I just ran a manual NOD32 "In-Depth Analysis" scan, using the "command-line profile", which I have set up to scan everything using all available filters. I have set the treatment of all the categories (files, boot sectors, archives, etc., etc.) to "clean" when possible, "delete" when impossible to clean, and "copy to quarantine" in all cases.

Under this profile there are only two instances when infections found are not quarantined: when found in memory and when found on the MBR.

The scan I ran that found "2 infections" does not show any items in quarantine. Nothing there.

Then, it also shows that both the memory and MBR were "OK". Does this mean they were not infected or that that have been automatically cleaned and are now "OK"??

I cannot figure out why there is nothing copied to quarantine if two infections were found but neither were in mem/MBR.

I'm going down the log file, but good Lord, it's 100 megabytes!!! I'm trying to look as fast as I can but the scroll tab on the right side doesn't even move!! Help!



/

As for the large log, make sure that the "List all files" option is disabled so that only infected files are listed in the log. NOD32 will quarantine files only if you set it to do so, it all depends on what actions you choose on the Action tab.

{QUOTE-> As for the large log, make sure that the "List all files" option is disabled so that only infected files are listed in the log. NOD32 will quarantine files only if you set it to do so, it all depends on what actions you choose on the Action tab. <-QUOTE}


I have all actions set to quarantine. As I mentioned above there are two instances when that option is not available: for memory items and for the master boot record. On all others I have set it to automatically quarantine.

/

Would this be a case of items that might be in your system restore :-\

{QUOTE-> Would this be a case of items that might be in your system restore :-\ <-QUOTE}



Good question. How to find out??


/

Do you have an existing folder called Infected in C:\Program files\ESET\ . Will a copy of this appear if you test AMON with Eicar
https://secure.eicar.org/eicar.com

{QUOTE-> Do you have an existing folder called Infected in C:\Program files\ESET\ . Will a copy of this appear if you test AMON with Eicar
https://secure.eicar.org/eicar.com <-QUOTE}


My AMON went off immediately after I hit this link... and the files (I did it twice, just to be nice) show up in the above folder, a folder I do not think I had before I just did this test (sorry, I hit the link before checking for the folder, and I know the folder doesn't exist until an infection first gets detected; but I do remember looking earlier for any reference for the reported two infections, and I don't think the folder was there then).


/