Sorry for this long post, But I am a very frustrated new user who just switched from Norton 2004 AV Pro to NOD32. OS and other programs listed in message below. I have configured NOD as per the configuration instructions in the first post on the forum and still having problems. Please note NOD support's response, my e-mail and my response to their response... which I still haven't heard anything on yet. It's a shame that a company in the software security business does not have 24/7 support! Some additional things I have noticed is that (1) according to the configuration post at the top of this forum, quarantine does not truly quarantine a possible virus, but rather makes a copy of it to be sent to support (doesn't say how that is done) and then deletes the file (which in 2 cases turned out to be false positives when scanning with TrojanHunter). And (2), in setup for DMON and IMON setup-actions, the right hand window for "Uncleanable infiltrations" is "greyed-out" so that no changes can be made including the ability to quarantine. I hope someone knowledgable on the thread will take the time to read this post and can help. Many thanks all and everyone.
______________________________________________
______________________________________________

|Thank you for the prompt response to one of the three |questions below. I am using an SBC DSL Pro connection... |1.5 to 3 download... (not dial-up) and my firewall
|(ZoneAlarm Pro v. 5.1) is set to allow both nod32krn.exe |and nod32kui.exe (only ones showing under "Program |Control" in Zone Alarm) to Access (Trusted and Internet) |and Server (Trusted and Internet). I have no problems |updating any other programs.
|
|Also, I am NOT getting the message you show when doing |Update now.... and NEVER have. The box shows after |every "Update now" shows: (Please note there is NO |message that anything is up to date!!)
|___________________________________________________________
|Status
|___________________________________________
|Status: idle
|Server: <choose
|automatically>
|Virus signature database update: automatic
|Program component update: offer
|Last update: 9/28/2004 20:49:00 PM
|__________________________________________
|Version of virus signature update: 1.880 (20040928)
|___________________________________________________________
|
|Please advise how to correct the above and respond to |questions #'s 2 & 3
|below.
|
|Thank you.
|_____________________________________________
|
----- Original Message -----
From: "Eset Tech Support" <support+114@eset.us (support+114@eset.us)>
To: XXXXXXXX
Sent: Wednesday, September 29, 2004 4:45 PM
Subject: Re: Urgent Problems with NOD32


| Hello,
|
| When you go to the NOD32 Control Center and click on Update now in the Update section, you should get a message "Your version of NOD32 is up to date. No update necessary." The message means that you have the latest
| virus signature update installed on your system. Some of the update errors can be caused by a software firewall on your system or if you use a dial-up connection.
|
| Your Eset Team
|
|
|
| XXXXXX wrote:
|
| > Please Help ASAP. Changed to NOD32 from Norton AV 2004 Pro. Having problems as noted below. As a doctor, patient data confidentiality is critical and I need your assistance immediately. Thank you.
| >
| > (1) Internet connection working fine, but don't know if getting current updates for NOD32. Have tried to manually update from Control Center using "update now", but see errors in log below. Last virus definition is now 1.880 (9/28/2004). Have had no problems updating other programs. Using WIN XP Pro with 1 meg of ram and 50 gigs of freespace. Running Zone Alarm Pro, Spybot S & D, AdAware (scan only personal version), Spyware Blaster, Spyware Guard, SpySweeper, BOClean, TrojanHunter... all latest versions and updated plus have all WIN XP critical updates installed except SP2 and new one from this week. Don't know why connection is failing when doesn't happen with any other programs. Would be nice if NOD32 gave message that file definitions were current. Please note that updates are sometimes coming through. Please see log below.
___________________________________________________________________

