??? My name is Mark. My username is <removed>... This is a problem with the final release version of NOD32 v2.

Here is my system file information:

NOD32 Antivirus System information
Virus signature database version: 1.438 (20030615)
Dated: Sunday, June 15, 2003
Virus signature database build: 3731

Information on other scanner support parts
Extended heuristic module version: 1.002 (20030606)
Extended heuristic module build: 1030
Archive support module version: 1.001 (20030526)
Archive support module build version: 1032

Information on installed components
NOD32 For Windows NT/2000/XP - base
Version: 2.000.2
NOD32 For Windows NT/2000/XP - Internet support
Version: 2.000.2
NOD32 for Windows NT/2000/XP - standard component
Version: 2.000.2

Operating system information
Platform: Windows XP
Version: 5.1.2600 Service Pack 1
Version of common control components: 5.82.2800
RAM: 512 MB
Processor: Intel(R) Pentium(R) 4 Mobile CPU 1.50GHz (1495 MHz)

I have enclosed pictures in a .jpeg format so you can better understand my problem as well as see it for yourself. When I right click on the eicar.zip files and choose NOD32 Antivirus System. When the eicar.zip file is scanned the virus is detected. When I click the clean button I am presented with three options: leave button, putting a checkmark in quarantine, and quit scanning there is also a details button. There are button options shown in the box but they are shaded or grayed out for whatever reason I don’t know. This wasn’t a problem w/ NOD32v2b5. In that version I didn’t have this problem as described above. I have also tried the admin version of NOD32 v2 and still encounter the same problem as described above. Any and all help would be appreciated. If possible could you give step-by-step instructions on how to correct this problem? My email address is <removed>.

Thanks,
Mark

If anyone has any idea on how to fix this problem please email me. If you need to see the pictures I was talking about drop me an email or im...

- Removed personal information and reformatted post - LWM

Hi Mark,

Just to let you know, I have removed your personal information (full name and email address) from your posting here. However, that information is still available to the Eset Moderators, if they need to contact you directly. ;)

If possible, could you add a post or two here and attach to them any pictures you think best show this problem?

As a member of the Wilders Security Forums, you can now attach one picture to each reply you post here in this thread. Please see the FAQ link (below) for an explanation of how to attach a single picture to each post you wish to make...

"FAQ: Screen Shots and Image Posting (http://www.wilderssecurity.com/showthread.php?t=5513)"

I hope we can help you with this problem,
LowWaterMark

Here is the first of five .jpeg files showing the problem.

Here is the 2 of 5 .jpeg files showing the problem.

Here is 3 of 5 .jpeg files showing the problem.

Here is 4 of 5 .jpeg files showing the problem.

Here is 5 of 5 .jpeg files showing the problem.

Any and all help would be appreciated in helping bring this problem to a close. Thanks for the help in advance.

In the first pic, in the setup, you need to select the "clean" option in the "if virus is found" column. That will enable the clean options to be chosen when needed.

bones

EDIT: Also check in Amon setup, security tab, for the supported actions to be shown when virus is found.

bones, are you sure.?
The notify/offer action option should still offer the other actions if possible.
I understand , that the notify/offer action option are for those that likes userinvolvement, and dont want automatical cleaning.
Am i missing something??
Regards
Ole ???

Pic 1 corresponds to my set up (in NOD v.1). When notify/offer action is clicked, the right hand section is greyed out. If I click on "clean" then the right hand section offers options for what to do with uncleanable stuff. (As is noted right below the top of the panel: "Actions are only taken in cleaning mode.")

Sig, your right.
Thanks :)

Madsen DK,

Bones and SIG are only correct about one thing...that selecting the Clean option from the setup panels of the scanners does make the options on the right side of the dialogue box available (it "ungrays" them). But, your (Madsen DK's) first ascertion that this shouldn't make any difference to someone wanting to be prompted for action is correct; a prompt for action should allow the user to take any and all available actions...clean, delete, quarantine, rename, leave. If you try SIG's or Bones' recommendation, you will find that it does not make any difference to the issue at hand. The intention of that capability was to offer all action prompts under all conditions, or to offer all other action prompts if cleaning (without a prompt) couldn't be accomplished. It was not intended to dissallow certain actions to those who choose to be prompted - and it doesn't.

Here's the real problem, and this occurs whether you have your scanners set as RadiCalb21 did, i.e. "Set To Prompt For Any Action", or set as Bones and SIG suggested, i.e. "Set To Prompt Only If Unable To (Auto) Clean" (I wrote this in an earlier, very long post to which no one responded):
_________________________________
From Post "Command Line Switches, IMON, Archives, Download Utilities" 6/14

3. IMON aside, all modules of NOD32 seem unable to delete archive files (at least not the EICAR zips). The virus inside is detected for both the single-level and multiple-level zip files, but no action (clean, quarantine, rename, delete) can be taken by NOD32. The viruses are simply identified and must be deleted manually by the user. Is this normal behavior, and if so, why are the options to perform these actions on archives even made available in the SETUP dialogues?
_________________________________

The above only relates to the archives. Either way you set up your scanners ("Prompt Always" or "Prompt If Can't Clean"), scanning of the non-zip EICAR files does give you the options of leave, rename, and delete but clean and quarantine are still disabled (grayed-out).

Conclusion:

With archives (at least the EICAR zips), NOD32 v2 offers no solution other than "leave" (which means you must manually delete). Is this what ESET intended? Or is there a bug? Furthermore, why is "quarantine" disabled when scanning the non-zip EICAR files with the on-demand scanner while the other options (except for "clean") are available? And since "clean" is disabled in all instances, can NOD32 "clean" anything (this is difficult to determine without having anything to test with except EICAR files)?

I have tested this every way you can think of, and the results are the same every time.

Thanks for reading.

I tried what you all said and it didn't work. I have redone the jpeg files to show what I did.

Second picture

Third picture

Fourth picture

Fifth picture

Sixth picture

Any and help would be appreciated. I would really like to have some input from an eset moderator about this issue. Thanks for the help again.


Mark

Well.. it's somewhat late, and I'm tired and lazy.. so.. I only quickly checked the thread...

However, as far as I understood, there are two issues.. why no actions are available, and why it says it can't clean it.

First of all, per definition, many things can't be "cleaned" ("disinfected") because the file itself is not infected. Either it is overwritten by an overwriting virus, the malware consists of the whole file (eicar/backdoor/worm, etc), the file is damaged, or there is no disinfection routine for that specific virus.

Nowadays, most of the things that are spreading are "uncleanable" because it's mostly worms, and per definition, it hasn't infected a file. In order to "clean" it, you delete the file.

The second thing is that the NOD32 scanner doesn't clean/affect files that are located inside archives. In order to remove it, either manually open the archive, and delete the file in question, or delete the whole archive.

Best regards,
Anders

Good info Anders. THX
Im for sure learning something new everyday (almost) :)
Regards
Ole

Hi,

if a virus is inside a classic archive (not runtime packer) it can't be executed. If the archive (classic or runtime) is open Amon blocks the infection.

You can use the the method Anders wrote for removing the virus.

Thanks,

jan

Yea. We all know how a virus works (or doesn't work) inside an archive. And we all know (hope) that AMON will catch the virus if the archive is unzipped.

But doesn't it matter to anybody (and if not, shouldn't it matter) that the program interface offers options on the Actions tab of the Setup screens that allow for cleaning, renaming, quarantining, and (auto) deleting archive viruses, yet we find out through our own testing that these options are useless?

Yea. We can manually delete files, but when the program gives the impression that it can handle the job through the options it offers but doesn't deliver, then it looks like a bug or poor implementation, not a deliberate action on the part of the programmers.

I've noted several other inconsistencies with what the options offer or the documentation says which conflict with what the program can actually do.

Don't get me wrong, I chose NOD32 over a lot of other AV programs I checked out (mostly for its speed and low resource use), and I gave up NAV after using it for years. But I still think that it's really poor to implement "dummy" options or to make documentation claims that turn out to really do nothing or do less than what is implied or explicitly stated.

I just don't understand all this, "Yea. It doesn't work, but all you have to do is this to get around it." That is not helpful at all.

I agree with you. Also why was this function in v2b5 and not in the final release. Anyone have any answers???

{QUOTE-> Yea. We can manually delete files, but when the program gives the impression that it can handle the job through the options it offers but doesn't deliver, then it looks like a bug or poor implementation, not a deliberate action on the part of the programmers. <-QUOTE}

Hmm.. true.. It should have some "Blah, blah, no action because, blah, blah archive" explanation.

However, when it detects a file as infected, and it's set to ask the user for action.. it "must" display that window... I don't want it to be inconsistent and showing different windows, etc.. However, an explanation as to why it's not possible might be nice. If nowhere else, than in the help file ;P

{QUOTE-> I've noted several other inconsistencies with what the options offer or the documentation says which conflict with what the program can actually do. <-QUOTE}

Please e-mail or PM Jan or "someone else" (you can send it to me and I'll check/forward it) regarding any inconsistencies you find. I prefer to receive it via e-mail.. (anders @ eurosecure.com)

Best regards,
Anders

Radicalb21,

I guess I am kinda unsure what is left unresolved.

I am unsure what you meant in your initial post abou the greyed out options. Is that the ones on the right side of the "Actions" settings tab? As mentioned later in the thread (and verified on my station) if you move the left bullet selection from "notify/offer action" to "clean" than those other buttons become selectable.

