your registry for ntde1ect.com and delete any entries you find.
  5. Restart your computer.

polonus

What version of avast did you have, the latest is 4.8.1201 and the 4.8 builds included self-defence and that version of beagle shouldn’t have been able to disable avast. Now you have 4.8 it should be much harder to disable avast, though not impossible as one forum member has found.

God tutorial Polonus. Thank you.

FreewheelinFrank. Unfornutately, I deleted the file named nideiect.com .

When I was infected by Beagle last week I had a previous Avast version (4.7 I think). Avast detected the virus several times and each time I demand Avast to delete the file. At one moment, the virus tried to stop Avast and dialog screen appeared saying something confusing. I didn’t remember exactily but itwas something like “Avast will be stop, Are you sure do you want…??” and two options Yes and No. I chossed No but I think it was too late.

The Beagle is very easy to find. If you conect to Emule and search for Bytewedge (a program that theoretically permits to import RS232 directily to Excel), almost all the results given by Emule are infected with Beagle. There are zips with two files.

Also, if you search at Emule for another similar program called COMxLRS232C_1.zip you will find a virus that is not detected by Avast

One thing more. Now, I have sended this file (COMxLRS232C_1.zip ) to virus total. Avast detect nothing.

The attached file is the report.

Seems to be the same Bagle variant as the ByteWedge file:

File ByteWedge_2.2__build_1397___Patch received on 05.25.2008 12:45:43 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.5.22.1 2008.05.23 -
AntiVir 7.8.0.19 2008.05.24 -
Authentium 5.1.0.4 2008.05.23 W32/Bagle.C.gen!Eldorado
Avast 4.8.1195.0 2008.05.25 -
AVG 7.5.0.516 2008.05.24 -
BitDefender 7.2 2008.05.25 -
CAT-QuickHeal 9.50 2008.05.24 -
ClamAV 0.92.1 2008.05.25 PUA.Packed.Themida
DrWeb 4.44.0.09170 2008.05.25 Win32.HLLM.Beagle.219
eSafe 7.0.15.0 2008.05.22 -
eTrust-Vet 31.4.5817 2008.05.23 -
Ewido 4.0 2008.05.25 -
F-Prot 4.4.4.56 2008.05.23 W32/Bagle.C.gen!Eldorado
F-Secure 6.70.13260.0 2008.05.23 -
Fortinet 3.14.0.0 2008.05.25 -
GData 2.0.7306.1023 2008.05.23 -
Ikarus T3.1.1.26.0 2008.05.25 -
Kaspersky 7.0.0.125 2008.05.25 Trojan-Downloader.Win32.Bagle.qi
McAfee 5302 2008.05.23 -
Microsoft 1.3520 2008.05.25 -
NOD32v2 3128 2008.05.23 -
Norman 5.80.02 2008.05.23 -
Panda 9.0.0.4 2008.05.24 -
Prevx1 V2 2008.05.25 Malicious Software
Rising 20.45.42.00 2008.05.23 -
Sophos 4.29.0 2008.05.25 -
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.25 -
TheHacker 6.2.92.318 2008.05.23 W32/Behav-Heuristic-064
VBA32 3.12.6.6 2008.05.24 -
VirusBuster 4.3.26:9 2008.05.25 Worm.Bagle.ZZA.Gen!Pac
Webwasher-Gateway 6.6.2 2008.05.25 -

I think the avast! team need to install eMule and search for ‘crack’.

I think so

In all manners I had been reading in the web and there are a lot of webs were Avast is considered a very good antivirus. For me is secure and fast and perhaps I will upgrade to Professional Edition.

With respect to the two posted Bagle variants, it’s very strange that they were not detected by most of the popular AV. And it is also strange because it seems that the two variants sended were the same but in any cases were not detected by the same Avs. …

Bye

Definetively virustotal.com is a little bit crazy. I have made the following probe:

I remember that I have two files with virus in a DVD backup copy. Now, I have scanned it again with Avast. The results have been Win32:Agent-PBF[trj] for one file and Win32:Bifrose-BOM[trj] for the other.

But virustotal.com only has recognized the second.

http://www.virustotal.com/es/analisis/73a8b905456e1eaefe2a24bd21098e73#
http://www.virustotal.com/es/analisis/b7e70c02bc2640133e0d9c9f419587a5

I have repeated the probe with virustotal.com and now it has given the correct result.
http://www.virustotal.com/es/analisis/105a810fc64afe5de1f4642f667e045a

Also I have found a similar web: http://virusscan.jotti.org/ that has reported the following results

Scan taken on 25 May 2008 18:29:31 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found Win32:Agent-PBF
AVG Antivirus Found nothing
BitDefender Found Backdoor.Generic.41182
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found W32/Backdoor.AEJT
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

The conclusion is that Avast has found the Win32:Agent-PBF and there are a lot of other AV that found nothing.

But it’s true that Avast cannot find the Bagle variant that infected my PC, at least at the moment… Neither nideiect.com

Hello :slight_smile:

I have a problem with a file called nideiect which i spotted on my usb drive. I’d like to know what are the effects of this virus on my computer …because I cannot run any antivirus program whatsoever …it gives the error “it is not a Win32 valid application” or i cannot even install such a program because i have the error that “a …sys file cannot be created”. Please help me javascript:void(0);
Embarrassed

thathyanna

Try DrWeb CureIT!.