| > Time Module Event User
| >
| > 9/29/2004 13:48:50 PM Update Function: gethostbyname, parameters: , return value: 11001
| >
| > 9/29/2004 13:48:50 PM Update Update attempt failed (Server connection failure.)
| >
| > 9/29/2004 13:48:48 PM Update Error connecting to server www.nod32.com (http://www.nod32.com/).
| >
| > 9/29/2004 13:48:47 PM Update Error connecting to server u2a.eset.com.
| >
| > 9/29/2004 13:48:45 PM Update Error connecting to server u4.eset.com.
| >
| > 9/29/2004 13:48:45 PM Update Error connecting to server u3.eset.com.
| >
| > 9/28/2004 20:49:01 PM Kernel The virus signature database has been updated successfully to version 1.880 (20040928).
| >
| > 9/27/2004 23:31:00 PM Kernel The virus signature database has been updated successfully to version 1.879 (20040927).
| >
| > 9/27/2004 9:40:18 AM Kernel The virus signature database has been updated successfully to version 1.878 (20040927).
| >
| > 9/26/2004 13:20:02 PM Update Error connecting to server u3.eset.com.
| >
| > 9/26/2004 13:19:59 PM Update Error connecting to server u4.eset.com.
| >
| > 9/26/2004 13:19:56 PM Update Error connecting to server u2a.eset.com.
| >
| > 9/26/2004 13:18:23 PM Update Function: gethostbyname, parameters: , return value: 11001 DRMEFNOTEBOOK\Administrator
| >
| > 9/26/2004 13:18:23 PM Update Update attempt failed (Server connection failure.) DRMEFNOTEBOOK\Administrator
| >
| > 9/26/2004 13:18:21 PM Update Error connecting to server www.nod32.com (http://www.nod32.com/).
| >
| > 9/26/2004 13:18:18 PM Update Error connecting to server u2a.eset.com.
| >
| > 9/26/2004 13:18:13 PM Update Error connecting to server u3.eset.com.
| >
| > 9/26/2004 13:18:11 PM Update Error connecting to server u4.eset.com.
| >
| > 9/24/2004 20:34:51 PM Kernel The virus signature database has been updated successfully to version 1.877 (20040925).
| >
| > 9/23/2004 23:32:06 PM Kernel The virus signature database has been updated successfully to version 1.876 (20040924).
| >
| > 9/22/2004 20:47:26 PM Kernel The virus signature database has been updated successfully to version 1.875 (20040922).
| >
| > 9/21/2004 10:07:40 AM Kernel The virus signature database has been updated successfully to version 1.874 (20040921).
| >
| > 9/20/2004 9:32:03 AM Kernel The virus signature database has been updated successfully to version 1.873 (20040920).
| >
| > 9/19/2004 23:59:57 PM Update Update attempt failed (Failure to open socket.) DRMEFNOTEBOOK\Administrator
| >
| > 9/19/2004 23:59:55 PM Update Error connecting to server www.nod32.com (http://www.nod32.com/).
| >
| > 9/19/2004 23:59:54 PM Update Error connecting to server u2a.eset.com.
| >
| > 9/19/2004 23:59:52 PM Update Error connecting to server u3.eset.com.
| >
| > 9/19/2004 23:59:52 PM Update Error connecting to server u4.eset.com.
| >
| > 9/19/2004 23:54:53 PM Update Update attempt failed (Failure to open socket.) DRMEFNOTEBOOK\Administrator
| >
| > 9/19/2004 23:54:52 PM Update Error connecting to server www.nod32.com (http://www.nod32.com/).
| >
| > 9/19/2004 23:54:50 PM Update Error connecting to server u2a.eset.com.
| >
| > 9/19/2004 23:54:49 PM Update Error connecting to server u4.eset.com.
| >
| > 9/19/2004 23:54:49 PM Update Error connecting to server u3.eset.com.
| >
| > 9/19/2004 23:48:04 PM Update Update attempt failed (Failure to open socket.) DRMEFNOTEBOOK\Administrator
| >
| > 9/19/2004 23:48:03 PM Update Error connecting to server www.nod32.com (http://www.nod32.com/).
| >
| > 9/19/2004 23:48:01 PM Update Error connecting to server u3.eset.com.
| >
| > 9/19/2004 23:48:00 PM Update Error connecting to server u2a.eset.com.
| >
| > 9/19/2004 23:47:59 PM Update Error connecting to server u4.eset.com.
| >
| > 9/19/2004 20:48:50 PM Update Error connecting to server u4.eset.com.
| >
| > 9/19/2004 20:48:32 PM Update Error connecting to server u2a.eset.com.
| >
| > 9/19/2004 20:48:14 PM Update Error connecting to server u3.eset.com.
| >
| > 9/19/2004 20:29:19 PM Update Function: gethostbyname, parameters: , return value: 11001
| >
| > 9/19/2004 20:29:19 PM Update Update attempt failed (Server connection failure.)
| >
| > 9/19/2004 20:29:17 PM Update Error connecting to server www.nod32.com (http://www.nod32.com/).
| >
| > 9/19/2004 20:28:58 PM Update Error connecting to server u3.eset.com.
| >
| > 9/19/2004 20:28:38 PM Update Error connecting to server u2a.eset.com.
| >
| > 9/19/2004 20:28:21 PM Update Error connecting to server u4.eset.com.
| >
| > 9/19/2004 19:28:08 PM Update Function: gethostbyname, parameters: , return value: 11001
| >
| > 9/19/2004 19:28:08 PM Update Update attempt failed (Server connection failure.)
| >
| > 9/19/2004 19:28:06 PM Update Error connecting to server www.nod32.com (http://www.nod32.com/).
| >
| > 9/19/2004 19:28:05 PM Update Error connecting to server u3.eset.com.
| >
| > 9/19/2004 19:28:03 PM Update Error connecting to server u4.eset.com.
| >
| > 9/19/2004 19:28:03 PM Update Error connecting to server u2a.eset.com.
| >
| > 9/19/2004 13:35:21 PM Update Function: gethostbyname, parameters: , return value: 11001
| >
| > 9/19/2004 13:35:20 PM Update Update attempt failed (Server connection failure.)
| >
| > 9/19/2004 13:35:18 PM Update Error connecting to server www.nod32.com (http://www.nod32.com/).
| >
| > 9/19/2004 13:35:17 PM Update Error connecting to server u4.eset.com.
| >
| > 9/19/2004 13:35:15 PM Update Error connecting to server u3.eset.com.
| >
| > 9/19/2004 13:35:15 PM Update Error connecting to server u2a.eset.com.
| >
| > 9/19/2004 12:35:18 PM Update Function: gethostbyname, parameters: , return value: 11001
| >
| > 9/19/2004 12:35:18 PM Update Update attempt failed (Server connection failure.)
| >
| > 9/19/2004 12:35:16 PM Update Error connecting to server www.nod32.com (http://www.nod32.com/).
| >
| > 9/19/2004 12:35:15 PM Update Error connecting to server u2a.eset.com.
| >
| > 9/19/2004 12:35:13 PM Update Error connecting to server u4.eset.com.
| >
| > 9/19/2004 12:35:13 PM Update Error connecting to server u3.eset.com.
| >
| > 9/19/2004 2:08:41 AM Kernel The virus signature database has been updated successfully to version 1.872 (20040917).
| >
| > 9/19/2004 2:04:29 AM Update Function: gethostbyname, parameters: , return value: 11001
| >
| > 9/19/2004 2:04:29 AM Update Update attempt failed (Server connection failure.)
| >
| > 9/18/2004 18:14:16 PM Update Function: gethostbyname, parameters: , return value: 11001
| >
| > 9/18/2004 18:14:16 PM Update Update attempt failed (Server connection failure.)
______________________________________________

