Is my computer clean...nod32 detected Conficker worm?

Discussion in 'ESET NOD32 Antivirus' started by dannyeluciane, Jun 26, 2009.

Thread Status:
Not open for further replies.
  1. dannyeluciane

    dannyeluciane Registered Member

    Joined:
    May 22, 2008
    Posts:
    70
    Location:
    USA
    Hello everyone,

    Today I plugged in my USB flash disk and Nod32 alerted that it blocked E:\Autorun.inf INF/Conficker worm. It tried to access
    C:\Windows\System32\svchost.exe.
    I remember hearing about this worm a while back and I am concerned.

    I have some questions:
    Is there anyway I can know if my system is truly clean?
    Is there anyway I can protect my USB flash disk?

    I use Nod32 v.4.0.437.0.
    Windows 7, with limited user account, password protected.
    On demand scan with Malwarebytes Antimalware.

    Thanks,
    Danny
     
  2. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    If it was detected while trying to execute off the USB key you should be fine. Installation of the worm would have required priviledge elevation to install, and a limited users account will prevent that. Disabling autoplay is a good way to stop threats like this one from spreading over USB keys. I would recommend looking up instructions on how to globally disable the feature on Windows 7.
     
  3. dannyeluciane

    dannyeluciane Registered Member

    Joined:
    May 22, 2008
    Posts:
    70
    Location:
    USA
    Thanks for the quick response. Good to know that I was safe. I was using the limited account and the only thing that popped up was the alert from Nod32, no screen requesting an admin password. I ran a scan with Malwarebytes' and it didn't find anything. I will do some online scans just to make sure.

    I figured out how to disable the autoplay. The autoplay box that pops up after inserting a cd or usb key has a "View more Autoplay options in Control Panel." option. I clicked that. Under "Choose what happens when you insert each type of media or device" I unchecked the box "Use AutoPlay for all media and devices." I ran tests with some CDs and the USB key and they didn't autoplay.

    I also noticed that Nod32 v.4 has the option to block all removable media. I activated that also.

    Thanks,
    Danny
     
  4. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  6. dannyeluciane

    dannyeluciane Registered Member

    Joined:
    May 22, 2008
    Posts:
    70
    Location:
    USA
    LoneWolf, thank you for the link. According to the eye chart I am not infected. I ran some online scanners, all show that my computer is clean.

    Nod32 did a great job blocking and preventing the worm from infecting my computer!

    Thanks,
    Danny.
     
  7. dannyeluciane

    dannyeluciane Registered Member

    Joined:
    May 22, 2008
    Posts:
    70
    Location:
    USA
  8. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Most welcome, glad it was of use to you.
     
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    That doesn't entirely kill the autoplay and autorun. You may want to immunize both your system and USB drives with Panda USB Vaccine (http://research.pandasecurity.com/archive/Panda-USB-Vaccine-with-NTFS-Support.aspx).

    It will prevent further infections of any of your USB drives. Also tell your family and friends to do it. The more folks protected the better. ;)

    P.S: Eset folks, sorry for the little advertising, but its for a greater well being. ;)
     
  10. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    why use another resident prog? is what Eset provides, and it worked on this occasion, not sufficient?
     
  11. dannyeluciane

    dannyeluciane Registered Member

    Joined:
    May 22, 2008
    Posts:
    70
    Location:
    USA
    M00nbl00d, thanks for the information, though i couldn't get the link to work. I googled it and found it on download.com. I downloaded it and installed it on my computer. Easy program to use. I will pass it along to my family and friends.

    I am curious how is this different from the disable removable media option in the Nod32 v4 advanced settings?

    Thanks,
    Danny.
     
  12. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Easy answer. It will prevent your USB flash drive from becoming infected if you insert it in other machines that aren't yours, and may not be protected to prevent infections spread that way.

    NOD32 option is only good if everyone has it. With Panda's utility, it doesn't matter if other systems aren't protected, because your USB flash drive is immunized.
     
  13. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Microsoft released a patch to close the hole in Windows that Conficker used to infect Windows. So if you keep up with your Microsoft updates...that update was released way back last year...October 2008 (MS 08-067) . So if you have that update, your Windows was immune to it all by itself, it would have shrugged it off like water off a ducks back.
     
  14. dannyeluciane

    dannyeluciane Registered Member

    Joined:
    May 22, 2008
    Posts:
    70
    Location:
    USA
    M00nbl00d, thanks for clarifying the difference. It is a great program. I use Lan Houses all the time with my usb flash disk. It pretty much eliminates the chances of me getting an infection through the USB! It is great to have Nod32 v.4 working with the USB vaccine.

    Again thank you,
    Danny
     
  15. dannyeluciane

    dannyeluciane Registered Member

    Joined:
    May 22, 2008
    Posts:
    70
    Location:
    USA
    YeOldeStonecat, Yes I have the Windows auto update on. I also have Nod32 set to monitor the system updates. Great to hear I was already immuned to it! I wasn't aware of that. I didn't realize how many different things were already protecting my computer...auto updates, windows limited account user, and Nod32. And now the Panda USB vaccine.

    Thanks,
    Danny
     
Thread Status:
Not open for further replies.