Today I made a fresh install of NOD32.
But , surprise :

179963

Q&Q Defrag Agent seems to be a new virus !:o
I think this happened before update.

BTW I have to reinstall Q&Q Defrag to use it again !>:(

{QUOTE-> Today I made a fresh install of NOD32.
But , surprise :

179963

Q&Q Defrag Agent seems to be a new virus !:o
I think this happened before update.

BTW I have to reinstall Q&Q Defrag to use it again !>:( <-QUOTE}


So why do you think it is false-positive ? ? ?

Place that file to quarantine and submit it for analyze . Also , samples@eset.com

And something you know very well -> Virus Total
www.virustotal.com

;) Let us know how it goes

As you can see with current database NOD found nothing.


179965


I am 100% sure that was a FP !:isay:

{QUOTE-> I think this happened before update. <-QUOTE}
Well there you go. Update and let that be the end of it.

{QUOTE-> Well there you go. Update and let that be the end of it. <-QUOTE}

This is not the point.
Enyone else will have the same problem with Q&Q installed and a fresh NOD setup.
I think they should eliminate this FP !

{QUOTE-> This is not the point.
Enyone else will have the same problem with Q&Q installed and a fresh NOD setup.
I think they should eliminate this FP ! <-QUOTE}
just trying to understand the problem - when you install a fresh copy of NOD32 and BEFORE it is updated this file is flagged as a threat, but after NOD32 is updated it isn't flagged as a problem...if this is the case, then it isn't a problem. It is only a problem if, after updating it still flags a genuine file as a false positive.

{QUOTE-> Well there you go. Update and let that be the end of it. <-QUOTE}


Now I agree ! :wacko:
:thumb:

I use O&O Defrag and NOD never, never, flaged any O&O file with virus. So I don't understand this one.

{QUOTE-> ... BTW I have to reinstall Q&Q Defrag to use it again !>:( <-QUOTE}

Why not just restore the file from NOD32's Quarantine? The program should work ok after that?

{QUOTE-> Why not just restore the file from NOD32's Quarantine? The program should work ok after that? <-QUOTE}Agreed.

Cheers ;D

{QUOTE-> Why not just restore the file from NOD32's Quarantine? The program should work ok after that? <-QUOTE}

If you look at my first post you can see : " action - error while cleaning..."
There is no file in Quarantine. The program just do not work anymore after that.
But if you all think this is normal I will put an end to this story now.

Best regards.

If the file is not detected with an up to date version of NOD32, where's the problem then? How can you fix it without updating NOD32?

Sorry but when you mentioned Q&Q Defrag you mean O&O defrag correct. I'm using O&O Defrag on my Fathers PC and Bitdefender Pro 9 and I've never ever encountered any of this type of prob, plus also previously I used O&O defrag on my PC with NOD32 and again didnt have any probs.

My suggestions:

1. Uninstall O&O Defrag
2. Clr all your cache and temp internet files
3. Re-Boot your PC in safe mode and do a full scan of your HDD.

Note: Make sure that your NOD32 is fully updated before following steps 1 - 4.

{QUOTE-> This is not the point.
Enyone else will have the same problem with Q&Q installed and a fresh NOD setup.
I think they should eliminate this FP ! <-QUOTE}
Basically, what you are saying is that the fresh NOD32 program should come with virus definitions that are newer than the ones currently included. For example, if the virus definitions now included come from January, and the O&O problem was fixed in March, then NOD32 should come with virus definitions from April or later.

Something like that?

Yeah I still don't get it.. How are they supposed to fix an FP without updating? ...

{QUOTE-> Enyone else will have the same problem with Q&Q installed and a fresh NOD setup <-QUOTE}IMHO that would only be true if the user selected Restart Now versus Restart Later (http://www.wilderssecurity.com/showthread.php?p=201873#post201873) during the final step of installing Nod32.

I personally would suggest you consider downloading up to date signatures before restarting if at all possible.

{QUOTE-> Basically, what you are saying is that the fresh NOD32 program should come with virus definitions that are newer than the ones currently included. For example, if the virus definitions now included come from January, and the O&O problem was fixed in March, then NOD32 should come with virus definitions from April or later.

Something like that? <-QUOTE}

Something like that.
But that only if we(they) admit there is a problem.

