Hi Guys,

I recently got NOD32 2.5 . I had no anti-virus program prior to this being installed as i have only recently purchased this computer.

I have a problem though while im attempting to do a In-depth scan or On-Demand Scan. I click scan, and i see files getting scaned, then about 4-5seconds into it, the window drops, takes me back to the nod main window.......has it scanned? i thought it would of given me a report or something to show me it has completed its such with X number of files and X number of infections...

IN my Nod32 Scanner Log, there is a log that a scan has been created however the status of it shows up always as 'Scanning'....When i access the details of the log, it says 0 number of files scanned and 0 number of infections found..

is their a virus on my computer that is stopping my NOD32 program from conducting its searches?

Please help.

Cheers

Try running a scan in safe mode.

Just tried, it seemed like it went for abit longer but it just dropped out. closed the window automatically.

1st time i did it in safe mode went for about 10-12secs, i can see the files being scanned, then it just stopped. terminated window.

tried a second time but it terminated within like seconds.

:(.

i tried it in admin mode to see where it stops...looks like theres a specific folder...its a Local Settings\Microsoft\Messenger\emailaddy\share something or other, i cant quite get the full address as it gives me no warning when it closes...

maybe i should delete this folder???

Hi Nobody003, welcome to Wilders.

Never mind, it's too late here, and I missed the relevant part about no previous AV

Cheers ;D

Go into the Program files/Eset/NOD32 folder (or whatever it is called) Rename NOD32.exe to something different(balloon.exe for example) then try running the scan in safe mode again. You will have to navigate to the folder and double click on the renamed file. This is one of the advantages of NOD. This is in case some malware is terminating NOD32.exe, it won't be looking for balloon.exe Get the idea?

Of course when you are done don't forget to rename it back to Nod32.exe or future scans might not work.

{QUOTE-> Hi Nobody003, welcome to Wilders.

Never mind, it's too late here, and I missed the relevant part about no previous AV

Cheers ;D <-QUOTE}

That's all right Blackspear, it is late down there. I think he just might be infected by something.

its definitly something in my local settings, application data folder.... ill try your steps, and ill get back to you. shouldnt be more then 5min.

Ok, i changed exe file to balloon.exe, restarted comp and went via safe mode to get into admin, executed balloon.exe, ran scan, but it stops at the same point, some local settings\application data\microsoft\messenger...

Sounds like some sort of buffer overflow. Is the file small enough to upload to Virus total or Jotti's online scanner?

well its weird, i head to the folder, but theirs nothing there....ive enabled the option to show me hidden folders...i deleted all the folders contained within the local settings\applic data\microsoft\messenger\emailaddy\ but it looks like it stills searching files within that folder....

try deleting the folder, if you are sure it is nothing you use.

well i uninstalled the program windows live messenger, ill get back to you in a sec how my scan goes next time...

well program uninstalled but folder still exists, just now going through admin safe mode to see if i can delete it.......there is absolutely nothing in this folder....but NOD32 is scanning something in it...fingers crossed i can delete the folder...

well windows says their is 5 folders and 10 files totaling 157k/b which i cant see at all....no matter what i do...and the scan stops at this point. i tried to delete, but it doesnt do anything, hour glass comes on next to mouse but thats it....

any suggestions....im about to update to 2.7 now

looks likes it all solved. by updating to the 2.7 has searched the folder correctly and given it the all OK.......very odd.....sorry to disturb you guys, but at least that hurdle is over, its nearly completed its scan...

Thanks Flyrfan

No Problem, be sure to rename back to NOD32.exe when you are done.

ok on-demand didnt pick this up, but in-depth did.....whoa...lucky i got this sorted.....what are these trojans anyway? anyone have experience in this?

190227

Hi there, please take the following steps:

1. Check your settings against those found HERE (http://www.wilderssecurity.com/showthread.php?t=37509)

2. Turn OFF System Restore by doing the following (note: by doing so you will lose all restore points):

Windows XP Instructions

a. Right click on the “My Computer” icon on the Windows desktop.

b. Click on “Properties”.

c. Click on the “System Restore”.

d. Place a tick in “Turn off System Restore on all Drives”.

e. Click OK.

f. Close and RESTART your system.

g. Turn System restore back ON.

3. Finally, run a scan by clicking on the NOD32 Control Centre> NOD32> Run NOD32> Scan and Clean.

Let us know how you go...

Cheers ;D

Generally, if the scanner window closes all of a sudden during a scan and the relevant entry in the log says "Scanning" though, we suggest the following:

- run nod32.exe with the /crashlog parameter and check crash.log for the last entry when the scanner closes. We'll need that file for analysis then.

- also try playing around the various options in the on-demand scanner setup, such as runtime packers and archives to see if disabling them makes a difference