=>_!!!_!!!_!!!_ U3ROM _!!!_!!!_!!!_

Discussion in 'ESET NOD32 Antivirus' started by fonetastic, Dec 4, 2010.

Thread Status:
Not open for further replies.
  1. fonetastic

    fonetastic Registered Member

    Joined:
    Dec 4, 2010
    Posts:
    3
    Why NOD32 can not delete this virus? :thumbd:
    :mad: :mad: :mad: :mad: :mad: :mad: :mad: :mad: :mad: :mad: :mad: :mad: :mad: :mad: :mad: :mad: :mad:
    How can I get rid of this virus?
    Which program to clean up this virus?
     
    Last edited: Dec 4, 2010
  2. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
  3. fonetastic

    fonetastic Registered Member

    Joined:
    Dec 4, 2010
    Posts:
    3
    Prevx, does remove this virus?
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's not clear what was the exact name of the threat as well as what file/path it was detected in.
     
  5. fonetastic

    fonetastic Registered Member

    Joined:
    Dec 4, 2010
    Posts:
    3
    The virus settled in my memory is flash. Does not allow formatting, does not allow to remove. Safe mode and with cmd, can not be formatted. Seems continuous use.
    N: \ U3ROM \ default32.ico - 0byte
    N: \ U3ROM \ System32.exe - 1.42mb
    -U3ROM folder is hidden and not replace, rename.
    -default32.ico file. can be removed.
    -System32.exe file, hidden and can not be modified, renamed.
     
  6. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Last edited: Dec 7, 2010
  7. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    What does your copy of ESET NOD32 Antivirus detect the worm as, exactly?

    It should detect the threat by a name like "INF\AUTORUN" or "Win32\Example" and so forth.

    Knowing the name by which ESET's software identifies the threat will be the first step in being able to assist you with removing any malware from infected media.

    Regards,

    Aryeh Goretsky
     
  8. Sananda

    Sananda Registered Member

    Joined:
    Jan 26, 2011
    Posts:
    1
    I have the exact same problem. My external drive has it as "U3ROM". I first felt there was something wrong with my drive, cuz its icon changed to a folder image. Then a couple of times I couldn't access my drive. It would say that it was being used by another program. I ran ESET nod32, and it found the problem but couldn't delete or quarantine the virus. Looked it up online and found this thing so called "U3ROM.bat". I tried U3ROM.bat, and then deleted it manually. After I restarted it, there it was again! After some more searching online I found kill_amvo_virus_usb thingy. Ran it. And it made all of the invisible files and folders visible on my drives. And said that it got rid of the virus and my drives were clean. But after I restarted there it was again. And then I noticed all of my drives (C, D, E) also had this auto run folder(AUTORUN.INF). I know damn well that that thing is still on my drives. But I don't know how to get rid of it. I didn't try to format it. Because I have lots of big files that I need in it. And there is no way for me to transfer them elsewhere before I do anything. So I really need some ideas to feel normal about my pc again. Thanks, and help me please....
     
    Last edited: Jan 27, 2011
  9. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    I would suggest opening a ticket with ESET's technical support engineers to arrange for a more detailed investigation of the infected computer. One thing that will be helpful is to have an ESET SysInspector log available for them to examine.

    You can download a copy of ESET SysInspector from ESET, create a log file and mail it to support@eset.sk for analysis by a support engineer.

    Regards,

    Aryeh Goretsky
     
Thread Status:
Not open for further replies.