If, however, you mean the PopUp window after you press the clean button having four greyed out buttons (Clean, Rename, Delete, Replace) that is also explained later in the thread that NOD cannot clean a file within an archive. You can further test this by extracting the contents of the zip within that folder and AMON will immediately pop up and give you rename or delete options.

Does this answer your question or am I completely off-base? :D

Well then why in NOD32v2b5 have those options possible and not the final release of the product. This was even possible in earlier version of NOD32 BETA program. I guess I would just like to hear why it changed or why it isn't possible in the final product. This is in reference to the pop-up window after you press the clean button and in the pop-up window the only options available are the leave button, putting a checkmark inquarantine, quit scanning, and details. In the beta versions of NOD32 the other options were available (ie delete, and rename). I have done a side by side comparsion of the final release of NOD32v2 & NOD32v2b5 and the only differences I can see is some objects (files) are different size as far as bytes and some .dll files are a higher version number other then that I see no differences other then how the program operates in references to eicar.zip files. If I extract the file in question AMON does go off. But if I turn off AMON and extract the file then scan using the context menu it detects the virus. Then I click clean and then the other options I mentioned above are available delete and rename. I don't understand this behavior in the program.

I understand what everyone is saying or trying to say I think. But this doesn't match up with what is in the help file or manual. Or what some people said early on about changing certain options that would ungrey those options in the pop-up window. I have sent this information to eset by email and they can't explain the problem and would get back to me. That was last week sometime I would like an update as to what is going on but I know there are other problems they must deal with first. I was just wondering if you had any other ideas for dealing with this problem short of switching back to the antivirus I was using. Don't get me wrong I love NOD32 and all but If certain things aren't fixed quickly alot of problems could result.

If you mean the remarks by NewNod, I don't think he is correct (I may be wrong as I am a newcomer to NOD myself). My reading of the the Actions tab is that the right-side options are for when a Clean attempt is not possible and these options are relevant only if Clean is set on the left-side. If on the left-side you have notify/offer action selected, the right-side means nothing since you already have manual control of the entire process. If you did a clean attempt of the eicar.com with this setting it would fail to clean it and immediately prompt for some other action (even though the right side of the Action settings were greyed out).

Regarding the DOCs, I'm afraid I don't know what to tell you as I haven't messed with them, sorry.

{QUOTE-> quoting: radicalb21 link=board=39;threadid=10337;start=15#msg68071 date=1056008667]...I have sent this information to eset by email and they can't explain the problem and would get back to me. That was last week sometime I would like an update as to what is going on but I know there are other problems they must deal with first. <-QUOTE}

Less then a week isn't that long a period - especially in case of a newly developped version. This - and possible other - issues surely will be solved, but please give Eset time for duplicating and if needed solving issues reported ;)

{QUOTE-> I was just wondering if you had any other ideas for dealing with this problem short of switching back to the antivirus I was using. Don't get me wrong I love NOD32 and all but If certain things aren't fixed quickly alot of problems could result.
<-QUOTE}

I'll take it, "certain things" in fact is this particular issue in your case? Personally, I haven't encountered major/essential bugs in V2.

regards.

paul

Hi,

>But doesn't it matter to anybody (and if not, shouldn't it matter) that the program interface offers options on the Actions tab of the Setup screens that allow for cleaning, renaming, quarantining, and (auto) deleting archive viruses, yet we find out through our own testing that these options are useless?

We need to mention this in the documentation.

>Well then why in NOD32v2b5 have those options possible and not the final release of the product.

Sorry I don't think there was a possiblity in the beta to clean/delete/rename a virus in the zippped file. If you think yes - pls. recheck - if you still have the beta.

>If I extract the file in question AMON does go off.

Amon catches the eicar when trying to unzip eicar.

>But if I turn off AMON and extract the file then scan using the context menu it detects the virus. Then I click clean and then the other options I mentioned above are available delete and rename. I don't understand this behavior in the program.

When the file is already unzipped - there is no problem with renaming/deleting the eicar.

>But this doesn't match up with what is in the help file or manual.

Really the doc. doesn't mention ALL cases - it neeeds to be upgraded.

Thx.,

jan

Hey, Dan Perez:

When you said....
{QUOTE-> If you mean the remarks by NewNod, I don't think he is correct (I may be wrong as I am a newcomer to NOD myself). My reading of the the Actions tab is that the right-side options are for when a Clean attempt is not possible and these options are relevant only if Clean is set on the left-side. If on the left-side you have notify/offer action selected, the right-side means nothing since you already have manual control of the entire process. <-QUOTE}
....I have to say you were the one that is incorrect; you must have been thinking of someone else besides me. And it's not a matter of your being new, it's a matter of carefully reading the posts.

If you read the thread with even slight comprehension, you'd know that RadiCalb21 was not confused by my posts. I think Radicalb21 and I were pretty much on the same wavelength throughout. And based on what you said in your post, Dan, it seems that you and I are pretty much in agreement that few people here have grasped what "Notify/Offer Action" means or have grasped why those options on the right side of the Actions Setup Tab are grayed out unless you choose "Clean". And few have grasped that those issues, even if properly understood, are tangential to the problem Radicalb21 describes.

I'm pretty much giving up on trying to explain all the "elementary" side issues in order to help make the real point, which here was that the interface gives you six options (seemingly) to handle archives containing viruses, but when it comes down to it, you really have no alternatives from within the program other than to simply leave the file "as is" when a virus is detected; NOD32 detects the virus but pretty much hangs it up after that. How dangerous is that? Maybe not that dangerous from the standpoint of becoming infected (assuming AMON is on - what if it's not?); however, since the user, if he properly understands the Setup, would have expected something else and this becomes confusing and a concern develops that the software can't do its job. So, the danger is that it leaves the user feeling less than confident in NOD32; adding to this lack of confidence is an attitude, even from the moderators, that this is not that important. Lack of confidence in a piece of security software not important?! Wrong.

Eset can either match the options to the reality of the program's capabilities (not the best solution but it could at least instill confidence that the software functions as expected), or Eset can actually program the software to be able to manipulate archives (or more advantageously, just the infected objects within the archive), or they can do nothing. As far as being able to manipulate archives or the infected files within...what's so hard about deleting, renaming, or moving a file to another folder? This should be within the scope of the programmers capabilities. If the user can do it manually, it can be done programatically. In one scenario, NOD32 could even go so far as (offering) to unzip the contents of an infected archive to the quarantine folder and then manipulate the individually infected components from there. Any number of things are possible other than just "leaving" as is. (Cleaning is another issue because it depends on the virus, or the combination of the virus and the file it has infected, which makes it much more difficult / impossible to program a solution in all cases. That's the reason for the now infamous "right-side-grayed-out-options" only available if (auto) "Clean" is selected and fails; failure of "Clean" is likely in many instances, so correctly, alternative options were provided. The problem is that the alternatives "fail" also).
_________
By the way, Radicalb21, can you confirm whether the beta actually was able to manipulate archives, as Jan asked? That would be interesting. Also, even though we agreed on just about everything else, you said that NOD32 gave you the option to select "quarantine" with the EICAR zips. The only options I was able to select were the buttons "Leave" and "Details"; the "quarantine" check box was grayed out like "delete" and "rename" on mine. Doesn't really matter at this point, just curious. Thanks and good luck.

Hi NewNOD,

...er, well I DID say I might be wrong :-[ and I was ;)

Thanks for clearing the matter up. I'll leave it to the Eset folks to follow up.

Regards,

Dan

Another thing is that some people out there might not know how to find the file to manually delete it..

Here are jpeg files of what the NOD32v2b5 can do.

NOD32v2b5

NOD32v2b5

NOD32v2b5

NOD32v2b5 in action

NOD32v2b5 in action

NOD32v2b5 in action

I have posted all these jpeg files to show and hopefully make people understand what the problem is in the final version of the product and how it differed from the Beta 5. Also to the ESET moderators take a look at this thread and see what you can do to fix the problem. I have talked with numerous techs via email and on the forum and they said and I quote "In the beta version NOD32 you only could delete the whole archive, not just a particular file.
In the near future we plan to incorporate support for performing actions on files within
archive so it will be possible to replace an infected file with its clean copy."

Thank you, Radicalb21. You have provided quite a lot of help towards getting this straightened out I hope. Everyone seemed to think it was inevitable that zips could not be handled other than to "leave" them as is. I didn't believe that was true, in general ...to quote myself:
{QUOTE-> Eset can either match the options to the reality of the program's capabilities (not the best solution but it could at least instill confidence that the software functions as expected), or Eset can actually program the software to be able to manipulate archives (or more advantageously, just the infected objects within the archive), or they can do nothing. As far as being able to manipulate archives or the infected files within...what's so hard about deleting, renaming, or moving a file to another folder? This should be within the scope of the programmers capabilities. If the user can do it manually, it can be done programmatically. In one scenario, NOD32 could even go so far as (offering) to unzip the contents of an infected archive to the quarantine folder and then manipulate the individually infected components from there. Any number of things are possible other than just "leaving" as is. <-QUOTE}
It looks like Eset programmers are capable of handling the situation, because they have already done it in the beta you tested. A couple of things could have happened here to cause the current situation:

1. They provided the options with the intention of programming to match the options and something is just disconnected or maybe some code was inadvertently left out;

2. Or, they found some problems with that functionality in the beta that you/we aren't aware of, and couldn't get it fixed before the final release date. Problem here is that they left the ability to select the options; if the functionality was deliberately left out, the option settings related to that should have have been left out also.

