Nod32 found MyDoom.R worm but I can't find it!

[goodnewscowboy]

Hello!

For background info on my problem, I was running AdAware SE this AM doing a full scan and I walked out of the computer room. When I came back, AdAware was still scanning but there was a Nod 32 alarm telling me it had found the MyDoom.R worm. (I mention this in case this problem is somehow related to the AdAware scan.)

Nod32 would not allow me to quarantine or delete it. The file path it described for the location of the worm was non existent as well.

I went to the temp file it described and there were *no* directories listed that matched what the alarm suggested.

I reran Nod32 and ran TDS-3 as well, and I could not replicate the alarm.

Is it possible Nod32 could have been mistaken? If not, any suggestions on my next course of action?

I am running Win2KSP3.

Many thanks, Bullitt

[Marcos]

That's because AMON deleted it from the temp folder automatically.

[Stephanos G.]

I observed that when Adware scans the disk, nod32 (AMON) is scanning the disk too (following the adware scan). Thats why NOD32 has fount that worm.

[goodnewscowboy]

Quote:

That's because AMON deleted it from the temp folder automatically.

I'm not positive, but I believe the warning dialogue that came up said something to the effect that it *couldn't* delete it.

Also, I have what is probably a dumb question, but I couldn't find the answer on Eset's website.

Can I install 2.5 over top of 2.0 or do I need to uninstall/reinstall like I did with the trial version?

Thanks, Bullitt

[ronjor]

You can install over the top.

[Mike415]

Quote:

Originally Posted by Stephanos G.

I observed that when Adware scans the dick, nod32 (AMON) is scanning the disk too (following the adware scan). Thats why NOD32 has fount that worm.

I didnt know Amon scans the dick. I thought it scanned the disk...

[Stephanos G.]

corrected

Quote:

Originally Posted by Mike415

I didnt know Amon scans the dick. I thought it scanned the disk...

Tee hee

Did you clean your temp folder since you ran the scan? Through I.E or anything like that?

Neil

[goodnewscowboy]

Quote:

Did you clean your temp folder since you ran the scan? Through I.E or anything like that?

No. I immediately went looking for the file when I saw the alarm.

I wish I knew more about this stuff. I only use Opera for a browser, *never* IE and I run TDS-3, Nod32, Process Guard, Worm Guard and Zone Alarm 4.5 not to mention that I sit behind a hardware firewall so I would have thought that it would have been next to impossible for anything to get into my system.

Now, since I can't replicate finding it again, it is making me wonder if it was somehow a false alarm by Nod32. Yet how could it have given such explicit directory mapping with a false alarm?

And even if it *was* automatically deleted by Nod32 like Marcos suggested above, the directory files wouldn't have been deleted, just the file. Which means the directories would still be intact. But they're not! Arggghhhhhhhh!

Oh the "good old days" of Win 3.1 before the scum of the earth started producing all this crap!

B.