| > (2) Website says new version of NOD32 available, but have not been notified. Below is from Control Panel NOD32 information:
| >
| >___________________________________________
| > NOD32 Antivirus System information
| >
| > Virus signature database version: 1.880 (20040928)
| >
| > Dated: Tuesday, September 28, 2004
| >
| > Virus signature database build: 4869
| >
|
> Information on other scanner support parts
| >
| > Advanced heuristics module version: 1.010 (20040902)
| >
| > Advanced heuristics module build: 1061
| >
| > Internet filter version: 1.002 (20040708)
| >
| > Internet filter build: 1013
| >
| > Archive support module version: 1.021 (20040917)
| >
| > Archive support module build version: 1101
| >
|
> Information on installed components
| >
| > NOD32 For Windows NT/2000/XP/2003 - Base
| >
| > Version: 2.12.2
| >
| > NOD32 For Windows NT/2000/XP/2003 - Internet support
| >
| > Version: 2.12.2
| >
| > NOD32 for Windows NT/2000/XP/2003 - Standard component
| >
| > Version: 2.12.2
| >
| >
| >
| > Operating system information
| >
| > Platform: Windows XP
| >
| > Version: 5.1.2600 Service Pack 1
| >
| > Version of common control components: 5.82.2800
| >
| > RAM: 1024 MB
| >
| > Processor: Mobile Intel(R) Pentium(R) 4 - M CPU 2.20GHz (2198 MHz)
| ______________________________________________

| > Is their a new version update and how do I get it... and why wasn't I notified (box is checked) if it's on your forum's website?
| >
| >
____________________________________________________________________________
| >
| > (3) Getting false positives whenever running complete TrojanHunter scan: c:\documn~1\Admini~1\locals~1\temp\XXXXXX(varies each time).exe
-NOD32 says new file created and can't fix or quarantine. No other antiviruses causing this problem as per TrojanHunter forum. Some on TrojanHunter forum claim is caused by AMON or IMON unable to unpack files fast enough. Any solution to this problem?
| >
| > (4) Does NOD32 virus scan outgoing pop mail (Outlook Express)?
| > ___________________________________________________________
| >
| > Would be nice if program advised that user had latest version of program and virus updates.

Many thanks,

XXXXXXX

I don't think they should even call it "Quarantine". I feel that this is very misleading since nothing is actually quarantined. I also feel this thing about making a copy to be sent to Eset is interesting. I, the customer, having purchased NOD32, am supposed to send viruses to Eset? Isn't it Eset job defend our computers from viruses? I suppose other companies do the same thing, I just think it's kind of strange.

I think Eset had some issues with needing more servers to handle the demand, at least here in the US. I don't know if that's the reason for the problem you are having, but it is frustrating I am sure.

{QUOTE-> Sorry for this long post <-QUOTE}
That’s quite ok ;)


{QUOTE-> …quarantine does not truly quarantine a possible virus, but rather makes a copy of it to be sent to support (doesn't say how that is done)… <-QUOTE}
This is correct.

The post does says:
{QUOTE-> NOTE: Make SURE Quarantine is ticked with EVERYTHING that is detected BEFORE you DELETE anything that is ever found. If you are not sure whether it is safe to delete an infected file, quarantine allows restoration of a file at a later time/date.


If the scan finds a “Probable NewHeur_PE virus found”, please do the following:

1. Place a tick in the Quarantine check-box
2. Select Delete
3. Send the quarantined file to Eset: samples@nod32.com

This file can be found here: C> Program files> Eset> Infected


NOTE: Quarantine ONLY copies the Virus or Trojan found so it can be sent to Eset for further analysis, it does NOT isolate the Virus or Trojan. <-QUOTE}


{QUOTE-> …which in 2 cases turned out to be false positives when scanning with TrojanHunter… <-QUOTE}
Quarantine allows restoration of a file at a later time/date; C> Program files> Eset> Infected


{QUOTE-> …DMON and IMON setup-actions, the right hand window for "Uncleanable infiltrations" is "greyed-out" so that no changes can be made including the ability to quarantine. <-QUOTE}
You must click on the “Clean” Radio Button, in order to use the right hand window, otherwise you will be given choices according to what you have chosen in the left hand side…


{QUOTE-> …Please note there is NO message that anything is up to date!!... <-QUOTE}
You should see a notice that says "Your version of NOD32 is up to date. No update necessary." as per the attached screenshot.


{QUOTE-> (1) Internet connection working fine, but don't know if getting current updates for NOD32. Have tried to manually update from Control Center using "update now", but see errors in log below. Last virus definition is now 1.880 (9/28/2004). …Would be nice if NOD32 gave message that file definitions were current. Please note that updates are sometimes coming through. Please see log below…. <-QUOTE}
You have the latest Virus Signature Database, your Nod32 is up to date.

There are server update issues discussed here (http://www.wilderssecurity.com/showthread.php?t=47236), they are being addressed currently, more servers are being brought online...


{QUOTE-> (2) Website says new version of NOD32 available, but have not been notified… <-QUOTE}
See post number 19 here (http://www.wilderssecurity.com/showthread.php?t=37509&page=1&pp=25)

You can have Nod32 automatically update both the main Engine and Virus Signatures, instead of offer…


{QUOTE-> (3) Getting false positives whenever running complete TrojanHunter scan: c:\documn~1\Admini~1\locals~1\temp\XXXXXX(varies each time).exe <-QUOTE}
Please delete your TEMP files by doing the following: open up Internet Explorer> Tools> Internet Options> General TAB> Temporary Internet Files> Delete Files> Delete All Offline Content. Then do the following:

Step 1. Restart your system again in “SAFE MODE” by pressing/tapping F8 while booting up.


Step 2. Start a scan with Nod32 while in SAFE MODE by doing the following: Start> All Programs> Eset> Nod32.


CHECK THE FOLLOWING BEFORE YOU START YOUR SCAN:

“Actions” TAB
Make sure Quarantine is ticked, both for “If a virus is found” and “Uncleanable viruses”.

“Setup” TAB
Objects to diagnose – place a tick in all boxes.
Diagnostic methods – place a tick in all boxes.
Heuristic sensitivity – place a tick in “Deep”.
Extensions – place a tick in “Scan all files”.