By the way, did you have a chance to take a look at my other question from my last post:
{QUOTE-> Also, even though we agreed on just about everything else, you said that NOD32 gave you the option to select "quarantine" with the EICAR zips. The only options I was able to select were the buttons "Leave" and "Details"; the "quarantine" check box was grayed out like "delete" and "rename" on mine. Doesn't really matter at this point, just curious. <-QUOTE}
Were you able to actually select "quarantine" in Nod32 v2?

Thanks for your efforts.

To answer your question YES you can select Quarantine from the virus found box. Any questions contact me via email or IM.

Hi,

>I have talked with numerous techs via email and on the forum and they said and I quote "In the beta version NOD32 you only could delete the whole archive, not just a particular file.
In the near future we plan to incorporate support for performing actions on files within
archive so it will be possible to replace an infected file with its clean copy."

Actually, this is true - so I think it explains many things here.

Thanks,

jan

I have done a side by side comparsion of the files in NOD32v2b5 and NOD32v2 and have found no differences in these sets of files except the byte size of some files is larger then the others and the version number of some .dll files is higher. So there for I have no other reason then to conclude that the differences of the programs exists solely in the registry. Any and all help would be appreciated. I would like some input from an eset moderator on this issue but be sure to read the whole post to understand what I'm talking about. Thanks again.

When this issue is fixed with scanning from the context menu could someone from ESET place a thread on the forum saying it has been fixed and what steps we as users need to take to fix are systems.

Hi radical,

sorry if I didn't answer your questions completely, we are pretty overloaded with the posts and e-mails here in this v1 -> v2 transition period.

Did I understand correctly that you were surprised that NOD v2 is not renaming and deleting a virus in archive and NOD Beta 5 is?

Does this answer your question?:
----
"In the beta version NOD32 you only could delete the whole archive, not just a particular file.
In the near future we plan to incorporate support for performing actions on files within
archive so it will be possible to replace an infected file with its clean copy."
-----

If I didn't cover the questions you have. pls. describe closer what do you need.

Thanks for the understanding and patience.

All the best, :)

jan

" In the near future we plan to incorporate support for performing actions on files within archive so it will be possible to replace an infected file with its clean copy." What I was saying was when this change is incorporated if one of the ESET Moderators could post a thread in this forum about this hot topic. I understand you are very busy with bugs dealing with the transtion from v1 to v2. Thaks for your assisstance.

Has anyone heard anything about when this feature will be available? It's been a couple of weeks. I have noticed some engine updates but this hasn't resolved the issue. Thanks again.

Hi radical,

sorry for the delay. More info here. (http://www.wilderssecurity.com/showthread.php?t=11588)

>Has anyone heard anything about when this feature will be available? It's been a couple of weeks. I have noticed some engine updates but this hasn't resolved the issue. Thanks again.

We try to implement it asap - anyway - we have some more important fixes to implement now.

Thanks, :)

jan

Ok. thanks for the update Jan. I appreciate your help.

I fail to see what the hullaballo is all about here. Why would you expect NOD to give you options such as rename, etc. when this is a zipped file? It is harmless as such. Plus, who would save it zipped like that? You would unzip and when you did then AMON would catch it and give you all the options. I wouldn't scan it zipped in the first place as it doesn't matter if it is infected or not when it is zipped.

I think this is a big uproar over nothing. NOD acts correctly in this instance IMO. No option other than leaving (and quarantining) should be available for a zipped file. Most of us would want to just leave it anyhow. Of course quarantining isn't really quarantining.

What is important and needs fixing is the fact that quarantine doesn't work like it does in other av and there is nothing in the help file to explain this. In all other av I have used, quarantine means MOVE the file not COPY the file as NOD does. Now this is important because most will be confused because it isn't moved. How anyone could be confused by the lack of actions available for a zipped file which is harmless until unzipped when Amon will stop it, makes no sense to me.

Any idea when this feature will be added to a program update or incorporated into the program? Also is it possible to have AMON scan within compressed file formats such as .zip, .rar, .ace just to name a few. I would appreciate any and help that could be given by both moderators, members, or administrators. Thanks again.

Hey radical,

> was wondering when the feature would be added for dealing with eicar from a .zip, .rar, .ace form of compression.

Well, to write the truth:

there is a plan to implement it. Now there are more people that need help with more important things - e.g. some software conflicts, etc. When we'll fix these things, the compression issue follows.

>Also would it be capable for Amon to scan inside of compressed files rather then extract the file for Amon to detect it.

Explanation:

The reason for AMON not detecting the archives is that we don't see any real important reason for that. We want to offer the default settings as an effective coincidence between detection, performance of the system and the scanners and other factors. The new packed malware is detected (as I wrote above). if anybody wants to scan archives - it can be done with the on-demand scanner.

Thanks,

jan

Are there any updates on when this feature will be added to deal with either deleteing or replacing the file with a clean version of that file when dealing with .zip, .rar, .ace, or .arj . It has been a couple of months now. I would appreciate a response from an ESET Moderator.

Hi radical,

sorry - there are still more important things to do - being pretty busy.

Thanks for the understanding.

jan

I agree with you. This MiMail.C is spreading across networks in a .zip file format. I got one today in a .rar file format. I've been asking for this feature ever since NOD32V2 was released. The feature was available in NOD32V2B5 where in the beta version NOD32 you only could delete the whole archive, not just a particular file. In the near future we plan
to incorporate support for performing actions on files within archive so
it will be possible to replace an infected file with its clean copy. I have been told the following by ESET Moderators:

"We try to implement it asap - anyway - we have some more important fixes to implement now." This posted on August 8, 2003.

"Well, to write the truth:

there is a plan to implement it. Now there are more people that need help with more important things - e.g. some software conflicts, etc. When we'll fix these things, the compression issue follows." This was written on August 28, 2003.

"Sorry - there are still more important things to do - being pretty busy."
This was on October 23, 2003.


I started this thread back on June 15, 2003 and it is now November 3, 2003. This issue has yet to be resolved and it is almost been six months now. I would hope after this latest threat it would move this feature to the foreground of things to be implemented asap. Iwould appreciate a response from an ESET Moderator. Thanks again for the help again in advance.

Thanks for everyones support about this issue. I would appreciate a response from any of the ESET Moderators in this forum as well as any other forum moderator or administrator. I believe this feature is now needed to be added asap. This is in response to the recent threat from MiMail.C being compressed in a .zip file format and going accross networks. Thanks again in advance.

Hi,

as you probably know, NOD32 scans inside zips, it just doesn't clean/delete malware inside them - that is detected by AMON upon extraction of the compressed file. We want to add this feature for your convenience, but there are really bigger priorities now. It can take a bit longer time.

NOD32 detects and deletes various versions of Mimail.

Thanks for your understanding and patience :)

jan

As I said earlier, I don't see, even after reading all these posts since my earlier one, what all the hullaballo is about. The worm is harmless until extracted whereupon Amon will kill it. I think there are a lot more pressing matters for Eset to deal with than this. I personally don't care if what you are asking for is ever provided.

I, for instance, would far rather see Eset provide a simple way to get NO32 to scan weekly from the Windows scheduler and place a report on my desktop for perusal the next morning. I can't get this to work and I don't think I'll use NOD32 on my new XP Pro box because of this problem. Or I would also far prefer that Eset make it simple for us to make Rescue disks instead of the convoluted method that we now have. I need those disks for my W98SE box. There are all sorts of things that need attention more than a harmless zipped file with a worm in it. I have a several of those on my box and I sure don't get bent out of shape over something so minor.

{QUOTE-> quoting: Mele20 link=board=39;threadid=10337;start=60#msg99724 date=1068288116]
I, for instance, would far rather see Eset provide a simple way to get NO32 to scan weekly from the Windows scheduler and place a report on my desktop for perusal the next morning... <-QUOTE}

I second this, great suggestion ;D

Cheers ;D

Yet another month goes by and this problem still hasn't been fixed. I tired of different people from ESET saying there are more important things they need to take care of at the moment. Aren't I as a customer important as I have bought their product. The people at ESET keep saying to me in emails and forum posts that the changes to correct this problem are coming and to be patient. Once or twice saying this is ok but this has gone on now for more then six months and they keep saying the same things just using different words so it doesn't look like your sample form reply. I was told when working in retail that the customer is always right.

Radicalb21,
Let me start this reply by saying I'm no expert on NOD. Though I sympathize with you and it would be a nice feature, I can see why it is delayed.
I use the following work around until the feature can be implemented. Run the full active scan with heuristics, deep, and all types of packages set to be scanned. Run the scan. When the malware is found, double click on the entry in the NOD scanned files box. It will tell you exactly which malware is in the email and which email message it is in. Simply delete the particular email and you're done. Calling up the email doesn't increase your risk because Amon will stop it from activating.
Hope this helps.

Radicalb21 wrote:
{QUOTE-> I tired of different people from ESET saying there are more important things they need to take care of at the moment. Aren't I as a customer important as I have bought their product. The people at ESET keep saying to me in emails and forum posts that the changes to correct this problem are coming and to be patient. Once or twice saying this is ok but this has gone on now for more then six months and they keep saying the same things just using different words <-QUOTE}

I'm with you all the way. If things actually got fixed or customer recommendations were acted upon, I could understand the call by many to be patient and allow ESET to "prioritize". However, when nothing changes over so long a period, the "priority" argument becomes just another excuse. I won't go into detail here, as it's all been said before, but plenty of things (even minor things that could be fixed with a snap) go undone. What did we actually get from the latest update (those that were able to download it / install it) that represents anything that has been reqested or pointed out by people on this forum? Most software companies that charge $40 US for software and then additional fees for updates do whole version revamps in the time it takes ESET to fix a short list of items. I have to say that the Kernel32 errors went away for me, but based on the list of the "official" update changes, I would say that that fix was a side effect of something else that was done to the IMON module (and even if it was deliberately in response to our requests for a fix, it still took 6 months...unacceptable either way). If ESET normally responded with speed and effectiveness, I could not bring myself to say that; however, experience shows that they have there own unidentified agenda completely separate and exclusive of the comments made here. (Expect usual flames from the usual folks).

