help please - Worm found in operating memory

Discussion in 'ESET NOD32 Antivirus' started by mastaliu, Aug 4, 2009.

Thread Status:
Not open for further replies.
  1. mastaliu

    mastaliu Registered Member

    Joined:
    Aug 4, 2009
    Posts:
    2
    I ran NOD32 2.7 with current virus signature database and received this message:

    Worm Win32/AutoRun.FlyStudio.M found in operating memory. System memory infection originated from file C:\WINDOWS\system32\XP-2ED84077.EXE.

    I can't delete or fix, any ideas on how to remove much appreciated, thanks.

    mastaliu
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    1, rename the file C:\WINDOWS\system32\XP-2ED84077.EXE (a restart and booting to safe mode may be necessary)
    2, install EAV 4.0.437 unless you use Windows 95/98/ME
    3, send the previously renamed file to samples[at]eset.com per these instructions.
     
  3. mastaliu

    mastaliu Registered Member

    Joined:
    Aug 4, 2009
    Posts:
    2
    Thanks for the reply. I can't find the file:

    C:\WINDOWS\system32\XP-2ED84077.EXE.

    where the infection originated. I searched, viewed hidden files, etc.

    Any ideas?

    thanks for the assistance.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Neither in safe mode or after booting from a clean media in case it's protected and hidden by a rootkit? Anyways, upgrade to EAV 4.0.437 first and see if it's removed. Should there be a problem removing it with v4, a log from SysInspector might shed more light.
     
Thread Status:
Not open for further replies.