“Scanning targets” TAB
Double click on ALL of your Hard Drives so there is a RED tick shown
Click “Clean”


Make SURE Quarantine is ticked with EVERYTHING that is detected BEFORE you DELETE anything that is found. If you are not sure whether it is safe to delete an infected file, quarantine allows restoration of a file at a later time/date.


If the scan finds a “Probable NewHeur_PE virus found”, please do the following:

1. Place a tick in the Quarantine check-box
2. Select Delete
3. Send the quarantined file to Eset: samples@nod32.com this file can be found here: C> Program files> Eset> Infected


{QUOTE-> (4) Does NOD32 virus scan outgoing pop mail (Outlook Express)? <-QUOTE}
No it doesn’t, the short reason why is that AMON would stop anything outgoing…

Hope this helps…

Let us know how you go…

Cheers ;D

Originally Posted by Blackspear
NOTE: Make SURE Quarantine is ticked with EVERYTHING that is detected BEFORE you DELETE anything that is ever found. If you are not sure whether it is safe to delete an infected file, quarantine allows restoration of a file at a later time/date.


If the scan finds a “Probable NewHeur_PE virus found”, please do the following:

1. Place a tick in the Quarantine check-box
2. Select Delete
3. Send the quarantined file to Eset: samples@nod32.com

This file can be found here: C> Program files> Eset> Infected


NOTE: Quarantine ONLY copies the Virus or Trojan found so it can be sent to Eset for further analysis, it does NOT isolate the Virus or Trojan.


I wish I could, but if you note in my original post, the right side box under "actions" for "Uncleanable viruses" is greyed-out and I cannot check anything... although "prompt for action" is checked in the "greyed-out" area. When the virus window pops-up it often says uncleanable and I check quarantine, but I get a message that there was an error quarantining the file and checking the quarantine log shows nothing. I now check quarantine and close the window and then retry quarantine and the scan just continues, but nothing is quarantined.
_______________________________________________

"You must click on the “Clean” Radio Button, in order to use the right hand window, otherwise you will be given choices according to what you have chosen in the left hand side…"

Understood, but I can't change the choices in the right hand window as it is "greyed-out" and does not respond so that I can check "quarantine".

_______________________________________________

"
Originally Posted by drmef
…Please note there is NO message that anything is up to date!!...


You should see a notice that says "Your version of NOD32 is up to date. No update necessary." as per the attached screenshot."
________________
That's what I would have thought, but the only message I get when I click "Update now" (and it is not in a separate box) is "Abort" (and "cancel update" on the next line) in place of "Update now". I have rebooted, and defragged and run trojan and virus scans multiple times, but still get the same result. When installing, I turned off all programs including antitrojan, antispyware, ZoneAlarm Pro 5.1, etc..
________________________________________________
"CHECK THE FOLLOWING BEFORE YOU START YOUR SCAN:

“Actions” TAB
Make sure Quarantine is ticked, both for “If a virus is found” and “Uncleanable viruses”."

As mentioned above, I am unable to check quarantine under "Uncleanable viruses"... and If I check quarantine on the Pop-up window when a proported virus is found... it says there is an error and cannot quarantine.

I sincerely appreciate you trying to help, but as you can see, it is truly frustrating and I am very concerned that my computer is going to get a corruption error or miss a virus or update or whatever. Something is definitely wrong somewhere!!! Thanks again. I hope you or someone can think of the answer.
________________________________________________
"Quote:
Originally Posted by drmef
(3) Getting false positives whenever running complete TrojanHunter scan: c:\documn~1\Admini~1\locals~1\temp\XXXXXX(varies each time).exe


Please delete your TEMP files by doing the following: open up Internet Explorer> Tools> Internet Options> General TAB> Temporary Internet Files> Delete Files> Delete All Offline Content. Then do the following:

Step 1. Restart your system again in “SAFE MODE” by pressing/tapping F8 while booting up.


Step 2. Start a scan with Nod32 while in SAFE MODE by doing the following: Start> All Programs> Eset> Nod32.


CHECK THE FOLLOWING BEFORE YOU START YOUR SCAN:

“Actions” TAB
Make sure Quarantine is ticked, both for “If a virus is found” and “Uncleanable viruses”.

“Setup” TAB
Objects to diagnose – place a tick in all boxes.
Diagnostic methods – place a tick in all boxes.
Heuristic sensitivity – place a tick in “Deep”.
Extensions – place a tick in “Scan all files”.

“Scanning targets” TAB
Double click on ALL of your Hard Drives so there is a RED tick shown
Click “Clean”


Make SURE Quarantine is ticked with EVERYTHING that is detected BEFORE you DELETE anything that is found. If you are not sure whether it is safe to delete an infected file, quarantine allows restoration of a file at a later time/date.


If the scan finds a “Probable NewHeur_PE virus found”, please do the following:

1. Place a tick in the Quarantine check-box
2. Select Delete
3. Send the quarantined file to Eset: samples@nod32.com this file can be found here: C> Program files> Eset> Infected"
______________________________

Please note that the problem does not occur with an NOD scan, but with NOD popping-up a window saying it has found a virus WHEN DOING A COMPLETE TROJANHUNTER SCAN. Doing a complete NOD scan before and after doing the TrojanHunter scan shows no viruses, etc.. (All files scanned except paging file).
____________________________________________

Many thanks for stepping-up to try and help. I have rebooted the computer many times, run a scandisk, defragged, run antitrojan and antispyware, etc. and still have the same problems with NOD. When I installed NOD, I disabled all programs including ZoneAlarm Pro V.5.1, antitrojans, antispyware, etc.. Any assistance from anyone would be greatly appreciated. TIA.

{QUOTE-> …I wish I could, but if you note in my original post, the right side box under "actions" for "Uncleanable viruses" is greyed-out and I cannot check anything... although "prompt for action" is checked in the "greyed-out" area. When the virus window pops-up it often says uncleanable and I check quarantine, but I get a message that there was an error quarantining the file and checking the quarantine log shows nothing. I now check quarantine and close the window and then retry quarantine and the scan just continues, but nothing is quarantined.
_______________________________________________

"You must click on the “Clean” Radio Button, in order to use the right hand window, otherwise you will be given choices according to what you have chosen in the left hand side…"

Understood, but I can't change the choices in the right hand window as it is "greyed-out" and does not respond so that I can check "quarantine". <-QUOTE}
Any choices made within the red box, will grey out the right hand side…

If you choose "Clean", then the right hand side comes available...

