help please - Worm found in operating memory

Discussion in 'ESET NOD32 Antivirus' started by mastaliu, Aug 4, 2009.

Thread Status:
Not open for further replies.
  1. mastaliu

    mastaliu Registered Member

    Joined:
    Aug 4, 2009
    Posts:
    2
    I ran NOD32 2.7 with current virus signature database and received this message:

    Worm Win32/AutoRun.FlyStudio.M found in operating memory. System memory infection originated from file C:\WINDOWS\system32\XP-2ED84077.EXE.

    I can't delete or fix, any ideas on how to remove much appreciated, thanks.

    mastaliu
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,408
    1, rename the file C:\WINDOWS\system32\XP-2ED84077.EXE (a restart and booting to safe mode may be necessary)
    2, install EAV 4.0.437 unless you use Windows 95/98/ME
    3, send the previously renamed file to samples[at]eset.com per these instructions.
     
  3. mastaliu

    mastaliu Registered Member

    Joined:
    Aug 4, 2009
    Posts:
    2
    Thanks for the reply. I can't find the file:

    C:\WINDOWS\system32\XP-2ED84077.EXE.

    where the infection originated. I searched, viewed hidden files, etc.

    Any ideas?

    thanks for the assistance.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,408
    Neither in safe mode or after booting from a clean media in case it's protected and hidden by a rootkit? Anyways, upgrade to EAV 4.0.437 first and see if it's removed. Should there be a problem removing it with v4, a log from SysInspector might shed more light.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.