Hi all,

I have McAfee and spy bot guarding my system but something seems to have gotten through the net. Initially mcafee jumped into action on "nod64" I think it was, it was only there for a second. And I denied requests with spybot when nod 32 was asking to change the registry.

Mcafee, spybot and adaware all scan clean but malwarebytes shows this...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Nod32 Service (Backdoor.Bot) -> Quarantined and deleted successfully

But this entry reappears instantly, even when deleted by hand

It was originally linked to cmd.exe, so I've edited the reg value (just incase that helps ;) )

I've tried many things to try and resolve this

cwshredder, fxagentB, smitfraud and many scans (all of which were in safe mode)
I even had a look with autoruns and killed everything except antivirus processes and still it persists.

I've searched all over the net but the only info I can find is that nod32 service is a bad thing, not how to sort it out. So if you could please offer some advice it would be greatly appreciated.

Thanks in advance

S

Hello,

Please see the stickied procedure for this forum: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Start a new topic providing the HJT log and please list all fixes you have used previously as we have this forum sticky.
Do NOT run 'FIXES' before helpers have analyzed the HJT log (http://forums.spybot.info/showthread.php?t=16806)

Helpers look for threads without a response so this one has been closed. :)

Regards.