Have a worm and NOD32 does not delete it

Discussion in 'ESET NOD32 Antivirus' started by Albinoni, May 25, 2011.

Thread Status:
Not open for further replies.
  1. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    Not sure or what the hell has happened here but I have got a worm and the NOD32's red box keeps popping up all the time (driving me mad).

    Here's what is says:

    Object: G:\autorun.inf

    Threat: Win32/AutoRun.Agent.ZN.Gen.Worm

    Information: Cleaned by deleting - quarantined

    Ok NOD32 has grabbed it but it does not delete it or get rid of of it completely.

    Help pls
     
  2. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    Re: Have a worn and NOD32 does not delete it

    Ok now this is really strange, it happens only when I plug in my Creative Zen X-FI II MP3 player which is a flash based MP3 player and has also a 16GB MicroSD card installed in it. So therefore I get 2 extra drive show up on my PC being F and G in My Computer.
     
  3. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Re: Have a worn and NOD32 does not delete it

    which version of nod32 are you running?
     
  4. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    Re: Have a worn and NOD32 does not delete it

    Version 4.0.474.0
     
  5. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
    Re: Have a worn and NOD32 does not delete it

    Would definitely suggest updating to the latest version (4.2.71.2) and running a scan again on each drive individually. The KB Article for doing this is below:

    http://kb.eset.com/esetkb/index?page=content&id=SOLN2116

    Sounds like the trojan could be resident on the SD card and is trying to install itself on your system when the mp3 player syncs?
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Re: Have a worn and NOD32 does not delete it

    Disable real-time protection for a moment, view G:\autorun.inf, check for the exe file it triggers (or dll loaded via rundll32.exe), enable real-time protection and submit the exe/dll to ESET.
     
  7. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    Ok this only happen when ever I plug in one of my MP3 plauyers and by doing this it craetes a new drive eg G or F drive.
     
  8. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    Re: Have a worn and NOD32 does not delete it

    Sorry I cannot seem to find the G:\autorun.inf file in the F or G drive.

    Like I said before these F or G drives are created when ever my MP3 player s plugged in, and this threat only pops up when ever I plug in my player.
     
  9. tony_m

    tony_m Eset Staff Account

    Joined:
    Nov 22, 2010
    Posts:
    239
    Hi Albinoni,

    Are you still experiencing any issues? If so, have you tried by running an in-depth scan of all your drives (fixed and removable)?

    -from the main program window, click Computer scan > Custom scan.
    -from the Scan profile drop-down menu, select In-depth scan.
    -from the Scan target section, make sure all your local and removable drives are selected (you'll need to plug all your drives in order for them to appear on that list).
    -click Scan at the bottom and wait until the scan is finished.

    Let us know about the results of that scan.

    Thank you.
     
  10. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Looks like a dropper or downloader is creating copies of the worm everywhere
     
  11. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    in addition, select operating memory in the list, make sure you have smart optimization disabled
     
  12. ashishsingh1508

    ashishsingh1508 Registered Member

    Joined:
    May 27, 2011
    Posts:
    125
    Location:
    Pune
    Its common that two drives are created when plugging in any ipod or any player like that. So don't worry. One drive is for music players system memory and second is for external memory like memory card

    Thanks
    Ashish Singh
     
Thread Status:
Not open for further replies.