I'm beginning to believe that ESET is snipped - offending is not allowed

Mele20 wrote:
{QUOTE-> As I said earlier, I don't see, even after reading all these posts since my earlier one, what all the hullaballo is about. The worm is harmless until extracted whereupon Amon will kill it. I think there are a lot more pressing matters for Eset to deal with than this. I personally don't care if what you are asking for is ever provided.

I, for instance, would far rather see Eset provide a simple way to get NO32 to scan weekly from the Windows scheduler and place a report on my desktop for perusal the next morning. I can't get this to work and I don't think I'll use NOD32 on my new XP Pro box because of this problem. Or I would also far prefer that Eset make it simple for us to make Rescue disks instead of the convoluted method that we now have. I need those disks for my W98SE box. There are all sorts of things that need attention more than a harmless zipped file with a worm in it. I have a several of those on my box and I sure don't get bent out of shape over something so minor. <-QUOTE}

While I totally disagree that you are better able to identify what's important than is Radicalb21, I have the same displeasure as you regarding the issue of placing a scan report on your desktop after scheduled scans. I wrote a VBScript that does that very thing (partial description block follows)...

' NOD32 Script NewNOD 16Dec03
'
' -------------- Description Block -------------------------------------
'
' Title: NOD32 Scheduled Scan Notification / Summary Script...
'
' Description: The script runs in the background during NOD32
' scheduled scans and:
' 1. Tests for changes in NOD32 text LOG files
' by examining the Last Modified date of file
' 2. Tests for scan duration by comparing scan
' duration reported in NOD text LOG with a user
' specified duration
' 3. If both tests are "True", the script:
' - Scans and retrieves summary info from text LOG
' - Reports summary info obtained from text LOG
' - Prompts for saving summary text to user-specified
' file
' - Prompts to view complete NOD32 text LOG from
' which summary data is obtained
' Features: The script has the following functionality:
' 1. User-defined constants (see below)
' 2. Text LOG scan works with NOD32 set-ups using either
' "Append" or "Overwrite" set in NOD32 scan Profiles
' (not tested with Word-Wrap, but it should work as the
' strings being "copied" from the original NOD32 text
' LOG file are not long enough to be wrapped).
' 3. Scan works even if you use only one NOD32 LOG file for
' all of your NOD32 Profiles. However, if you were to launch
' more than one scheduled scan, and both scans would meet
' the script's test criteria for reporting, only the first
' completed scan would get reported; the script would then
' terminate itself, leaving the second scan to finish up
' without being reported
' 4. The script does not alter in any way normal functioning
' of NOD32. It simply reads text LOG files created by NOD32
' to get it's information.
' 5. (Optional) Icon displayed in tray using the an external *.ocx
'
'Usage: Schedule the script to be launched with each scheduled NOD32
' scan. The script will run until:
' - LOG file changes AND scan duration criteria are met OR
' - Until TimeOut specified by user
' - (Optional) OR until terminated via right-click 'Close'
' Menu Item in Tray Icon

....More description snipped

{QUOTE-> quoting: radicalb21 link=board=39;threadid=10337;start=60#msg111152 date=1071659421]
Yet another month goes by and this problem still hasn't been fixed. I tired of different people from ESET saying there are more important things they need to take care of at the moment. Aren't I as a customer important as I have bought their product. The people at ESET keep saying to me in emails and forum posts that the changes to correct this problem are coming and to be patient. Once or twice saying this is ok but this has gone on now for more then six months and they keep saying the same things just using different words so it doesn't look like your sample form reply. I was told when working in retail that the customer is always right.
<-QUOTE}

radicalb21, I agree with each and every word you say. I'm also tired of being told to be patient. Eset's customers may be patient for some time, but they won't be patient for ever. Let's hope things will soon change for the better.

I wrote (but got snipped by a moderator:
{QUOTE-> I'm beginning to believe that ESET is snipped - offending is not allowed <-QUOTE}

I don't really see how what was snipped is any more or less offensive than anything else I wrote (or than Radicalb21 wrote or Buddel wrote or...).

For those who did not see the original post before it was edited, no foul language was used. I simply stated my view of ESET's organization via comparison to a recently released, critically acclaimed movie.

NewNod,

{QUOTE-> I don't really see how what was snipped is any more or less offensive than anything else I wrote (or than Radicalb21 wrote or Buddel wrote or...). <-QUOTE}

Well, I did.

{QUOTE-> For those who did not see the original post before it was edited, no foul language was used. I simply stated my view of ESET's organization via comparison to a recently released, critically acclaimed movie. <-QUOTE}

Indeed no foul language was used. The wording from your comparison nevertheless rather offensive and denigrating. No need for that over on this board.

regards.

paul

Radical,

>Yet another month goes by and this problem still hasn't been fixed.

Amon cathes the infection upon extraction - so I wouldn't call this a problem - I would call it feature. We need to solve problems first, then the features.

Thks.,

jan

To the Eset folks,
I'm still rather new at NOD but I have a couple of suggestions that could be implemented rather easily that I believe will reduce some of the comments made here.
Part of the problem appears to be that information is not getting to the right folks at the right time. I have the following suggestions:

1. Add a page to the main web site for problems that Eset/clients have encountered and Eset's fix or the current status of the problem/estimated repair date. The forum is helpful (Thanks to all ;D) but it's too hard to find out what is really going on with many issues, especially if the user is new. In addition, we have no idea if Eset is aware of the problem in the first place because there is no sense of feedback from Eset unless it is an issue the individual with the problem submitted.

2. Add a wish list page to the main site of submitted ideas/feature additions/changes. This is also done on the forum but is scattered under multiple topics and tends to be submitted multiple times.

As to time requirements for item 1, the page would require about 1 hr to put together and debug. Entries could be added quickly by the tech's themselves, (a single line describing the issue would suffice), then a daily review of the outstanding issues. Updates could be added at that time. Using the forum as a guide, there are only about a dozen hot topics on any given day.

I'm long winded and I apologize, I'm simply putting in my two cents to try and streamline the process a bit.

Thanks for your time.

Kevin

- General Comment -


Just posting an opinion... no agenda. Have done quite a bit of reading on the forum, first time post. Do contract sys admin in my area, long time Norton user, now using Nod32.

Every software program has a certain underlying philosophy, along with some bugs and glitches that usually accompany the current implementation of that particular philosophy... hopefully in a positive stage of evolution. It would seem to be a desirable situation that users of that particular program could have a specific effect on the program with various feature recommendations, additions, changes, fixes, etc... and to an extent that is a desirable situation. Unfortunately, although most of us feel our particular recommendations and complaints make obvious sense, a list of such things from the user direction can become a formidable list for program devolopers to deal with... and some of the things on that list will conflict with the program philosophy, as determined by the developers.

I get the impression a large part of the Nod32 philosophy is lean, quick, effective, and operate from a small footprint. This is a definite part of the reason for my choice of Nod32 rather than Norton recently. My particular preference at this time would be a focus by the developers on obvious bugs and glitches of their fairly recent new version, which I happen to like, and then work on any features and improvements they believe will blend into their program philosophy... someone else may of course have different preferences.

The Eset folks seem to be more responsive to some of these forum posts than most, good luck with Norton or McAfee, but everything winds up being an issue of time... which is money. Eset has to decide how much time and money they can invest into each area... dealing with the forum, customer responses, program fixes, new program features, more employees, etc. and still accomplish their program goals. They even get to determine the timeline for these various activities.

Ultimately, the market place decides how succesfully any product philosophy and implementation meets enough user desires to survive and prosper. I can well agree with many of the posts I have read, but I would hate to see the price increase for Nod32... and I would hate to see it attempt to become 'something for everyone', along with the necessary 'bloat' that would accompany that direction. As to suggestions for improvements and features, there's actually no end to that.

The really wonderful thing about it is... the customer gets to make the choice. If a program doesn't meet your expectations acceptably, the developers won't add the features you want, you don't agree with the philosophy the developers seem to be working with, or ?.... you can simply purchase another product, or perhaps write your own for a custom fit. How users make those choices will ultimately determine the success or failure of that particular program. At this particular time, my realization that I do have that choice led me to choose Nod32 over Norton, after a number of years.

Your preferences and mileage may of course vary... Randell

Well here I go again and yet another month has passed and this issue still goes unresolved. I know the ESET Moderators have said this is not a problem and is an additional feature. But come on I have been talking about this since June of '03. I know there have been recent issues with NOD32v2 2.000.8 . I believe most of those problems have been fixed or resolved. I have seen in recent months five or six files in a compressed format i.e. .zip, .rar, .arj, and .ace to name a few that hade viruses in them. If this is the way virus writers are going to keep sending some of those files I believe this feature needs to be added and soon before it is to late. I would appreciate an update on this situation from an ESET Moderator. Any and all help would be appreciated. Thanks again in advance radicalb21.

