Hi all,

I just recieved a RAR file containg an EXE file with a virus inside it, the RAR file wasn't password protected...
when I open the RAR file with WinRAR, it doesn't warn me and opens correctly, but when I open the EXE it warns me and doesn't let me open it!!
My friend got the same RAR file, with the virus in there, he states that when he clicks the RAR file it Alerts him straght away!:o
and, also, when the alert comes up on my pc, the delete option and the rest are not available , only the "leave" opyin is available!

please help,
thx

setup your nod32 protection behaiour as described in the extra settings thread:

http://www.wilderssecurity.com/showthread.php?t=37509

Archives can be ignored if you don't SET THEM to be scanned - but as you saw, the threat itself was detected by AMON when it was ACCESSED - ie, you extracted it. You are not really losing any protection...

And after you setup your computer , you can perform full scan of your computer by opening Control Center -> NOD32 -> Run NOD32 -> Scan & Clean ;)

I set it up now...
this time no alert is given!!
and the file is left as it is!
I have no Idea... the NOD32 has to scan when I open the RAR !!!
but it doesn't

AMON does not scan archives in realtime, but when you downloaded it, IMON shouldve scanned it.

If the on-demand scanner did not detect the virus inside with archives enabled, please submit the file to support[at]eset.com along with a link to this thread.

{QUOTE-> If the on-demand scanner did not detect the virus inside with archives enabled, please submit the file to support[at]eset.com along with a link to this thread. <-QUOTE}
I have a question not exactly related to the topic, but I noticed that whenever it is needed to send an email to support for further investigation into any issue, you always recommend to include a link to the thread where the problem was initially described. I'm not bashing you for this, but I wanted to know why this is necessary. I mean, if the problem is anyway described in a detailed manner in the email to Eset's support, then there would be no need to provide any link to a thread on a forum. Could you please explain this? :)

Hi:-your friend who is alerted straight away,is he also using Nod?if he is its the way in which your two configurations of Nod differ that is causing the difference in behaviour not an inability of nod to scan archives,it does scan inside rar files

{QUOTE-> I have a question not exactly related to the topic, but I noticed that whenever it is needed to send an email to support for further investigation into any issue, you always recommend to include a link to the thread where the problem was initially described. I'm not bashing you for this, but I wanted to know why this is necessary. I mean, if the problem is anyway described in a detailed manner in the email to Eset's support, then there would be no need to provide any link to a thread on a forum. Could you please explain this? :) <-QUOTE}

That's because threads at Wilders contain a track of what a user has tried to resolve the issue so far.

nope, i tried everysetting!!!
duno wy it's like that anyway,i switched to Avst Home edition :S
oh I hate the ugly looks and sounds but, no other choice!
doesanyone sugest i use another program?

Give Kav a whirl:-I use that as well as Nod(on different PCs!)and that seems to scan inside almost anything,if thats your main concern

Could you please send that RAR file to support[at]eset.com as I suggested before so that we can have a look at it and tell why NOD32 doesn't scan it?

Perhaps the user isn't aware of the profiles and that the settings are tied to the profiles?

Or right click ..

{QUOTE-> AMON does not scan archives in realtime, but when you downloaded it, IMON shouldve scanned it. <-QUOTE}
i THINK ESS/NODv3 does though, if anyone can confirm?
at least in the help file it says "the resident protection supports archive scanning". Though it doesnt seem to work this way in beta 1 as far as i can tell

{QUOTE-> i THINK ESS/NODv3 does though, if anyone can confirm?
at least in the help file it says "the resident protection supports archive scanning" <-QUOTE}

Yes , it supports archive scanning but NOD/ESS scans archive only upon extract and later all extracted files on-create/on-access .

The real archive (e.g. the ZIP file itself) is not scanned on-create or on-access because as I have said , there is no point of scanning such files , while packed/archived , no risk . If one wants this archive scanned before being extracted , it can scan it manually with a right click ;)

{QUOTE-> i THINK ESS/NODv3 does though, if anyone can confirm?
at least in the help file it says "the resident protection supports archive scanning". Though it doesnt seem to work this way in beta 1 as far as i can tell <-QUOTE}

Hm, I will ask my colleague what he meant by this. This sentence must be removed or rewritten so that it's correct.

{QUOTE-> Yes , it supports archive scanning but NOD/ESS scans archive only upon extract and later all extracted files on-create/on-access .

The real archive (e.g. the ZIP file itself) is not scanned on-create or on-access because as I have said , there is no point of scanning such files , while packed/archived , no risk . If one wants this archive scanned before being extracted , it can scan it manually with a right click ;) <-QUOTE}

1)You may be right, but erm... My friends nod poped up an alert right after he accessed the zipped file... and not the exe..

2)there is a melissa thing ... on this site.. ~Snip~ No links to malware are to be posted on Wilders.
Avast detects it! straight after accesing that page either on ie or ff but nod had let me see it! and Avast never!

3)Does NOD protect P2P File Sharing... etc.

and final bu not least,

4)Does NOD disinfect a file with virus?

and this is then last!! ;) (sorry)

5) How can I make NOD avoid showing me those annoying blue locked messages on scan?

and by the way, i got the file sent through MSN, so iI doubt it would have catched it...

these are my actual concernes of NOD32...
Thx.

{QUOTE-> 1)You may be right, but erm... My friends nod poped up an alert right after he accessed the zipped file... and not the exe..

2)there is a melissa thing ... on this site.. ~Snip~ No links to malware are to be posted on Wilders.
<-QUOTE}

Of course, text files are non-executable. NOD32 detects it heuristically with the vbs extension.

{QUOTE-> Of course, text files are non-executable. NOD32 detects it heuristically with the vbs extension. <-QUOTE}
Yes but it's still supposed to have catched it!

Regarding Melissa.txt

On the frontpage: ~Snip~ Link removed. - Ron

View real examples of virus/worm code, including CIH, MyDoom and Bagle.Ad. The samples on this site are harmless PROVIDING you do not change any file extensions when saving them to your computer.

Regarding MSN

Have you set the following command line under: Tools,Options,File Transfer, Scan files for viruses using:

"C:\Program Files\Eset\nod32.exe" /selfcheck+ /list+ /scroll+ /quit+ /pattern+ /heur+ /scanfile+ /scanboot- /scanmbr- /scanmem- /arch+ /sfx+ /pack+ /mailbox- /adware /unsafe /ah /prompt /all

{QUOTE-> Regarding Melissa.txt

Regarding MSN

Have you set the following command line under: Tools,Options,File Transfer, Scan files for viruses using:

"C:\Program Files\Eset\nod32.exe" /selfcheck+ /list+ /scroll+ /quit+ /pattern+ /heur+ /scanfile+ /scanboot- /scanmbr- /scanmem- /arch+ /sfx+ /pack+ /mailbox- /adware /unsafe /ah /prompt /all <-QUOTE}
thx for the info...
now for the other points of concern...
thx

Regarding potential or real malware, no links are to be posted on this forum.

See The Terms of Service (http://www.wilderssecurity.com/TOS-Privacy.html) for clarification.

Please send samples to the respective anti-malware companies.

@ronjor
Oeps...sorry :-)

yes me too... now lets get to the points please...
I am thinking of an av product