{QUOTE-> the only message I get when I click "Update now" (and it is not in a separate box) is "Abort" (and "cancel update" on the next line) in place of “Update now” <-QUOTE}
Do you have your updates set to Choose Automatically?”

{QUOTE-> Please note that the problem does not occur with an NOD scan, but with NOD popping-up a window saying it has found a virus WHEN DOING A COMPLETE TROJANHUNTER SCAN. Doing a complete NOD scan before and after doing the TrojanHunter scan shows no viruses, etc.. (All files scanned except paging file) <-QUOTE}
Have you tried emptying your TEMP folder as described in my previous post.

Did you run a scan in SAFE MODE?

The infection you have shown is in a TEMP file, thus when you empty your TEMP files it should not remain, as well, a scan in SAFE MODE should remove anything found…


{QUOTE-> …Any assistance from anyone would be greatly appreciated. TIA. <-QUOTE}
Still on it, we’ll get you there…

Cheers ;D

{QUOTE-> 9/28/2004 20:49:01 PM Kernel The virus signature database has been updated successfully to version 1.880 (20040928).

9/27/2004 23:31:00 PM Kernel The virus signature database has been updated successfully to version 1.879 (20040927).

9/27/2004 9:40:18 AM Kernel The virus signature database has been updated successfully to version 1.878 (20040927).

9/24/2004 20:34:51 PM Kernel The virus signature database has been updated successfully to version 1.877 (20040925).

9/23/2004 23:32:06 PM Kernel The virus signature database has been updated successfully to version 1.876 (20040924).

9/22/2004 20:47:26 PM Kernel The virus signature database has been updated successfully to version 1.875 (20040922).

9/21/2004 10:07:40 AM Kernel The virus signature database has been updated successfully to version 1.874 (20040921).

9/20/2004 9:32:03 AM Kernel The virus signature database has been updated successfully to version 1.873 (20040920). <-QUOTE}
I don’t need to go any further in regards to your system updating, it is doing so “Successfully”... ;) ;D

The Update errors you are seeing in your logs I have addressed in my first post to you: There are server update issues discussed here (http://www.wilderssecurity.com/showthread.php?t=47236), they are being addressed currently, more servers are being brought online...

Cheers ;D

{QUOTE-> If you choose "Clean", then the right hand side comes available... <-QUOTE}That's one problem down! Thanks! When you do a complete scan of all files, do you click "scan" or "clean"? I added "clean" in the left window and "Prompt for an action" in the right window and "quarantine" in both, but won't this delete possible false positives when doing a scan?

{QUOTE-> Do you have your updates set to Choose Automatically?” <-QUOTE}Yes. I checked again and it's set exactly like yours... <Choose automatically>. I did click on "Servers" and it is empty. Is that correct? TIA.

{QUOTE-> I don't think they should even call it "Quarantine". I feel that this is very misleading since nothing is actually quarantined… <-QUOTE}
I agree, it is misleading. Quarantine has been discussed extensively here (http://www.wilderssecurity.com/showthread.php?t=38214) and here (http://www.wilderssecurity.com/showthread.php?t=18052)


{QUOTE-> …I also feel this thing about making a copy to be sent to Eset is interesting. I, the customer, having purchased NOD32, am supposed to send viruses to Eset? Isn't it Eset job defend our computers from viruses? I suppose other companies do the same thing, I just think it's kind of strange... <-QUOTE}
I have to disagree, by doing so, people that come across a new virus that Nod32 would detect as; “Probable NewHeur_PE virus found” then by sending the Quarantined file to Eset they are able to write a virus signature for it. We help them, they help us… ;)

Hope this helps…

Cheers ;D

{QUOTE-> Have you tried emptying your TEMP folder as described in my previous post.

Did you run a scan in SAFE MODE?

The infection you have shown is in a TEMP file, thus when you empty your TEMP files it should not remain, as well, a scan in SAFE MODE should remove anything found…



Still on it, we’ll get you there…

Cheers ;D <-QUOTE}I always clear my online and offline cache and cookies before running any scan (using IE6+), but don't run the scan in TrojanHunter or NOD (not sure which scan you are referring to?) in safe mode because safe mode scrambles all the icons on my desktop when I reboot (wish there was a way to lock those in position so they go back to where they were when rebooting). Thanks for your time and effort.

{QUOTE-> That's one problem down! Thanks! When you do a complete scan of all files, do you click "scan" or "clean"? I added "clean" in the left window and "Prompt for an action" in the right window and "quarantine" in both, but won't this delete possible false positives when doing a scan? <-QUOTE}
I'll post the quote again, just to make things clear... ;)

{QUOTE-> Make SURE Quarantine is ticked with EVERYTHING that is detected BEFORE you DELETE anything that is found.


If you are not sure whether it is safe to delete an infected file, quarantine allows restoration of a file at a later time/date.


…quarantined file… can be found here: C> Program files> Eset> Infected <-QUOTE}
Hope this help...

Cheers ;D

{QUOTE-> I always clear my online and offline cache and cookies before running any scan (using IE6+), but don't run the scan in TrojanHunter or NOD (not sure which scan you are referring to?) in safe mode because safe mode scrambles all the icons on my desktop when I reboot (wish there was a way to lock those in position so they go back to where they were when rebooting). Thanks for your time and effort. <-QUOTE}
Can you please run a scan in SAFE MODE, just this once, to be sure your system is clean... ;)

Safe mode uses basic video resolution settings, thus your icons are "scrambled...