{QUOTE-> But that only if we(they) admit there is a problem. <-QUOTE}

A FP rendering a Terminal Server useless qualifies as a problem ;D

I just experienced a similar problem. While configuring NOD32 I've also configured a weekly scan. This scan is configured to run immediately if it has not run within 400 hours. The update is configured to run each hour.

We're using RES PowerFuse for managing our Terminal Servers.

If I push NOD32 Enterprise to a Terminal Server the weekly scan immediately runs without an update:

{QUOTE-> Scan performed at: 26-6-2006 22:33:04
Scanning Log
NOD32 version 1.1211 (20050907) NT
Command line: /config=My Profile
The current threat database is out-of-date. It is highly recommended
that you update NOD32 immediately to ensure that newly discovered
threats will be detected.
Operating memory - is OK

Date: 26.6.2006 Time: 22:33:07
Scanned disks, folders and files: C:
C:\Program Files\RES PowerFuse\pwrstart.exe - probably unknown
NewHeur_PE virus [7] - quarantined - unable to clean - deleted
Number of scanned files: 103980
Number of threats found: 1
Number of files cleaned: 1
Time of completion: 22:37:05 Total scanning time: 238 sec (00:03:58)

Notes:
[7] File is probably infected with an unknown virus. <-QUOTE}

Pwrstart.exe is an essential part of our Terminal Servers, which means it now has become useless.

After restoring pwrstart.exe and repeating the scan with an update it no longer is detected:

{QUOTE-> Scan performed at: 26-6-2006 23:16:48
Scanning Log
NOD32 version 1.1625 (20060626) NT
Command line: /config=My Profile
Operating memory - is OK

Date: 26.6.2006 Time: 23:16:51
Scanned disks, folders and files: C:

Number of scanned files: 104052
Number of threats found: 0
Time of completion: 23:20:37 Total scanning time: 226 sec (00:03:46) <-QUOTE}

VirusTotal doesn't find any virus.

The easiest way to solve my problem has already been mentioned: the fresh NOD32 program should come with virus definitions that are newer than the ones currently included.

Currently I'm using 2.50.25, I could try if 2.51.26 solves the problem.

AFAIK I can't exclude files from on-demand scanning, so this will be very difficult. Any suggestion - except not using on-demand scanning, disabling AH or other major changes in my configuration - is welcome.

{QUOTE->
The easiest way to solve my problem has already been mentioned: the fresh NOD32 program should come with virus definitions that are newer than the ones currently included. <-QUOTE}

Virus definitions in setup program is from 24.03.2006 !!:blink:
This is causing problems to many peoples due to those FP at a fresh install.
So I have a common sense question : why is eset keeping those virus definitions like that ? ??? Maybe they have a reson for that ?!

It's impossible to have always the latest definitions included in the installer. This would mean creating newer installer several times a day and uploading 1,5 GB of data with every update (not taking trial versions into account). At any rate, the current installers come with update 1.1618 embedded.

{QUOTE-> At any rate, the current installers come with update 1.1618 embedded. <-QUOTE}

Thanks, I'll try that and hope it solves the FP.

I reinstalled NOD32 using the 2.51.26 installer. First the problem didn't occur, because the definitions were updated before the scan started. After reinstalling while disabling updates I was able to test this issue with 2.51.26.

{QUOTE-> Scan performed at: 27-6-2006 13:55:49
Scanning Log
NOD32 version 1.1458 (20060324) NT
Command line: /config=My Profile
Operating memory - is OK

Date: 27.6.2006 Time: 13:55:52
Scanned disks, folders and files: C:
Number of scanned files: 104516
Number of threats found: 0
Time of completion: 14:00:23 Total scanning time: 271 sec (00:04:31) <-QUOTE}

Problem appears to be solved with the 1.1458 definition.

{QUOTE-> At any rate, the current installers come with update 1.1618 embedded. <-QUOTE}

2.51.26 comes with 1.1458, so I don't know what installer you are refering to that comes with 1.1618? Anyway, problem is solved with 1.1458.

{QUOTE-> It's impossible to have always the latest definitions included in the installer. This would mean creating newer installer several times a day and uploading 1,5 GB of data with every update (not taking trial versions into account). At any rate, the current installers come with update 1.1618 embedded. <-QUOTE}

I think we are all too serious to speak about " creating newer installer several times a day" . Without exaggeration I belive once a week will be just fine.
THIS IS JUST A PERSONAL OPINION.

the best will be one installer per month and it will be the best choice for everyone I believe. :)