WORM_OTORUN.ASH

Discussion in 'ESET NOD32 Antivirus' started by aluminex, Mar 28, 2011.

Thread Status:
Not open for further replies.
  1. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Is the malware detected as soon as you plug in a removable media?
     
  3. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143
    I am not on site so I don't know. It seems to be spreading through shares because nod32 is not removing the infected lnk files
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Lnk files as such are not dangerous. If a lnk file points to an existing actually infected file, it would be detected as well. If the virus is spreading via shares, try to find the computer from which it's spreading. Maybe ESET is not installed on it or the signature db is outdated or some protection modules are disabled.
     
  5. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143
    I don't see this listed anywhere on the threat center definition updates. NOD32 will not remove the files...
     
  6. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143


    ESET is unable to clean it...

    Win32/Ramnit.A.Gen virus unable to clean
     
  7. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143
    Is there a way I can submit this file for review?
     
  8. Geosoft

    Geosoft Registered Member

    Joined:
    Jan 7, 2009
    Posts:
    270
    Location:
    Toronto, Ontario, Canada
    email the files to samples@eset.com

    be sure to put the files in a zip file, and password protect the file as: "infected" as well as putting the password in the mail to samples@
     
  9. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143
    I sent the file... this needs to be addressed asap
     
  10. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143
  11. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Seems strange that you're getting this infection even though it seems to rely upon MS10-046, which was patched by Microsoft many months ago. Are your systems patched for that vulnerability?


    Jim
     
  12. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143
    I don't know about all my my desktop machines but my servers have the kb2286198 security update. The server that I am working with right now has the update and has updated def with eset but is still infected...
     
    Last edited: Mar 29, 2011
Thread Status:
Not open for further replies.