Cheers ;D

{QUOTE-> ...When you do a complete scan of all files, do you click "scan" or "clean"?... <-QUOTE}
There is a very simple step by step tutorial on setting up Nod32 here (http://www.wilderssecurity.com/showthread.php?t=37509)

Hope this helps...

Cheers ;D

{QUOTE-> I don’t need to go any further in regards to your system updating, it is doing so “Successfully”... ;) ;D

The Update errors you are seeing in your logs I have addressed in my first post to you: There are server update issues discussed here (http://www.wilderssecurity.com/showthread.php?t=47236), they are being addressed currently, more servers are being brought online...

Cheers ;D <-QUOTE}Is that the reason for me failing to get the pop-up window stating that I am current with all updates? I have never seen that window... just the "abort" message where the "Update now" is or no message at all. Also, should I clear the event log? Also, FYI, the virus log shows the virus popup during the TrojanHunter scan is coming from AMON and indicates "error quarantining". Many thanks once again for your assistance. Hopefully this will work out.

Are you using a Proxy Server?

Is your connection set to what it should be? For settings see post 33 to 34 here (http://www.wilderssecurity.com/showthread.php?t=37509&page=2&pp=25)

Cheers ;D

{QUOTE-> Are you using a Proxy Server?

Is your connection set to what it should be? For settings see post 33 to 34 here (http://www.wilderssecurity.com/showthread.php?t=37509&page=2&pp=25)

Cheers ;D <-QUOTE}No... not using proxy server to the best of my knowledge. Followed posts 33 and 34 as you suggested and clicked detect and got message no proxy server. Thanks for trying.

Has your system come up clean after running a scan in SAFE MODE?

{QUOTE-> ...I did click on "Servers" and it is empty. Is that correct?... <-QUOTE}
That is correct, that dropdown box is for adding in servers if you are so directed by Eset support. If you click on the "Choose Automatically" dropdown, you will see a list of servers there....

Hope this helps...

Cheers ;D

{QUOTE-> Is that the reason for me failing to get the pop-up window stating that I am current with all updates? I have never seen that window... just the "abort" message where the "Update now" is or no message at all. <-QUOTE}
Hello drmef,

How long are you waiting when you hit the 'Update now' button? That will always show 'Abort' for either a split second or maybe for a minute or two. This can be due to your machine's speed, the speed of your internet connection or general heavy traffic on the old internet highway. I think Blackspear asked what type of connection you have: did you say? Is it Dial-up or DSL? Dial-up is generally a lot slower than DSL so it's quite conceivable that you might be hanging around for a minute or two while your machine receives Virus Signature updates and therefore you would see that 'Abort' button. In the window above it, you should hopefully see some activity as your machine is calling out to the Eset Servers..... "Cooo-eeeee......over here! Updates for me please..."

Bandicoot. ;D

Thanks for your assistance Mr Coot, as always it is a pleasure ;D


{QUOTE-> …Is their a new version update and how do I get it... and why wasn't I notified (box is checked) if it's on your forum's website?... <-QUOTE}
Drmef your own logs show that you have the latest version of Nod32, that being 2.12.2

Cheers ;D


PS. Hmmmm was wondering isn’t a Bandicoot a nocturnal rodent, something like an overgrown furry little rat, or was it just an over stretched Hamster, sure I read it somewhere reliable, like the internet… ;) ;D ;D

{QUOTE-> PS. Hmmmm was wondering isn’t a Bandicoot a nocturnal rodent, something like an overgrown furry little rat, or was it just an over stretched Hamster, sure I read it somewhere reliable, like the internet… ;) ;D ;D <-QUOTE}
I can easily go away and play with my real furry, rodent chums you know....... :-\

{QUOTE-> I can easily go away and play with my real furry, rodent chums you know....... :-\ <-QUOTE}
ROFLMAO, no, no, nooooooo I wouldn't have anything to play target practice with ;)

;D 8) ;D 8) ;D

{QUOTE-> Hello drmef,

How long are you waiting when you hit the 'Update now' button? That will always show 'Abort' for either a split second or maybe for a minute or two. This can be due to your machine's speed, the speed of your internet connection or general heavy traffic on the old internet highway. I think Blackspear asked what type of connection you have: did you say? Is it Dial-up or DSL? Dial-up is generally a lot slower than DSL so it's quite conceivable that you might be hanging around for a minute or two while your machine receives Virus Signature updates and therefore you would see that 'Abort' button. In the window above it, you should hopefully see some activity as your machine is calling out to the Eset Servers..... "Cooo-eeeee......over here! Updates for me please..."

Bandicoot. ;D <-QUOTE}Thanks for trying to help. I am using a DSL connection with about 2500k download speed. The abort message comes on for a split second and then the window above just shows idle. When it has downloaded in the past, you could see the download occurring... fast. I HAVE NEVER RECEIVED THAT POP-UP WINDOW SAYING VERSION AND DATABASE DEFINITIONS ARE CURRENT!!! Perhaps I should reinstall NOD32 (can it be done directly over the existing version or do you have to do an uninstall first... and if so, how?). Something is definitely wrong with the program and it's getting to the point of no return. Apparently their support is just as bad!! Do I sound upset??? I am, but I do sincerely appreciate the efforts being made by users on the forum to help. Beginning to wonder if changing antivirus programs was a big mistake... and, yes, I did uninstall and delete all files, directories and registry entries for Norton Antivirus 2004 Pro using jv16 Powertools before installing NOD32.

Ohh Lord.............. I've been using NOD32 for over two years and today i found out that it doesn't quarantine it just stores them... :-[

I always thought was strange about quarantine, since no one esle complained I thought it was me. :D

BTW do you have it set to Silent Mode under system tools?

{QUOTE-> Ohh Lord.............. I've been using NOD32 for over two years and today i found out that it doesn't quarantine it just stores them... :-[

I always thought was strange about quarantine, since no one esle complained I thought it was me. :D

BTW do you have it set to Silent Mode under system tools? <-QUOTE}Yes, I find the fact that it doesn't truly quarantine frustrating. It means that if there is a questionable "virus" that has to be sent to support, it's sitting on your computer for days possibly causing damage rather than being quarantined.

