Was hit by a worm but am I still infected?

Discussion in 'NOD32 version 2 Forum' started by xEnvious, Sep 16, 2008.

Thread Status:
Not open for further replies.
  1. xEnvious

    xEnvious Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    15
    So today I was going to move some document stuff over from my computer to my laptop and I put my USB pen drive into my computer. NOD32 v2.7 (and up to date) finds 16 infected files, and cleans 1. I check to see what was going on under "Threat Center" and this is what I found (also, there is nothing in the Quarantine section":

    Time Module Object Name Threat Action User Information
    9/16/2008 15:16:19 PM AMON file F:\Autorun.inf Win32/AutoRun.PI worm error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.

    The "error while cleaning" part is getting me paranoid. I restarted my computer and everything seems to be fine with startup and all. I did another full NOD32 scan and it says I was clean. I also looked up when NOD32 updated for this specific detection and it was quite a while ago. Same goes for the scan McAfee on my laptop (it said I was clean). The laptop is the one I don't care about so I put my USB drive in it again and scanned it and McAfee found one infection but I couldn't find the file. So I went ahead and formatted the USB pen drive and scanned it again - no detections.

    Am I safe or do I have to further steps to see if I'm safe or not?
    And on a side note, can someone exactly tell me how worms are spread so I don't give it to my other comps? Also, can worms transfer via network connections via "My Network Places" even if I don't access it? Thanks!
     
  2. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    If Eset shows you are clean, then you are clean. As far as you other question. Worms
     
  3. xEnvious

    xEnvious Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    15
    Oh, alright. I just needed some assurance. Thanks!

    Although I should edit my first line and it should read this:

    So today ...I move one file to the drive then I move it to the laptop (because NOD32 never informed me of this). McAfee on my laptop detects a something so I quickly check my NOD32 on my desktop and sees that it found 16 infected files, and cleans 1...

    Also when I was checking what was going on, it showed 16 infections and cleaned 1. So what happened to the other 15 files or so?
     
    Last edited: Sep 16, 2008
  4. krypton_harsh

    krypton_harsh Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    84
    can u update u'r avs, rescan and send the screenshot of that log
     
  5. krypton_harsh

    krypton_harsh Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    84
    it may be a autoit / autorun variant already in the memory, and nod32 2.7 sometimes fails to get it off the memory, especially with newer variants,
    kindly send the screen shot of the scan,

    and check these things,

    1. Is it possible for u 2 see the hidden files on u;r computer.

    if yes,

    2. can u check for files names regsvr .exe (FOLDER LIKE ICON ) in %win%\system32 and windows folder.

    regards
     
  6. xEnvious

    xEnvious Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    15
    Hi. Yes I can see hidden files and I can't find the file regsvr.exe.

    I'm just worried about the "error while cleaning - operation unavailable for this type of object" part. What exactly does it mean? Does that mean it couldn't clean the virus/worm on the USB or did it carry over to my computer? (Additionally, Malwarebytes' Anti-Malware didn't find anything either when I scanned my computer so I think I'm okay?) Thanks.
     
    Last edited: Sep 20, 2008
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The message appears if you have AMON set to clean files automatically and an uncleanable threat (e.g. a trojan) is detected. In such case, AMON will deny access to the file, but the file won't be deleted as it's uncleanable. I'd suggest that you upgrade to ESET NOD32 Antivirus (v3) which cleanes/deletes infected files automatically.
     
  8. xEnvious

    xEnvious Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    15
    Ah, so that's why that happens. It's good to hear that the file wasn't opened/executed. I will upgrade to v3 when I have the time. Thank you!
     
  9. Foxfired

    Foxfired Registered Member

    Joined:
    Sep 2, 2008
    Posts:
    46
    Yea I think you should be fine!
     
Thread Status:
Not open for further replies.