NOD32 & a new USB trojan

Discussion in 'ESET NOD32 Antivirus' started by datadata, Nov 15, 2011.

Thread Status:
Not open for further replies.
  1. datadata

    datadata Registered Member

    Joined:
    Oct 14, 2007
    Posts:
    14
    Hi all

    I used a USB that a month ago was used by a shop, I was keeping it on shelf for all that time, yesterday once I opened it I found the folder that had my pictures (no problem here) and 3 files with exe extension and they have a folder icon to fool people who has extensions hidden as it seem to me, I saw a message of warning but I noticed it was from my firewall Comodo (not my antivirus) saying it is a bad file, it is the first time I saw comodo doing reaction in this manner, always the same firewall box of allow and dont allow (you know...).

    I have windows 7 (up to date) , Comodo 5.8.213334.2131, RUbotted beta,
    nod32 4.2.71.2 antivirus

    NOD32 info in details:
    Virus signature database: 6629 (20111114)
    Update module: 1037 (20110921)
    Antivirus and antispyware scanner module: 1329 (20111031)
    Advanced heuristics module: 1118 (20110419)
    Archive support module: 1136 (2011081:cool:
    Cleaner module: 1051 (20110420)
    Anti-Stealth support module: 1026 (2011062:cool:
    ESET SysInspector module: 1220 (20110517)
    Self-defense support module: 1018 (20100812)
    Real-time file system protection module: 1006 (20110921)

    (these data is as of now not yesterday)

    I have two questions...

    I deleted those files, as I think Comodo said it couldn't do that, but I saw other files: backup.exe & update.exe on Drive D (I have C, D, portable F (connected)), at this point I panicked.

    (1)How did these files get copied to drive D while I have all windows autoruns disabled? and I didn't execute the USB files o_O?

    (2)and the basic question why didn't nod32 catch them since they are old, the USB has been offline for a month so these files are at least 1 month old? I also used www.virustotal.com and almost all results said it is a Trojan and nod32 had "-" as result (meaning nothing found), also Panada no results but every other antivirus listed it as trojan.

    The name of the Trojan as per kaspersky is:

    HEUR.Trojan.Win32.Generic , I think and I couldn't find any other traces.

    Please help on these two issues o_O

    Extra question: I scanned using Kaspersky removal too all settings on high & using symantec online, and superantispyware, and sting, do I need to do something else ?
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    it could be malware but equally false positive. with files gone we'll never know
     
  3. datadata

    datadata Registered Member

    Joined:
    Oct 14, 2007
    Posts:
    14
    Thanks for input Cudni

    One file already submitted to ESET although I doubt that this is what was missing ESET to decide it was a malware, it is possible but unlikely, I tend to believe that they have decided that it is a false positive.

    I respect companies that only trust their own judgment but you have to be extremely sure when all other companies says otherwise.

    Whether ESET tag it or not as a malware won't change my mind in this particular case; a couple of stealth files on a USB drive with .exe extension and an icon resembling a folder and copying themselves to my other drives without invitation, with all due respect and I am sure I know nothing compared to you, I don't need someone to tell me that these are malware or not, I will delete them whatever they are.

    I always taught this to my other friends to always look for files of such characteristic when opening a USB drive and always show hidden and protected files and their extensions and to disable autorun for CDs and USBs, they always have been a victim of viruses from USB drives and I think this is the first time something slipped to my PC that way but I was more puzzled for not seeing an ini file and by how it got around the disabled autorun.

    You could have answered me at least how a possibly non-malware was able to copy itself to my PC from a USB drive bypassing the autorun and without being executed by me :p , I would be thankful!
     
Thread Status:
Not open for further replies.