# [SOLVED] C:\autorun.inf keeps on getting detected by Nod32 (W32/PSW.Agent. NDP trojan



## Wox (Jan 10, 2007)

This is happening on a XP laptop with Nod32 as antivirus (duh!)
A few minutes after logging on Nod pops up saying C:\autorun.inf is infected (Win32/PSW.Agent.NDP trojan).
I chose to delete the file and it pops back up.
Looks like either 
[1] Nod is finding a sytem file (keeps on regenerating) as false positive
[2] I'm infected by a weird trojan

I would be doing some online scanning and stuff, will be creating a thread in HJT forum.
For now can someone tell me what they know please...ray:ray:


----------



## Go The Power (Mar 5, 2007)

*Re: C:\autorun.inf keeps on getting detected by Nod32 (W32/PSW.Agent. NDP trojan)*

Hiya Wox

Here is some information:
http://www.sophos.com/security/analyses/trojlegmiraqk.html


----------



## Wox (Jan 10, 2007)

*Re: C:\autorun.inf keeps on getting detected by Nod32 (W32/PSW.Agent. NDP trojan)*

Hi GTP, thanks for the info, but I still don't know how to get rid of it.. :4-dontkno:

EDIT: I seemed to have found one.
Can anybody "review" the info that I found and tell me if that solves it?



alpha (simplified and translated by me) said:


> 1. Turn off System Restore.
> 2. Clean out all the temp files.
> 3. Using regedit, search for and delete all the entries for these- [c0nime.exe 、iexpl0re.exe 、winlog0n.exe, rundl132]
> 4. Delete the following files with Killbox-
> ...


Thanksray:

P.S. by "simplified and translated" I mean by removing all the instructions on downloading Killbox, turning off System Restore, running regedit, etc etc; then I translated it from Chinese to English. :laugh:


----------



## Wox (Jan 10, 2007)

*Re: C:\autorun.inf keeps on getting detected by Nod32 (W32/PSW.Agent. NDP trojan)*

Alright, no need to confirm that anymore you guys, cos it ain't working.
Seems like Nod32 is really worked up, today it found W32/Pacex.Gen on C:\ntdelect.com and www.microsofttw.com/gto/ubs.exe. Seems like some website is trying to feed me viruses?
Doing scans right now.


----------



## Wox (Jan 10, 2007)

*Re: C:\autorun.inf keeps on getting detected by Nod32 (W32/PSW.Agent. NDP trojan)*

Jeez.. spent some 35 minutes on this issue and finally got it solved.
Turned out to be a Kavo virus, directions on solving here and the final Kava killer here..
Kava is also known to spread via USB drives, and the killer for that is here
Be nice to Chinese (and Taiwanese) people- they apparently know a lot.. :grin:


----------



## Wox (Jan 10, 2007)

*Re: C:\autorun.inf keeps on getting detected by Nod32 (W32/PSW.Agent. NDP trojan)*

This thread is solved, and I might write a short guide on using five important tools (that I gathered) to get rid of it... I just might.


----------

