Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Does anyone know what this virus does?


  • Please log in to reply
14 replies to this topic

#1 Curiousp

Curiousp

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:29 AM

Posted 11 April 2011 - 01:59 AM

Nod32 detected INF/Autorun.sz virus a few days ago. Nothing recognizes this .sz, or nothing really describes what it does.

Does anyone have any knowledge of what this strange replicating virus does?

Thanks :)

Edited by Budapest, 11 April 2011 - 04:57 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~Budapest


BC AdBot (Login to Remove)

 


#2 Curiousp

Curiousp
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:29 AM

Posted 17 April 2011 - 09:34 PM

Anyone know?

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 PM

Posted 17 April 2011 - 10:00 PM

Do you have the full path to it as this is possibly a False positive. We should double check it before we take action.

Lets' upload this file for a second opinion on what it actually is..

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.
<filepath>suspect.file

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/


NOTE:
For submission to a specific anti-virus vendor see Submitting Virus Samples: How to Submit a Virus.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Curiousp

Curiousp
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:29 AM

Posted 17 April 2011 - 10:32 PM

Thank you for the info. I am just wondering, how do I locate the file if numerous places were "infected." Nod says that the D drive and C drive where HP printer files were, are infected.

Sorry I am new to Jotti and Virus Total so I didn't know how to find everything.

Thanks

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 PM

Posted 18 April 2011 - 09:10 AM

Is it in Nod's quarantine? That should show where it was found.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Curiousp

Curiousp
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:29 AM

Posted 19 April 2011 - 04:20 AM

Yes, do I just search to that particular area? And does it harm any files within that area?

Thanks

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 PM

Posted 19 April 2011 - 03:40 PM

Yes search there and A file in Quarantine can no longer arm the PC.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Curiousp

Curiousp
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:29 AM

Posted 20 April 2011 - 01:30 AM

Well D:/Autorun.inf cannot be found anymore as Eset quarantined and deleted it a while ago. I also tried to manually delete the file by using command prompt to search for autorun.inf files. There were none when I used the Attrib prompt to discover hidden files.

I searched to the HP digital imaging files that were "infected" and when I found the folder it had individual files in it. Is it worth uploading each individual file in that folder that was supposedly infected? Or does this mean that they have been cleaned now and no longer a threat?

Thank you

B)

#9 JacobHall

JacobHall

  • Members
  • 300 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 20 April 2011 - 05:09 AM

Upload a couple of them to jotti, or http://www.virustotal.com/

If its only ESET that finds them as a threat, it most probably is a false positive.

#10 Helpdesk Security

Helpdesk Security

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 20 April 2011 - 08:28 AM

Well D:/Autorun.inf cannot be found anymore as Eset quarantined and deleted it a while ago. I also tried to manually delete the file by using command prompt to search for autorun.inf files. There were none when I used the Attrib prompt to discover hidden files.

I searched to the HP digital imaging files that were "infected" and when I found the folder it had individual files in it. Is it worth uploading each individual file in that folder that was supposedly infected? Or does this mean that they have been cleaned now and no longer a threat?

Thank you

B)


Hi,

I've also been hit with this, and it's a right pain! I use Eset, and it cought it, but I've also had problems with Eset not loading ahnd erattic drive peroblems on a nice new Sony! In Eset's Smart Security, you can go to the quarantine section, click on the infected (and quarantined) file, and report it from there. There is also some useful informatin ont he Sophos Sophos site but it's waaaaay old.

Does anyone have any clear instructions on this one?

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 PM

Posted 20 April 2011 - 03:39 PM

I believe Nod safely removed it.

When is AUTORUN.INF really an AUTORUN.INF?

http://www.eset.eu/encyclopaedia/inf-autorun

Short description
INF/Autorun is generic detection of the AUTORUN.INF configuration file created by malware.
Other information
The AUTORUN.INF file contains the path to the malware executable.

This file is usually dropped into the root folder of available drives in an attempt to autorun a malware executable when the infected drive is mounted.

The file(s) may have the System (S) and Hidden (H) attributes present in attempt to hide the file in Windows Explorer.


How to see hidden files in Windows
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Curiousp

Curiousp
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:29 AM

Posted 21 April 2011 - 04:35 AM

How do I actually send the files to virus total or jotti if it is in quarantine? I am asking this because the files are in a folder and it could take a long time to upload them one by one. If nod32 cleaned the file, won't it come up as clean in VirusTotal?

I just want to feel safe on the computer and actually play games without feeling suspicious or anxious that a virus is still in the wait. Will there ever be a time to feel like this, because one can never know if their computer is truly clean? Or if Nod32 missed something...

Thanks

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 PM

Posted 21 April 2011 - 09:36 AM

Nod quarantined,not cleaned the files. It cleaned the PC as in removed the threat. Quarantined files can no longer harm you.
Make it easy and peaceful if its been a weekand the machine operates normally then empty the quarantine and be fre of it. Or you can submit them to ESET thru the quarantine.

Or http://msmvps.com/blogs/trafton/articles/4887.aspx
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Curiousp

Curiousp
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:29 AM

Posted 22 April 2011 - 11:24 PM

Okay thank you so much for your help. I will keep observing the machine for any indications of infection, but it has been a week and a half and no problems have come up so I think we are okay. If you right click the files in quarantine and press delete from quarantine, is that the right button to press to remove the files/threats?

Thanks for all your time and effort

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:29 PM

Posted 23 April 2011 - 12:35 PM

How do I delete a quarantined file in ESET Smart Security? (4.x)

You're welcome.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users