Hello everyone I am running Vista Ultimate (SP1) and Nod32 (V.642). I regularly use a memory stick as ReadyBoost cache. Vista allocates 860 Kb of the available space (1 Gb) as cache memory, and the rest is available for storage. Today I saved a small Word Document in it, to be printed at a local store, which handles this type of things, as the cartridges in my personal printer need to be replaced and will not print. After getting the print done, I returned to the house and connected the memory stick as always and much to my surprise I got and instant warning from Nod telling me that Autorun.inf in removable drive F: was a virus. Cleaned the offending file, unpluged the stick and reconected it again, this time without any warnings. I could reproduce the same event by taking the document back to the store to be accesed and closing it. No printing the second time. They were on XP SP2 and also running Nod32 (V.2.7) I think this may be a false positive but have no idea where the Autorun.inf was created. Anyone seeing this before? Regards
U got it from local store. I suspect still ur USB stick in infected, the exe might still be there, even hidden. Run another good scanner to confirm. Try Dr.Web Cureit.
there nod32 v2.7 is not uptodate this virus is spreading very fast pls tell store keeper to update there nod32
autorun.inf is a batch file on removable media that most operating systems will try to run by default. The other computer you put the flash drive on has some kind of virus on it that is automatically adding/modifying the autorun file on your flash drive so that it either contains a malicious script or trying to launch a malicious file/webpage that could have also been copied in the process.
It mostly beacuse their V2.7 is not up to date. autorun.inf is just a part of the antorun virus,there may still a exe file left. You need to delete it manually if NOD can not detect.
open the inf to see what it's pointing at, likely to be an exe on the stick, like the adober.exe virus
I went back to the store and they had their Internet restored and surely Nod updated itself and found some virus in their machine. But as most people do, they did not pay attention to whatever message was presented by the program, clicked OK and merryly carried on. They have no idea of what virus was it that infected their PC, and feel satisfied with the cleaning done by the AV. If changes were made to the system files, registry, or whatever they dont seem too much concerned. Not sure if I want to do business with them in the future. INF deleted from quarantine. No way to open it. Cheers epdom
you could run recuva on it and restore the inf, disable autorun on that drive first though or rename it after restoring, then open in notepad
Not me , the malware. It can be hidden file or marked as protected system file. I have seen this with worms travelling via USB drives.