WORM_OTORUN.ASH

We have several systems that are infected by this worm but Eset is identifying it as Ramnit.A.Gen (generic) and is allowing it to spread.

Is there a Def update for this?



http://about-threats.trendmicro.com/Malware.aspx?language=us&name=WORM_OTORUN.ASH

 

Is the malware detected as soon as you plug in a removable media?

 

I am not on site so I don't know. It seems to be spreading through shares because nod32 is not removing the infected lnk files

 

Lnk files as such are not dangerous. If a lnk file points to an existing actually infected file, it would be detected as well. If the virus is spreading via shares, try to find the computer from which it's spreading. Maybe ESET is not installed on it or the signature db is outdated or some protection modules are disabled.

 

I don't see this listed anywhere on the threat center definition updates. NOD32 will not remove the files...

 

ESET is unable to clean it...

Win32/Ramnit.A.Gen virus unable to clean

 

Is there a way I can submit this file for review?

 

email the files to samples@eset.com

be sure to put the files in a zip file, and password protect the file as: "infected" as well as putting the password in the mail to samples@

 

I sent the file... this needs to be addressed asap

 

Here is more information on the worm

http://www.computersecurityarticles.info/tag/font/

 

Seems strange that you're getting this infection even though it seems to rely upon MS10-046, which was patched by Microsoft many months ago. Are your systems patched for that vulnerability?


Jim

 

I don't know about all my my desktop machines but my servers have the kb2286198 security update. The server that I am working with right now has the update and has updated def with eset but is still infected...