>:( It's March of 04' and still this problem persists with the product. In recent weeks and months I have seen other forum members change their opinions about this issue. They now believe as I do that this needs to be implemented as alot more viruses are coming inside of compressed files. I know the moderators from ESET have said this isn't a problem but an additional feature. If it is an additional feature why has it not been implemented yet when numerous people have requested it. This has been an ongoing issue since JUNE 03'. The moderators from ESET have said that once the problems with software conflicts have been resolved they will work on additional features. All kinds of software conflicts will continue to happen there by constantly delaying the implementation of new features. I would appreciate a response from ESET MODERATOR as soon as possible as the last time I posted and was ignored.

Hi radical,

sorry for the delays - really busy here. The other AVs, e.g. KAV also doesn't clean a virus inside a compressed file. If a worm would be cleaned in a compressed file - usually just the header remains.

Thanks for your understanding.

jan

{QUOTE-> KAV also doesn't clean a virus inside a compressed file <-QUOTE}
This is not true. Kaspersky Monitor can disinfects ZIP archives!!! This is new features of version 4.5.

Izi

Kav 4.5 doesn't clean INSIDE zip files but can be set to auto delete infected archives
Kav 5 beta does clean inside archives,but at the moment current beta is too problamatic in other ways to use just for this feature

Hi!
This is not KAV forum, but I must replay on this post:

{QUOTE-> Kav 4.5 doesn't clean INSIDE zip files but can be set to auto delete infected archives <-QUOTE}

Look: http://www.kaspersky.com/buyonline.html?chapter=610611. Under NEW FEATURES!
Removes viruses from ZIP archives - this is only in KAV Monitor

This is true and last post on this topic!!!

Izi

Just an FYI!!!!
There are other antivirus software products out there that deal with compressed files such as .zip, .rar, .ace, .arj, and so on. That product is AVAST 4.1 HOME & PRO from ALWIL SOFTWARE. Here is a link to the comparsions between the HOME and PRO versions of AVAST 4.1 :

http://www.avast.com/i_idt_1018.html

This product has lots of great features. If you have any questions please feel free to ask them on the AVAST forum. Here is a link to that forum:

http://forum.avast.com/?lang=ENG

When you right click a compressed file and scan it AVAST will give you both a verbal and visual warning if it is a virus or suspicious file. Then it will give you options to move/renmae, delete, repair, move to chest(quarantine), continue, and stop. NOD32v2 will only give you a visual warning and when you click clean button it can't clean the file. The only buttons that are available in NOD32v2 are leave, quit scanning, and details, and a checkmark box for quarantine. All the other options are greyed out and they are clean, rename, delete, and replace. So until NOD32v2 starts to fix or correct this problem I will no longer use there product. I hope they correct this soon but I doubt it as I have been reporting this since JUNE 03'. I can't use this product as it doesn't meet my needs or take care of my problems. I get alot of email everyday and some of that email has attachments that are in compressed file format. I feel more at ease to right click that file and scan it and see if a virus is there and if so deal with it then rather then extract it and HOPE AMON catches it. The message I keep getting from the ESET moderators is were very busy. They also say this isn't a problem but an additional feature. Additional feature will be added after software conflicts have been fixed. It seems they keep put me off hoping I will give up and let the topic die but that will never happen.

I would appreciate an ESET MODERATOR response to Izi and Radicalb21 posts reference to Re:Problems w/ scanning from context menu?? They say no other antivirus can deal with viruses from within a compressed file format i.e. .zip, .rar, .ace, .arj just to name a few. I would like an idea of a time line on when this feature might be available in the product. I believe this is a resaonable request especially since I have been requesting it since JUNE 03'. It was a feature included in the beta version of the product. I have heard numerous replies from ESET MODERATORS that include we are very busy, it will be added shortly, it is not a problem but an additional feature, virus outbreaks, and program compatibility & software problems. Any and all help would be appreciated. I would really appreciate a response from an ESET MODERATOR or other forum moderator or administrator.

For radicalb21:

Look this post: http://www.wilderssecurity.com/showthread.php?t=23602

Hi radical,

we are doing some tests and we try to reply tomorrrow.

Rgds.,

jan

Thanks JAN. Looking forward to your reply tomorrow.

Hey radical,

the tests are taking longer as we thought, but I'll keep you posted.

Regards,

jan

Ok JAN. Thanks for the update. Looking forward to these results.

Any results you care to share as of yet or a time line on when this might be included in the product???

The results are incomplete yet - we will post it when complete - they will be ready within a few days.

jan

Thanks for the update JAN. I can't wait to hear the results. Like I said thanks for your help in bringing this issue to a close.

Any new news or updates you can provide would be appreciated?

Sorry - no time to complete the tests now - much more important things to do now - having it in the queue - we will reply.

Maybe you should hire a few more employees? This has gotten ridiculous. I am one of the users who has changed his/her mind on this issue and I am very disappointed. It is obvious from some other current threads that Eset doesn't have enough employees. You don't respond to tech support emails ....after all this time. From what I read here, tech support is no better than it was when I first got NOD32 and no one at Eset responded to me when I submitted samples. That is partially the reason this board came to exist at the time it did and this board is good, but Eset itself appears to still not answer email promptly and now this. It seems obvious that you are short on personnel. >:(

Hi Mele,

>Maybe you should hire a few more employees?

You are right, we will push on that!

Rgds.,

jan

Jan wrote:
"Sorry - no time to complete the tests now - much more important things to do now - having it in the queue - we will reply. "

What's more important now? It's always something causing a delay that they can't add this feature such as software conflicts, virus outbreaks, security conferences, and not enough people working to fix the problem. Enough is a enough quit using delaying tactics I have been reporting this since June of 2003. It has been over ten months now and believe I have been very patient in waiting this long.

Jan wrote:
"no time to complete the tests now - much more important things to do now - having it in the queue"

What does having in the queue mean? Why can't the test be completed now? I believe these questions to be legimate.

Ladies and gents,

The support issue has been noticed by Eset - Jan addressed this one as well.

In this context Eset is anticipating: several new employees have been hired recently in both US and Europe.

In this context, bear in mind some stats:

updates:

- 2002: 200 updates
- 2003: 249 updates
- 2004: 90 updates in the first 78 days, leading to a total of 422 updates in total for 2004.

Of course, this increase has an impact on support.
Not only is the number of clients growing, but given the constant number of clients the number of support requests would go up.

Eset will continue improving the quality and timeliness of our support response time.

I for one do know the above mentioned will not solve your issues within a day. The overall picture though is plain and simple: Eset is a very fast growing company - and for good reasons (explosive growing only happens in case the software is recognized as top of the bill). All companies experiencing such an explosive growth have to cope with consequences - and support is one of them.

Eset is doing so - and the result will show.

In the meanwhile: NOD32 users should be comforted knowing they do use an Antivirus a) doing the job b) using an Antivirus that's doing that well overall worldwide. For sure this mere fact is a statement in its own.

regards.

paul

This for JAN & MARCOS:
I know you say this isn't a problem and it is an additional feature and it will be added when software conflicts & problems are fixed but that will never be because nobody uses the same software or same computer everyone is different. Other reasons for this not being taken care of are virus outbreaks, security conferences, and not enough people working to fix the problem. I believe I have been very patient in waiting as long as I have considering I posted this thread back in June 03' . A few members of this board have changed their view point in the last few months. They now believe as I have believed all along that this feature needs to be added. Mele20 wrote the following:

" I am one of the users who has changed his/her mind on this issue and I am very disappointed. "

Jan wrote:
"no time to complete the tests now - much more important things to do now - having it in the queue"

I know there have been alot of updates recently and your client base is continuing to grow but that still isn't an excuse for letting this issue continue as long as it has. Why is it just now being put in the queue? This really goes to show how poor there quality assurance is in letting an issue continue this long. I would really appreciate a reply from an ESET Moderator. Thanks again for your assistance.

Radical,

there is no big chance the cleaning in the zips feature will be implemented in the near future due to the reasons I mentioned in the earlier posts. This is the reality.

Thanks for your understanding.

Rgds.,

jan

My Dears,

I am not programmer but ardent user of good quality software, no matter who's the manufacturer.
Always I did many tests as possible, even I've to re-install my OS (98, XP, RHL).
Regarding the AV software, my first "love" was NAV. Two years ago I have used. Until a Redlof infect the station. A friend told me about F-secure. In that moment, after 10 minutes from spreading in the station, Redlof had closed NAV. In this very "busy" environment, I succesful installed the F-secure. After first minute, it disappear, and after another 15 sec appears again and I could be able to fight.
Now, after 2 years without surprises, I've decide to change AV because it is a real load for my 128 MB memory.
I saw that NOD is very light for memory.
I saw also a wonderful interface, comparing with fsav 5.4. Until some days ago, when a XP warning
me about a virus, TrojanDownloader.Win32.Small.aa. I saw where is it (an exe file). For my curiosity I've install NOD trial for XP. In both cases,
accessing properties of file and on-demand scanning, NOD doesn't warning me. Of course that I had
activated the deep heuristic and warning window.
I have beginning to search everything about NOD, more than I did for any other AV ever!
Because I like it, but I'm not trust it yet. The test results are contradictory, the forum members are
little bit confused. So let me know what could stop me to spend money for fsav (3X expensive), ~4X slowly,
but more safety (at this first incident). Plus, fsav have scan archive option in real time...

