Nod32 found MyDoom.R worm but I can't find it!

Discussion in 'NOD32 version 2 Forum' started by goodnewscowboy, May 14, 2005.

Thread Status:
Not open for further replies.
  1. goodnewscowboy

    goodnewscowboy Registered Member

    Joined:
    Jan 6, 2005
    Posts:
    6
    Hello!

    For background info on my problem, I was running AdAware SE this AM doing a full scan and I walked out of the computer room. When I came back, AdAware was still scanning but there was a Nod 32 alarm telling me it had found the MyDoom.R worm. (I mention this in case this problem is somehow related to the AdAware scan.)

    Nod32 would not allow me to quarantine or delete it. The file path it described for the location of the worm was non existent as well.

    I went to the temp file it described and there were *no* directories listed that matched what the alarm suggested.

    I reran Nod32 and ran TDS-3 as well, and I could not replicate the alarm.

    Is it possible Nod32 could have been mistaken? If not, any suggestions on my next course of action?

    I am running Win2KSP3.

    Many thanks, Bullitt
     
    Last edited: May 14, 2005
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    That's because AMON deleted it from the temp folder automatically.
     
  3. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    I observed that when Adware scans the disk, nod32 (AMON) is scanning the disk too (following the adware scan). Thats why NOD32 has fount that worm.
     
    Last edited: May 14, 2005
  4. goodnewscowboy

    goodnewscowboy Registered Member

    Joined:
    Jan 6, 2005
    Posts:
    6
    I'm not positive, but I believe the warning dialogue that came up said something to the effect that it *couldn't* delete it.

    Also, I have what is probably a dumb question, but I couldn't find the answer on Eset's website.

    Can I install 2.5 over top of 2.0 or do I need to uninstall/reinstall like I did with the trial version?

    Thanks, Bullitt
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    You can install over the top.
     
  6. Mike415

    Mike415 Registered Member

    Joined:
    Mar 13, 2005
    Posts:
    42
    I didnt know Amon scans the dick. I thought it scanned the disk...
     
  7. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    corrected :oops:
     
  8. Gauthreau

    Gauthreau Guest

    Tee hee :)

    Did you clean your temp folder since you ran the scan? Through I.E or anything like that?

    Neil
     
  9. goodnewscowboy

    goodnewscowboy Registered Member

    Joined:
    Jan 6, 2005
    Posts:
    6
    No. I immediately went looking for the file when I saw the alarm.

    I wish I knew more about this stuff. I only use Opera for a browser, *never* IE and I run TDS-3, Nod32, Process Guard, Worm Guard and Zone Alarm 4.5 not to mention that I sit behind a hardware firewall so I would have thought that it would have been next to impossible for anything to get into my system.

    Now, since I can't replicate finding it again, it is making me wonder if it was somehow a false alarm by Nod32. Yet how could it have given such explicit directory mapping with a false alarm?

    And even if it *was* automatically deleted by Nod32 like Marcos suggested above, the directory files wouldn't have been deleted, just the file. Which means the directories would still be intact. But they're not! Arggghhhhhhhh!

    Oh the "good old days" of Win 3.1 before the scum of the earth started producing all this crap!

    B.
     
Thread Status:
Not open for further replies.