Win32/Sumom.A worm

Did my customary daily scan and NOD32 picked up two instances of this virus my daughters my documents. They were a "pif" file? (LOL that ur pic!.pif - Win32/Sumom.A worm) NOD32 deleted them OK but how come it found it on a scan but not when being downloaded by my daughter?

 

You've been strict about running your daily scans?

The reason I ask, is that Sumom.A was only added as of:

Definitions update: v.1.1020 (20050307)

That's less than a month ago - so it is reasonable to think that they might have been downloaded PRIOR to that date (if this threat wasn't heuristically detected)...

Or...

You may have changed (deepened) your scanning methods since the threat was downloaded - this might result in a threat not previously found being brought to your attention now.

Is either of these scenarios likely in your estimation?

hth

Greg

 

Everything is at Higher effiency

 

Not likely, the files were downloaded this afternoon, daily scan when I get on the PC about 8:00pm

 

Given that Sumom is a worm and NOD32 detected it via Advanced heuristics without needing to update, there must be something wrong with the configuration of your NOD32. The only possibilities are:
1. you were running NOD32 1.0 while the signature db was out of date at the time you got infected with Sumom
2. you received it via email through SSL or IMAP while AMON was turned off
3. if you had NOD32 2.0 installed, AMON and IMON must have been turned off simultaneously

 

do you think that perhaps your daughter is altering the NOD32 settings to surf?

Perhaps password protecting the settings... then seeing if you get further infections.

 

so, for instance IF the daughter uses some sort of P2P software AND the AMON settings were inadequate THEN that could have been the cause?

 

Thanks for for all your replies. After some interrogation of my beloved Daughter it seems that she had a file sent via MSN from "mate" something come up and she allowed it ( I presume it was NOD32) . I've since stopped her downloading anything from the internet and gave her a lesson on what to look for if it happens again. ( Yeah I know shutting the stable door after the horse has bolted and all that!) Thanks again for all you help.

Dave

 

Hi Dave,
the new beta is configured by default to move infected (even heuristically detected) files to quarantine to prevent them from being executed by error. Also, you can set IMON to terminate connection automatically when a threat is detected.