Thanks a lot

{QUOTE-> quoting: Emil link=board=39;threadid=10337;start=90#msg151687 date=1080579682]
I have beginning to search everything about NOD, more than I did for any other AV ever!
Because I like it, but I'm not trust it yet. The test results are contradictory, the forum members are
little bit confused. So let me know what could stop me to spend money for fsav (3X expensive), ~4X slowly,
but more safety (at this first incident). Plus, fsav have scan archive option in real time...

Thanks a lot

<-QUOTE}

From just my personal experience, all I can say is that I have been using NOD for over two years, started Aug. 2001, and it has provided excellent protection.

I am fairly active on the internet with my actual e-mail address on several web sites and some of my e-mail addresses date back to 1996. Due to that I get a fare amount of stuff send my way.

I am a retired CPA but still work out of my home, part time, on the Internet providing contracted support for ATT in the past and now Charter Pipeline because I enjoy doing that.

Over the past two and a half year period using NOD I have never lost data or been infected with a virus.

In addition I run some of the Online scanners from time to time just to double check. They have never picked up on anything that NOD missed.

So for me NOD has been an excellent choice and has provided excellent protection.

A sample of my log of infections sent my way over the last few days.

Time Module Object Name Virus Action User Info
3/29/2004 8:35:01 AM IMON email message from: shsanborn@sad6.k12.me.us to: gunn1@charter.net with subject Re: Details dated Mon, 29 Mar 2004 09:30:03 -0500 Win32/Netsky.D worm contained infected files STAN\Administrator
3/29/2004 7:19:25 AM IMON email message from: mstan83@aol.com to: gunn1@charter.net with subject Re: Re: Message dated Mon, 29 Mar 2004 08:17:49 -0500 Win32/Netsky.J worm contained infected files STAN\Administrator
3/28/2004 22:06:09 PM IMON email message from: administration@charter.net to: gunn1@charter.net with subject E-mail technical support warning. dated Sun, 28 Mar 2004 20:39:33 -0600 Win32/Bagle.gen.zip worm contained infected files STAN\Administrator

(Note: This one was a password protected zip.)


3/28/2004 17:21:29 PM IMON email message from: thegreatjoy2002@yahoo.com to: gunn1@charter.net with subject Re: Re: Message dated Sun, 28 Mar 2004 18:07:06 -0500 Win32/Netsky.J worm contained infected files STAN\Administrator
3/28/2004 17:21:13 PM IMON email message from: thegreatjoy2002@yahoo.com to: gunn1@charter.net with subject Re: Re: Message dated Sun, 28 Mar 2004 18:07:06 -0500 Win32/Netsky.J worm contained infected files STAN\Administrator
3/28/2004 16:16:41 PM IMON email message from: missdaisy@tje1.com to: gunn1@charter.net with subject Re: Your text dated Sun, 28 Mar 2004 16:16:14 -0600 Win32/Netsky.J worm contained infected files STAN\Administrator
3/28/2004 14:05:04 PM IMON email message from: teenairwin@elsie.com to: gunn1@charter.net with subject Re: Re: Message dated Sun, 28 Mar 2004 14:37:13 -0500 Win32/Netsky.J worm contained infected files STAN\Administrator
3/28/2004 14:04:53 PM IMON email message from: teenairwin@elsie.com to: gunn1@charter.net with subject Re: Re: Message dated Sun, 28 Mar 2004 14:37:13 -0500 Win32/Netsky.J worm contained infected files STAN\Administrator
3/28/2004 11:31:48 AM IMON email message from: anyta102@hotmail.com to: gunn1@charter.net with subject information dated Sun, 29 Feb 2004 18:28:10 -0800 Win32/Netsky.B worm contained infected files STAN\Administrator
3/28/2004 11:03:40 AM IMON email message from: ronin1829@yahoo.com to: gunn1@charter.net with subject a crazy doc about you dated Sun, 28 Mar 2004 11:10:03 -0500 Win32/Netsky.C worm contained infected files STAN\Administrator
3/28/2004 9:52:26 AM IMON email message from: hrrsrut@msn.com to: gunn1@charter.net with subject important dated Sun, 28 Mar 2004 07:32:03 -0500 Win32/Netsky.C worm contained infected files STAN\Administrator
3/28/2004 9:52:22 AM IMON email message from: umut.guner@magiclife.com to: gunn1@charter.net with subject warning dated Sun, 29 Feb 2004 08:08:28 -0800 Win32/Netsky.B worm contained infected files STAN\Administrator
3/28/2004 9:52:17 AM IMON email message from: enoma@aol.com to: gunn1@charter.net with subject Re: Here is the document dated Sat, 27 Mar 2004 23:46:06 -0500 Win32/Netsky.J worm contained infected files STAN\Administrator
3/27/2004 21:48:18 PM IMON email message from: eagletx@ev1.net to: gunn1@charter.net with subject Re: Hello dated Sat, 27 Mar 2004 21:41:25 -0600 Win32/Netsky.J worm contained infected files STAN\Administrator
3/27/2004 21:48:04 PM IMON email message from: eagletx@ev1.net to: gunn1@charter.net with subject Re: Hello dated Sat, 27 Mar 2004 21:41:25 -0600 Win32/Netsky.J worm contained infected files STAN\Administrator
3/27/2004 13:11:02 PM IMON email message from: kathiegirl@aol.com to: gunn1@charter.net with subject Re: Your letter dated Sat, 27 Mar 2004 12:54:13 -0600 Win32/Netsky.J worm contained infected files STAN\Administrator
3/27/2004 13:03:33 PM IMON email message from: kathiegirl@aol.com to: gunn1@charter.net with subject Re: Your letter dated Sat, 27 Mar 2004 12:54:13 -0600 Win32/Netsky.J worm contained infected files STAN\Administrator
3/27/2004 12:27:00 PM IMON email message from: irishka007@hotmail.com to: gunn1@charter.net with subject information dated Sat, 28 Feb 2004 19:13:27 -0800 Win32/Netsky.B worm contained infected files STAN\Administrator
3/27/2004 12:26:51 PM IMON email message from: irishka007@hotmail.com to: gunn1@charter.net with subject information dated Sat, 28 Feb 2004 19:13:27 -0800 Win32/Netsky.B worm contained infected files STAN\Administrator
3/27/2004 11:37:51 AM IMON email message from: paula1@cox.net to: gunn1@charter.net with subject Re: Your software dated Sat, 27 Mar 2004 11:31:54 -0600 Win32/Netsky.J worm contained infected files STAN\Administrator
3/27/2004 11:37:40 AM IMON email message from: paula1@cox.net to: gunn1@charter.net with subject Re: Your software dated Sat, 27 Mar 2004 11:31:54 -0600 Win32/Netsky.J worm contained infected files STAN\Administrator
3/27/2004 10:35:38 AM IMON email message from: 3dmpicus@aol.com to: gunn1@charter.net with subject Re: My details dated Sat, 27 Mar 2004 11:31:04 -0500 Win32/Netsky.J worm contained infected files STAN\Administrator
3/26/2004 20:16:12 PM IMON email message from: midgehayes@aol.com to: gunn1@charter.net with subject Re: Thanks! dated Fri, 26 Mar 2004 21:06:34 -0500 Win32/Netsky.J worm contained infected files STAN\Administrator
3/26/2004 20:14:37 PM IMON email message from: midgehayes@aol.com to: gunn1@charter.net with subject Re: Thanks! dated Fri, 26 Mar 2004 21:06:34 -0500 Win32/Netsky.J worm contained infected files STAN\Administrator
3/26/2004 18:48:51 PM IMON email message from: jhudman@western-foods.com to: gunn1@charter.net with subject Re: Re: Re: Your document dated Fri, 26 Mar 2004 17:35:56 -0600 Win32/Netsky.J worm contained infected files STAN\Administrator
3/26/2004 18:48:24 PM IMON email message from: jhudman@western-foods.com to: gunn1@charter.net with subject Re: Re: Re: Your document dated Fri, 26 Mar 2004 17:35:56 -0600 Win32/Netsky.J worm contained infected files STAN\Administrator
3/26/2004 16:45:32 PM IMON email message from: sullivan@ma.ngb.army.mil to: gunn1@charter.net with subject Re: Your bill dated Fri, 26 Mar 2004 17:38:22 -0500 Win32/Netsky.D worm contained infected files STAN\Administrator
3/26/2004 15:21:01 PM IMON email message from: 3ddcox1@chartercom.com to: gunn1@charter.net with subject excuse me dated Fri, 26 Mar 2004 16:08:33 -0500 Win32/Netsky.C worm contained infected files STAN\Administrator
3/26/2004 15:20:51 PM IMON email message from: 3ddcox1@chartercom.com to: gunn1@charter.net with subject excuse me dated Fri, 26 Mar 2004 16:08:33 -0500 Win32/Netsky.C worm contained infected files STAN\Administrator
3/26/2004 14:13:05 PM IMON email message from: shaws1603@msn.com to: gunn1@charter.net with subject Re: Excel file dated Fri, 26 Mar 2004 14:46:16 -0500 Win32/Netsky.D worm contained infected files STAN\Administrator
3/26/2004 14:12:56 PM IMON email message from: shaws1603@msn.com to: gunn1@charter.net with subject Re: Excel file dated Fri, 26 Mar 2004 14:46:16 -0500 Win32/Netsky.D worm contained infected files STAN\Administrator
3/26/2004 10:12:47 AM IMON email message from: gregorey.anderson@bmwmc.com to: gunn1@charter.net with subject Re: excuse me dated Fri, 26 Mar 2004 11:10:19 -0500 Win32/Netsky.C worm contained infected files STAN\Administrator
3/26/2004 9:05:13 AM IMON email message from: igors@afccc.af.mil to: gunn1@charter.net with subject Re: Re: Document dated Fri, 26 Mar 2004 09:34:37 -0500 Win32/Netsky.D worm contained infected files STAN\Administrator
3/26/2004 9:05:03 AM IMON email message from: igors@afccc.af.mil to: gunn1@charter.net with subject Re: Re: Document dated Fri, 26 Mar 2004 09:34:37 -0500 Win32/Netsky.D worm contained infected files STAN\Administrator
3/25/2004 17:14:26 PM IMON email message from: msmith@ci.frisco.tx.us to: gunn1@charter.net with subject Re: Your website dated Thu, 25 Mar 2004 16:55:41 -0600 Win32/Netsky.J worm contained infected files STAN\Administrator
3/25/2004 17:14:11 PM IMON email message from: msmith@ci.frisco.tx.us to: gunn1@charter.net with subject Re: Your website dated Thu, 25 Mar 2004 16:55:41 -0600 Win32/Netsky.J worm contained infected files STAN\Administrator
3/25/2004 13:03:09 PM IMON email message from: ddraper@ewjohnson.com to: gunn1@charter.net with subject Re: My details dated Thu, 25 Mar 2004 12:58:48 -0600 Win32/Netsky.J worm contained infected files STAN\Administrator
3/25/2004 10:14:42 AM IMON email message from: members-14264e@mail.imdaonline.org to: gunn1@charter.net with subject Re: Your product dated Thu, 25 Mar 2004 10:40:56 -0500 Win32/Netsky.J worm contained infected files STAN\Administrator
3/25/2004 10:13:49 AM IMON email message from: members-14264e@mail.imdaonline.org to: gunn1@charter.net with subject Re: Your product dated Thu, 25 Mar 2004 10:40:56 -0500 Win32/Netsky.J worm contained infected files STAN\Administrator

