NOD32 has a big problem.
(I dont know if there is any problem with my antivirus settings.If so please help me.)
I inserted a disc with a virus in it( i knew it has a trojan in it, i did so to check nod32) and opened the folder containing the virus, nod32 made no response.
Only when i manually scanned the files , it detected the virus.
but all other antiviruses like AVG pops up a window at the instant when i open the same folder,saying that it has detected a virus and makes it unreadable.
But with nod32 installed , i tried to run the trojan file from the disc,
shit ,it worked and nod32 did nothing at all!!!!!!!!!!!!!!
Tell me if i can fix this by some settings change....

Did you actually copy the file somewhere so that AMON could scan it for runtime packers and with advanced heuristics? Note that these options work only on newly created files because of a high CPU utilization required for processing.

Marcos,
i didnt copy the file to my hard drive.
Actually AVG was able to find the virus presence in disc without manually scanning it( it did notify me when i just opened the folder in the disc)
Now i tried to copy the file onto my hard drive, then when i tried to paste it, NOD32 told me that it was a virus and moved it to quarantine.
But is it true that real time scanning in CDs and DVDs is impossible for nod32?
think, i was able to run the virus from the CD (without copying it to the hard drive)
What should i do?

i tried the same case and yes nod32 Adavanced Heuristic didnt scan files on CD/DVD. Possible bug ?

Read it more carefully again, the settings say "Additional options on create" and the description says "Options to use for scanning newly created or modified files". So no, it's not a bug. In the future we'll probably implement a feature that will scan removable media when inserted into a drive.

Marcos,
My AMON has all the options ON and it fails even then.
and,are you saying that now NOD32 is not capable of scanning removable storage devices on mounting???
If it is, it is a real pity because all other Antivirus i tried like
AVG,Avast,Kaspersky etc. are capable of doing this.
The best response was that of AVG . It took less than a second to notify me when i opened the folder containing the virus.

The point is, nothing is being "created", move the file from the CD to your system and see AMON bite it ;) ;D

Cheers ;D

yes but if we accidentally run some nasty virus then our pc will be infected

{QUOTE-> yes but if we accidentally run some nasty virus then our pc will be infected <-QUOTE}No, because AMON will grab it upon creation.

Cheers ;D

yes if it creates files on hard drive but it still running on memory. i have tried it.

{QUOTE-> Marcos,
My AMON has all the options ON and it fails even then.
and,are you saying that now NOD32 is not capable of scanning removable storage devices on mounting???
If it is, it is a real pity because all other Antivirus i tried like
AVG,Avast,Kaspersky etc. are capable of doing this.
The best response was that of AVG . It took less than a second to notify me when i opened the folder containing the virus. <-QUOTE}

If the files you are trying to run are:
a) not runtime packed
b) not a self-extracting archive
c) not detected by advanced heuristics ("probably unknown NewHeur_PE virus")
NOD32's AMON will detect the virus.

But if either "method" of a,b,c are required, NOD32's AMON will only detect it if the files are being moved/copied (that's why it says "newly created or modified files" in AMON's options).

well maybe in version 3 it will be "fixed" :D

'Trojan horse PSW.Generic3.ALD' is the one with which i tested NOD32 . It had the file name 'Showpass.exe'.
Hope that NOD32 will add the module in its next version

{QUOTE-> well maybe in version 3 it will be "fixed" :D <-QUOTE}

Well, in certain circumstances it can take up to 10 secons for advanced heuristics to emulate the code. I don't think there is hardly anyone who wouldn't mind waiting so long before a file is executed. Maybe in the days of 20 GHz CPUs it will be possible ;)

If you happen to run a malicious file it will most likely register itselfs to the registry so that it's run the next time you start Windows. In such case, the automatic startup file check in NOD32 will detect it and alert you.


Marcos

{QUOTE-> Well, in certain circumstances it can take up to 10 secons for advanced heuristics to emulate the code. I don't think there is hardly anyone who wouldn't mind waiting so long before a file is executed. Maybe in the days of 20 GHz CPUs it will be possible ;)

If you happen to run a malicious file it will most likely register itselfs to the registry so that it's run the next time you start Windows. In such case, the automatic startup file check in NOD32 will detect it and alert you.


Marcos <-QUOTE}
you can't really think this is an adequate answer! my god, if avg takes less than a second to detect the malware, why would it take nod32 up to 10 seconds?

the point being made by the original poster is a valid one. if you can execute malware directly from removeable media, and the malware is fully memory-resident (i.e. doesn't need to create new files on the hard drive), then what's to stop a black hat from writing such code that would make it impossible for you to ever restart windows?

i think this is a far more serious flaw than you're willing to admit. and i'm beginning to wonder if i made a wise decision to install this product on my entire network.

{QUOTE-> you can't really think this is an adequate answer! my god, if avg takes less than a second to detect the malware, why would it take nod32 up to 10 seconds?
<-QUOTE}

Because AVG detected it by a standard signature. Unlike AVG, NOD32 uses a sophisticated code emulator that is capable of identifying millions of threats without the need to update. Threats detected by a signature are detected in much less than 0.05 sec :) I can assure you that you didn't make a wrong decission, NOD32 will protect your network perfectly. I cannot tell here any comparison details with other products, but instead I'd suggest you wait for the upcoming tests carried out by www.av-comparatives.org.