And, yes, it was set to silent mode. Thank you!! The message now popped up. BTW, I just got a new update (1.881).

Hello,

the problem of the desktop lay-out changing can be solved by installing the freeware utility "Icon_restore.exe". After installing there are 2 extra options selectable by right-clicking the 'my computer'-icon: "save desktop lay-out" and "restore desktop lay-out" . It works great.

Kind regards,

PeterVO

{QUOTE-> …Something is definitely wrong with the program and it's getting to the point of no return… <-QUOTE}
Your program is functioning normally, it is also updating normally, other than the popup that has now been addressed, I don’t see any other issue. Other than you have not advised us if your system comes up clean after a scan in SAFE MODE.


{QUOTE-> …Apparently their support is just as bad!!... <-QUOTE}
You have been helped in the “Eset official forum” (here), within 23 minutes of you writing, and this was me taking that time to write a response to you, surely this cannot be seen as bad?


{QUOTE-> Yes, I find the fact that it doesn't truly quarantine frustrating. It means that if there is a questionable "virus" that has to be sent to support, it's sitting on your computer for days possibly causing damage rather than being quarantined… <-QUOTE}
As I have said further up, it is safe to Quarantine a file and delete, even if found to be a false positive, as Quarantining allows restoration of the file at a later date, if the need arrises…


{QUOTE-> And, yes, it was set to silent mode. Thank you!! The message now popped up. BTW, I just got a new update (1.881). <-QUOTE}
You received all previous updates as well, as per the logs you posted here.

Good to see you have had a result in relation to your settings being changed to “silent mode”, now back to default, everything is normal…

Cheers ;D

{QUOTE-> Ohh Lord.............. I've been using NOD32 for over two years and today i found out that it doesn't quarantine it just stores them... :-[

I always thought was strange about quarantine, since no one else complained I thought it was me. :D <-QUOTE}
I know what you mean Brian, I was stunned when I first found out, as you can see from the links I provided further up this thread. I haven’t a problem with it’s function, I do have a problem with the word Quarantine being used. This needs to be changed to something more appropriate that describes Esets function, such as “Make Secure Copy to enable further analysis”.


{QUOTE-> …do you have it set to Silent Mode under system tools? <-QUOTE}
Thank you for your suggestion that did the trick…

Cheers ;D

Getting false positives whenever running complete TrojanHunter scan:

I haven't thought of a good reason to have Amon running during a TrojanHunter scan, so I temporarily disable it when running such other scans.

Take care... Quinn

You are welcome, Blackspear. I'm just glad it worked. :)

**(SORRY FOR ALL THE CAPS BELOW... I'M NOT YELLING, JUST DON'T KNOW HOW TO MAKE MULTIPLE QUOTES IN A REPLY)**
______________________________________________
{QUOTE-> Your program is functioning normally, it is also updating normally, other than the popup that has now been addressed, I don’t see any other issue. Other than you have not advised us if your system comes up clean after a scan in SAFE MODE.
_______________________________________________
**Finally got around to running a scan in "safe mode" and came out clean with the exception that a few files were locked (a few system32 files and some AdAware skin files that were passworded... although I never passworded them). Also ran TrojanHunter 4 in "Safe Mode" and it came out clean with NO VIRUS ALERT from NOD. I can only presume that AMON is the culprit and it is not running when in "Safe Mode".

Please note the following answer I finally got from ESET tech support (AND MY THOUGHTS IN ALL CAPS):

"Hello,
You have the latest versoin of virus signatures (1.880). If you want to see the message that you have the latest update, you need to disable the "Silent mode". In NOD32 Control Center, go to NOD32 System Tools > NOD32
System Setup > Setup, and uncheck "Enable silent mode".

*THIS WAS ALREADY DETERMINED ON THE FORUM FOR WHICH I THANK ALL.

2. You already have the latest version of NOD32 (2.12.2). You can see that under "Information on installed components" in the NOD32 Control Center.

*NOW HOW WOULD I OR ANYONE ELSE KNOW THAT 2.12.2 WAS THE LATEST VERSION??

3. You can ignore the false positive caused by TrojanHunter. NOD32 sees it as a possibly harmful script because it scans files, but it is harmless.

*DON'T ALL FILE SCANNERS USE SCRIPTS? HOW IS THE END-USER TO KNOW THAT IT IS A FALSE POSITIVE?? STRANGE THAT NOBODY ON THE TROJANHUNTER FORUM HAS THAT PROBLEM USING OTHER ANTIVIRUS PROGRAMS!

4. Outgoing email in Outlook Express uses SMTP protocol. NOD32 does not scan email sent over SMTP. However, if you use POP3 to receive email in Outlook Express, all incoming email is scanned by the IMON module.

*NOT MUCH HELP IF I (OR ANYONE ELSE) IS SENDING AN E-MAIL USING THE MOST COMMON AND STANDARD SMTP PROTOCOL AND NOD32 HAPPENS TO MISS A VIRUS (I DON'T THINK ANY AV PROGRAM IS FLAWLESS, BUT AT LEAST IT SHOULD SCAN OUTGOING MAIL TO PREVENT THE SPREAD OF VIRUSES AND WORMS AND TROJANS). DON'T YOU AGREE? ACTUALLY, AFTER DOING A LITTLE HOMEWORK, NOD32 IS THE ONLY AV I COULD FIND THAT DOESN'T SCAN OUTGOING SMPT E-MAIL. THAT, IMO, IS A MAJOR FLAW IN THE PROGRAM.