An antivirus program should not be your first or last line of defense. You have to use all means to protect yourself. That includes keeping your operating system up to date.
Run a trojan detection program in addition to your antivirus. Use a spyware detector program.
You should always be sure of what you are downloading.
One of the things I think is most important is to configure your email program for text only. It is just too risky these days to do otherwise.

I have tested every antivirus program out there for Windows. Nod gives me what I want. Speed, good detection, and timely updates.
You should choose what makes you comfortable. I am not willing to give up the performance of my computer in exchange for a slow antivirus program. :)

Thanks Stan and ronjor.
Stan, indeed I need a very good protection for e-mail. One year ago I've a bad surprise when a manager of one of our suppliers send me a piece, with many ascii chars-looking as a virused one, of an e-mail that I've sent to his competitor and ask me: Emil, do you now something about this?
Of course, this happens because I've worked on a guest station, forced by circumstances, with updated NAV
Now I have to be sure that this think will not happens ever. This game could cost me many expenses.

Both of you,
what configuration recommend me for an 98 and another XP, using also IE outlook, and browsing with opera? Currently I'm using NOD and sygate (I'm not sure if I have more security with kerio personal. sygate I've tested). I also heard on forum about a registry protection. Let me know a good base for efective protection...

Emil,

{QUOTE-> Both of you,
what configuration recommend me for an 98 and another XP, using also IE outlook, and browsing with opera? Currently I'm using NOD and sygate (I'm not sure if I have more security with kerio personal. sygate I've tested). I also heard on forum about a registry protection. Let me know a good base for efective protection... <-QUOTE}

No offense intended ;) - but this is the NOD32 support forum, for NOD32 issues only. Feel free to open a new thread on a revelant forum elsewhere on this board ;)

regards.

paul

Paul,

You are right.

Just I'm asking. I'm not used yet with your rules.

Could I put my e-mail for a further correspondence? (It's clear that I've not read yet your policy :) )

Emil,

You are free to post your email address. We discourage doing so, since we do know posted email addresses will be harvested by all sorts of bots.

As an alternative - register as a member and point to your profile as for your email address.

regards.

paul

As an alternative - register as a member and point to your profile as for your email address.

regards.

paul
{QUOTE-> <-QUOTE}
Paul,

Thanks for invitation!

Everything should be ok. I don't intend to offense you, just I don't like atribbute "Karma". I would like to see my experience rising on your forum, with this except.

>Everything should be ok. I don't intend to offense you, just I don't like atribbute "Karma". I would like to see my experience rising on your forum, with this except.

I agree about the "karma" thing. Quite poor judgement IMO to use this term. I don't like coming here because of that either. But I have NOD32 so I haven't much choice. Plus the forums here are excellent, but I feel extremely uncomfortable because of the religious term and having people rate me in this manner. It is wrong. Just about any phrase to indicate that the poster has been helpful would do. The term "karma" is a relgious term and should not used on board such as this one.

I have been wanting to say something about this for a long time but have felt I would be pounced on if I did. Your post has given me the courage to speak out.

Said by Stan999:
>From just my personal experience, all I can say is that I have been using NOD for over two years, started Aug. 2001, and it has provided excellent protection.

I am fairly active on the internet with my actual e-mail address on several web sites and some of my e-mail addresses date back to 1996. Due to that I get a fare amount of stuff send my way.

I am a retired CPA but still work out of my home, part time, on the Internet providing contracted support for ATT in the past and now Charter Pipeline because I enjoy doing that.

Over the past two and a half year period using NOD I have never lost data or been infected with a virus.

In addition I run some of the Online scanners from time to time just to double check. They have never picked up on anything that NOD missed.

So for me NOD has been an excellent choice and has provided excellent protection.

A sample of my log of infections sent my way over the last few days.

That doesn't impress me at all. You are showing me what IMON does. I don't use IMON. I don't want an email scanner. Show me how impressed you are with AMON. AMON is what is getting short shrift now by Eset. This means that I have to go looking elsewhere. Damn shame too. But AMON should do it all. I should not need anything but the resident scanner.

Mele,

Expressing your opinion is OK - we do encourage this, although you are in fact not addressing an Eset issue - this is a board software and Admin issue.

With due respect to your opinion: this is the way we have decided to setup this board. No referals to religion intended: 'kharma' is merely intended as sort of a personal applaud - and used in that way by fairly all members. Aplaudding people for good reasons seems a very positive attitude to me ;)

Feel free as ever to start a dedicated new thread on this issue - on the apropriate forum. The NOD32 support forum for sure isn't the one ;)

regards,

paul

{QUOTE-> quoting: Mele20 link=board=39;threadid=10337;start=105#msg151885 date=1080599591]
Said by Stan999:
>From just my personal experience, all I can say is that I have been using NOD for over two years, started Aug. 2001, and it has provided excellent protection.

--snip---

That doesn't impress me at all. You are showing me what IMON does. I don't use IMON. I don't want an email scanner. Show me how impressed you are with AMON. AMON is what is getting short shrift now by Eset. This means that I have to go looking elsewhere. Damn shame too. But AMON should do it all. I should not need anything but the resident scanner.
<-QUOTE}

Hi Mele20,

I wasn't trying to impress you with IMON?

My post was just a response of my personal experience using NOD32 over the last two and a half years. This was just in reply to a post of why choose NOD over another AV.

The virus log I posted for the last several days just didn't have any AMON examples for that time period.

However, over the time I have used NOD32, AMON has caught a number of infected files. So its function to scan on Open, Execute and Create files works as intended for me.

I just don't see where AMON should do it all especially e-mail scanning prior to the Inbox? You may not need an e-mail scanner but some folks really like that feature and find it an additional layer of protection.

Your posted method of saving your e-mail attachments and then going through the effort of navigating to where you saved it and doing a scan on it, and then, if infected, deleting the file and e-mail seems to be a waste of time for me.

We all don't have the same needs and perferences using an AV. So what works for me may not be what you are looking for.

On one of your prior posts you noted, "If you want to know what is worthless junk on any AV it is the email scanner", is just not true for everybody.

In summary, over the time I have used NOD32, I find both AMON and IMON have provided good protection for my use.

{QUOTE-> quoting: Paul Wilders link=board=39;threadid=10337;start=105#msg151891 date=1080599976]
Feel free as ever to start a dedicated new thread on this issue - on the apropriate forum. The NOD32 support forum for sure isn't the one ;)

regards,

paul

<-QUOTE} 8)

Mele,

Pls make another thread and post the link, about the AMON issues. These problems give me an unsafely and anxious feeling. I have urgently need a good quality resident AV, when scaning and disinfect archives could be staying alive matters (agreements, pdx database and others things from health domain)

It's been a couple of months since my last post on this thread. This has been an ongoing thread since June of 03. This question is for ANY ESET MODERATOR " Can I get an idea on when this feature might be included? " Also I keep hearing about a realease candiate for NOD32? Will this fix my problem. If it is possible I would like an update on this issue either from an ESET MODERATOR or administrator.

I think the release candidate is mostly about IMON and adv. heuristics which will be for http as well as email and supposedly you can disable one and use the other. I doubt the issue of this thread will be addressed. I don't use IMON although I am interested in this latest version, however, I would far prefer to see AMON beefed up instead of IMON. IMON causes innumerable problems, as all email scanners do, and it is best to avoid their use. Why not, instead, beef up AMON? AMON is really what NOD32 is and I don't like the short shrift that it has been getting.

