Does anyone know what this virus does?

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.

Page 1 of 1

You cannot start a new topic
You cannot reply to this topic

Does anyone know what this virus does?

#1 Curiousp

Member

Group: Members
Posts: 74
Joined: 10-April 11
Gender:Female

Posted 11 April 2011 - 01:59 AM

Nod32 detected INF/Autorun.sz virus a few days ago. Nothing recognizes this .sz, or nothing really describes what it does.

Does anyone have any knowledge of what this strange replicating virus does?

Thanks

This post has been edited by Budapest: 11 April 2011 - 04:57 PM
Reason for edit: Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~Budapest

#2 Curiousp

Member

Group: Members
Posts: 74
Joined: 10-April 11
Gender:Female

Posted 17 April 2011 - 09:34 PM

Anyone know?

#3 boopme

To Insanity and Beyond

Group: Global Moderator
Posts: 48,761
Joined: 10-September 04
Gender:Male
Location:NJ USA

Posted 17 April 2011 - 10:00 PM

Do you have the full path to it as this is possibly a False positive. We should double check it before we take action.

Lets' upload this file for a second opinion on what it actually is..

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.
<filepath>suspect.file

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

NOTE:
For submission to a specific anti-virus vendor see Submitting Virus Samples: How to Submit a Virus.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook

#4 Curiousp

Member

Group: Members
Posts: 74
Joined: 10-April 11
Gender:Female

Posted 17 April 2011 - 10:32 PM

Thank you for the info. I am just wondering, how do I locate the file if numerous places were "infected." Nod says that the D drive and C drive where HP printer files were, are infected.

Sorry I am new to Jotti and Virus Total so I didn't know how to find everything.

Thanks

#5 boopme

To Insanity and Beyond

Group: Global Moderator
Posts: 48,761
Joined: 10-September 04
Gender:Male
Location:NJ USA

Posted 18 April 2011 - 09:10 AM

Is it in Nod's quarantine? That should show where it was found.

#6 Curiousp

Member

Group: Members
Posts: 74
Joined: 10-April 11
Gender:Female

Posted 19 April 2011 - 04:20 AM

Yes, do I just search to that particular area? And does it harm any files within that area?

Thanks

#7 boopme

To Insanity and Beyond

Group: Global Moderator
Posts: 48,761
Joined: 10-September 04
Gender:Male
Location:NJ USA

Posted 19 April 2011 - 03:40 PM

Yes search there and A file in Quarantine can no longer arm the PC.

#8 Curiousp

Member

Group: Members
Posts: 74
Joined: 10-April 11
Gender:Female

Posted 20 April 2011 - 01:30 AM

Well D:/Autorun.inf cannot be found anymore as Eset quarantined and deleted it a while ago. I also tried to manually delete the file by using command prompt to search for autorun.inf files. There were none when I used the Attrib prompt to discover hidden files.

I searched to the HP digital imaging files that were "infected" and when I found the folder it had individual files in it. Is it worth uploading each individual file in that folder that was supposedly infected? Or does this mean that they have been cleaned now and no longer a threat?

Thank you

#9 Super Panda

Forum Regular

Group: Members
Posts: 269
Joined: 23-April 08
Gender:Male
Location:Leicester

Posted 20 April 2011 - 05:09 AM

Upload a couple of them to jotti, or http://www.virustotal.com/

If its only ESET that finds them as a threat, it most probably is a false positive.

...

#10 Helpdesk Security

New Member

Group: Members
Posts: 1
Joined: 20-April 11

Posted 20 April 2011 - 08:28 AM

Curiousp, on 20 April 2011 - 01:30 AM, said:

Hi,

I've also been hit with this, and it's a right pain! I use Eset, and it cought it, but I've also had problems with Eset not loading ahnd erattic drive peroblems on a nice new Sony! In Eset's Smart Security, you can go to the quarantine section, click on the infected (and quarantined) file, and report it from there. There is also some useful informatin ont he Sophos Sophos site but it's waaaaay old.

Does anyone have any clear instructions on this one?

#11 boopme

To Insanity and Beyond

Group: Global Moderator
Posts: 48,761
Joined: 10-September 04
Gender:Male
Location:NJ USA

Posted 20 April 2011 - 03:39 PM

I believe Nod safely removed it.

When is AUTORUN.INF really an AUTORUN.INF?

http://www.eset.eu/encyclopaedia/inf-autorun

Quote

Short description
INF/Autorun is generic detection of the AUTORUN.INF configuration file created by malware.
Other information
The AUTORUN.INF file contains the path to the malware executable.

This file is usually dropped into the root folder of available drives in an attempt to autorun a malware executable when the infected drive is mounted.

The file(s) may have the System (S) and Hidden (H) attributes present in attempt to hide the file in Windows Explorer.

How to see hidden files in Windows

#12 Curiousp

Member

Group: Members
Posts: 74
Joined: 10-April 11
Gender:Female

Posted 21 April 2011 - 04:35 AM

How do I actually send the files to virus total or jotti if it is in quarantine? I am asking this because the files are in a folder and it could take a long time to upload them one by one. If nod32 cleaned the file, won't it come up as clean in VirusTotal?

I just want to feel safe on the computer and actually play games without feeling suspicious or anxious that a virus is still in the wait. Will there ever be a time to feel like this, because one can never know if their computer is truly clean? Or if Nod32 missed something...

Thanks

#13 boopme

To Insanity and Beyond

Group: Global Moderator
Posts: 48,761
Joined: 10-September 04
Gender:Male
Location:NJ USA

Posted 21 April 2011 - 09:36 AM

Nod quarantined,not cleaned the files. It cleaned the PC as in removed the threat. Quarantined files can no longer harm you.
Make it easy and peaceful if its been a weekand the machine operates normally then empty the quarantine and be fre of it. Or you can submit them to ESET thru the quarantine.

Or http://msmvps.com/blogs/trafton/articles/4887.aspx

#14 Curiousp

Member

Group: Members
Posts: 74
Joined: 10-April 11
Gender:Female

Posted 22 April 2011 - 11:24 PM

Okay thank you so much for your help. I will keep observing the machine for any indications of infection, but it has been a week and a half and no problems have come up so I think we are okay. If you right click the files in quarantine and press delete from quarantine, is that the right button to press to remove the files/threats?

Thanks for all your time and effort