Of course, beefing up AMON will slow it some but I don't really think it needs to detect the "kitchen sink" as KAV does so it shouldn't slow it that much. Another thing that should be addressed is that adv. heursitics on command line scanning should be made a part of NOD32. It is ridiculous that one still has to download Paolo's extension to get the most important aspect of NOD32! I also agree with Rodzilla that Eset should make default settings maximum not silly weak like they are now. But I don't think any of these important issues are addressed in the upcoming beta. :(

I just ran that av test that everyone is talking about here and at dslr and that KAV and NOD32 fail completely.
http://www.dslreports.com/forum/remark,10132323~mode=flat
http://www.wilderssecurity.com/showthread.php?t=30055

Then I downloaded Gladiator's zip file which is designed to keep the av test files on the hard drive long enough for KAV and NOD32 to detect them (one is the Eicar and both these avs can't even detect that! in this test). After downloading, Gladiator said to copy over the original zip file. Well, I automatically scanned first via command line adv. heuristics and NOD32 found a virus! It wouldn't alert on any of the official tests but adv. heursitics did on this! So, I'd say all you need is Paolo's adv. heuristics and practice safe computing and you will never need all this fancy, smancy IMON stuff which is so buggy. I just want AMON and command line scanning to be lean, mean and hungry. So, ESET please don't ignore AMON and continue to strip AMON. Make AMON stronger and forget the IMON stuff.

{QUOTE-> It's been a couple of months since my last post on this thread. This has been an ongoing thread since June of 03. This question is for ANY ESET MODERATOR " Can I get an idea on when this feature might be included? " Also I keep hearing about a realease candiate for NOD32? Will this fix my problem. If it is possible I would like an update on this issue either from an ESET MODERATOR or administrator. <-QUOTE}

You know that you are not the only one that would like this feature. They have a ton of other products to deal with and the end result is you are not getting infected. If you extract the file, it will be caught where upon you can delete it. The location is indicated and you can delete it manually. I perform the same test you do about once every three months waiting for a change. Just give them a break. They are a small company on the rise and when they do the job, you can guarantee it will be done right, not some patch job.

To ESET MODERATORS & ADMINISTRATOR,
I'm getting tired of this run around and this issue going unresolved for so many months. You keep promising this feature through out this thread but something always comes up. You keep making excuses and it is getting very old. There's always going to be software conflicts, virus outbreaks, security conferences and other such issues that crop up from time to time but enough is enough. I believe its time to put up or shut up as they say. You are right to say I'm upset in a major way and I believe this issue needs to go higher up in ESET as it has almost been a year since this thread was started and the issue has yet to be resolved.

Hi radical,

I wrote you - it's not a fix - it's a feature.

Rgds.,

jan

I understand that it not a problem but a feature. But I think waiting paitently for almost a year is rather ridiculous. You have said numerous times you are working on it and something always comes up. I'm getting tired of the excuses.

Hi radical,

{QUOTE-> I understand that it not a problem but a feature. But I think waiting paitently for almost a year is rather ridiculous. You have said numerous times you are working on it and something always comes up. I'm getting tired of the excuses. <-QUOTE}

OK - the reality is - pls. be prepared it can take longer time until this feature will be implemented.

Rgds.,

jan

I have read this entire thread and I am astonished by just how badly ESET have handled this issue.

It simply **** belief.

It was not insulting at all.

It is a perfectly legitimate phrase that means "almost impossible to believe" (and it should not be confused with a different, but similarly spelled, word).

I shall therefore re-phrase:


"It is simply beyond belief"

Hey,
It's radicalb21. I was wondering with all the talk about this new beta that is up and coming if it would address any of my issues I have had for the last year with NOD32v2. I would appreciate a response from any ESET MODERATOR or forum member that has a beta of the product. As of next Tuesday June 15, 2004 it will be exactly a year since I started this thread and I for one like to see this issue resolved as would other forum members as well. I think I have waited patiently for far to long to see this issue resolved. I know it isn't a problem but an additional feature but come on now you've been saying that for almost a year now and it is getting very old. In my opinion this issue should have already been resolved. Have you ever heard of quality assurance and listening to customer feedback because I have seen and heard people say that feature isn't needed and then later hear those people change there minds. Also Paul if you are around this evening I would appreciate your comments on this as I feel you are very knowledge about alot of things that deal with security. Also if you could IM me or email me a link so I could forward this issue to someone other then JAN or Marcos because I feel I am getting the classic run around. If you could start from the begining of this thread and reread it top to bottom I would appreciate your opinion. Thanks to any and all people who help to bring this issue to a close.

Hi radical,

>I was wondering with all the talk about this new beta that is up and coming if it would address any of my issues.

That feature is not included in the new beta. As I wrote:

>OK - the reality is - pls. be prepared it can take longer time until this feature will be implemented.

Rgds.,

jan

Well radicalb1, it may be small consolation but you will be getting your wish that AMON can unpack and will also be given Adv. heuristics powers. I recall Jan saying that Eset thought that was unimportant and that we would not get this. However, this a feature of the new beta.

The NOD32 scanner is worse off in the beta than before in one sense. Even though the scanner in clean mode hangs waiting for me to take action, I am offered no action other than leave. However, the text in the box tells me that the recommended action is to delete but I'm not offered that. Telling me I should delete is new. I never saw that with eicar in the current version. Why tell me to delete and then not offer that action???

I'm disappointed too that we aren't getting delete, rename, etc. Those buttons should be removed as it is very confusing to newcomers. We should just be told that NOD32 can't do anything when it finds a virus. It can't even quarantine properly so I think the quarantine button should also be removed because it doesn't quarantine and currently it is a very misleading and potentially dangerous situation. At least in this beta I have, quarantine isn't fixed and I think it far better to just do away with quarantine if it is not going to be fixed soon.

The scanner has found other "viruses" that are not archived and with these also the ONLY choice I am given is leave. So, perhaps the options buttons should be removed and in setup we should not be advised that we can choose other actions if the virus cannot be cleaned, because we can't. All NOD32 scanner appears to be able to do is detect and leave (as quarantine doesn't quarantine).

It's radicalb21. Here I am again. It has now been over 1 year since I reported this problem. I believe that ESET doesn't care about it's customers one damn bit. I believe I have been very patient in waiting as long as I have and my problem has yet to be addressed as far fixing this issue. I know this isn't a problem but an additional feature. But when I have been told numerous times they are working on it and things constantly come up it really pisses me off in a major way. I know both JAN and MARCOS have both replied to this numerous times in the past and they always say it isn't a problem but an additional feature. They also say it is coming. My question is when? I'd also like to say all the emails I have sent recently to ESET have gone unanswered now for over a couple of months. This is getting very ridiculious. I would appreciate a response from either PAUL WILDERS or ANTON from ESET. I believe this issue has been swept under the rug one to many times and I believe nothing has been done to add this feature to the program. Other antivirus software programs already have this feature. Those antivirus companies are Kapersky, Avast!4 Antivirus just to name a few. If they can have this feature why has NOD32 not added this feature. They had this feature in early BETA Version of NOD32v2 (BETA4, BETA5). Why was this feature removed? This would be a very useful feature. I would really appreciate a response ASAP on this issue. Thanks again in advance. >:( >:(

I would really appreciate a reply ASAP on what I typed earlier about a problem with ESET support and problem persisting for over one year now. As far as support goes this should have been handled in the begining. I think if a problem of a customer is not resolved in a timely manner something needs to be done. I can't believe it has been a year and one month now and this issue still persists. JAN & MARCOS keep saying its not a problem but an additional feature. I now believe thats bullshit. They keep saying the same thing and it seems ESET doesn't care about the small guy. They keep saying it is coming. It gets old when they keep saying the same thing. You would think they would do something about it by now so I would just get off there backs and quit complaining but that will never happen. How would ESET feel if I voiced this program through some tech medium about how their support sucks.

Radicalb21

You have a simple solution. If you are not happy with NOD or their support, as with all software programs, look ELSEWHERE for your AV protection.

I have recently decided not to renew a license for one of my AV's because their support was somewhat lacking. No disrespect and I hope you find your 'best' AV .

Avast is very good ;)

I still see no one person wants to respond to this post. This is ashame.

radical,

as for your feature request: I'll check the situation and will update you shortly.

Rgds.,

jan

Thanks for replying JAN. No disrespect meant but I would like to hear from both PAUL WILDERS & ANTON and what they can do to correct this issue and bring it to a close. Complaints shouldn't persist for over a year. There have been quite a few updates to the program over the last year and could have been implemented in any of those updates. Both JAN & MARCOS keep saying it is coming. My question is simply when?? There should be some type of quality assurance implemented in the support program so this doesn't happen to anyone else in the future. Your right in saying I'm pissed off at ESET for the way this problem has been handled. Both JAN & MARCOS say it is not a problem but an additional feature and the feature will be added after all the software problems/conflicts, virus outbreaks, and security conferences. The truth of the matter is there will always be software problems/conflicts due to everybody not having the same computer configuration. Also another truth is there will always be virus outbreaks. The only thing that can be controlled is security conferences. So by them saying this the feature will never happen. I would appreciate a response from either PAUL WILDERS OR ANTON from ESET to help resolve this issue and bring things to a close. In closing other people have had problems over the last year and their problems have been addressed and fixed. Why couldn't that have been me.

Hi radical,

we are working on a new cleaning system for NOD32. Removing/cleaning infected files within compressed files is not an easy task but this feature is on the wishlist and it will be added when it will be due.

We do not disclose release dates but when this new cleaning system will become available, you'll know about it. Btw, there is a changelog for the product located at:

http://www.nod32.com/products/nt.htm

Since this thread is huge already and that's all I can say at the moment, I'm closing this thread.

Rgds.,

jan