Your Eset Team

xxxxxxxxxxxxxxxxxxx wrote:
>Thank you for the prompt response to one of the three questions below. I am Using an SBC DSL Pro connection... 1.5 to 3 download... (not dial-up) and my Firewall (ZoneAlarm Pro v. 5.1) is set to allow both nod32krn.exe and nod32kui.exe (only ones showing under "Program Control" in Zone Alarm) to Access (Trusted and Internet) and Server (Trusted and Internet). I have no problems updating any other programs.
>
>Also, I am NOT getting the message you show when doing Update now.... and NEVER have. The box shows after every "Update now" shows: (Please note
>there is NO message that anything is up to date!!)
>___________________________________________________________
>Status
>___________________________________________
>Status: idle
>Server: <choose
>automatically>
>Virus signature database update: automatic
>Program component update: offer
>Last update: 9/28/2004 20:49:00 PM
>___________________________________________
>Version of virus signature update: 1.880 (20040928)
>___________________________________________________________
>
>Please advise how to correct the above and respond to questions #'s 2 & 3
>below.
>
>Thank you.
>_____________________________________________

"You have been helped in the “Eset official forum” (here), within 23 minutes of you writing, and this was me taking that time to write a response to you, surely this cannot be seen as bad?"


*BLACKSPEAR... PLEASE DON'T TAKE PERSONAL UMBRAGE AT MY COMMENTS REGARDING ESET'S TECH SUPPORT. I SINCERELY APPRECIATE ALL YOUR HELP AND THE RAPIDITY OF YOUR RESPONSES AND THOSE OTHERS WHO HAVE PITCHED-IN. MY COMMENT WAS THAT ESET SHOULD HAVE 7/24 TELEPHONE SUPPORT FOR SOMETHING AS IMPORTANT AS AN ANTIVIRUS SECURITY PROGRAM. IF THEY INTEND TO SUCCEED IN BUSINESS, THEY WILL HAVE TO FIND SOME WAY TO RAPIDLY RESPOND TO THEIR CUSTOMERS' QUESTIONS/PROBLEMS WITH CONCISE AND VALID ANSWERS IF THEY EXPECT TO STAY IN BUSINESS. THE FORUM IS GREAT AND YOU AND A FEW OTHERS ARE OBVIOUSLY VERY ADEPT AT USING NOD32, BUT AS MUCH HELP AS YOU ARE, I DON'T THINK YOU ARE A MEMBER OF ESET'S TECH SUPPORT TEAM... AND THAT IS WHERE THE ANSWERS TO MANY QUESTIONS SHOULD BE COMING FROM. AT LEAST ON FORUMS SUCH AS "TROJANHUNTER", THE COMPANY'S OWNER IS CONSTANTLY ON THE THREADS RESPONDING TO PROBLEMS AND POSTING RESOLUTIONS FOR THEM.


"As I have said further up, it is safe to Quarantine a file and delete, even if found to be a false positive, as Quarantining allows restoration of the file at a later date, if the need arrises…"

*I SEEM TO BE GETTING MIXED MESSAGES ON THIS. SOME SAY IT JUST MAKES A COPY OF THE FILE FOR SUBMISSION TO ESET... STILL NOT SURE HOW TO DO THAT REGARDLESS OF THE FACT THAT I HAVE THE E-MAIL ADDRESS FOR SUBMISSIONS... BUT THE FILE STILL IS NOT ACTUALLY QUARANTINED AND MAY STILL HAVE THE ABILITY TO ACTIVATE.

"You received all previous updates as well, as per the logs you posted here."

*YOU KNOW THAT, BUT HOW IS THE END-USER SUPPOSED TO KNOW THAT HE IS CURRENT? YES, I KNOW THERE IS A MESSAGE SAYING AN UPDATE HAS OCCURRED, BUT THERE IS NO MESSAGE SAYING AN UPDATE IS AVAILABLE AND THE PROGRAM FAILED TO UPDATE DUE EITHER TO A PROGRAM PROBLEM OR SERVER PROBLEM.

"Good to see you have had a result in relation to your settings being changed to “silent mode”, now back to default, everything is normal…"

*NOW IT'S TIME TO RECHECK ALL MY SETTINGS AS PER YOUR POSTS AT THE TOP OF THE FORUM. BTW, WHAT IS THE RISK OF CLICKING "CLEAN" RATHER THAN "SCAN"? I AM CONCERNED I WILL DELETE FILES THAT ARE FALSE POSITIVES.

ALSO NOTED THIS MORNING WHEN I TURNED ON MY COMPUTER THAT THE UPDATE OCCURRED AUTOMATICALLY TO 1.884. THE PREVIOUS WAS 1.882... SO WHAT HAPPENED TO 1.883?? ARE THE UPDATES CUMULATIVE... OR AM I MISSING THE 1.883 UPDATE AND DEFINITIONS?

MANY THANKS AGAIN FOR ALL YOUR KINDNESS AND ASSISTANCE. I WOULD SINCERELY APPRECIATE YOUR COMMENTS (AND ANYONE ELSE'S REGARDING MY COMMENTS.

CHEERS TO YOU AND GOOD HEALTH AND BEST WISHES... AND SORRY AGAIN FOR THE "ALL CAPS".

Cheers ;D <-QUOTE}

{QUOTE-> **sorry for all the caps below... I'm not yelling, just don't know how to make multiple quotes in a reply)** <-QUOTE}
No problem at all. I have just dropped my reply into MS Word and removed the Caps for easier reading…


{QUOTE-> please note the following answer I finally got from Eset tech support…:

Eset – “hello, you have the latest version of virus signatures (1.880). If you want to see the message that you have the latest update, you need to disable the “silent mode”. In nod32 control center, go to nod32 system tools > nod32 system setup > setup, and uncheck "enable silent mode”.

*this was already determined on the forum for which I thank all. <-QUOTE}
Our pleasure, and this is also why they have a forum, it can take some of the pressure off a Support Section ;)


{QUOTE-> Blackspear – You already have the latest version of nod32 (2.12.2). You can see that under "information on installed components" in the nod32 control center.

*now how would I or anyone else know that 2.12.2 was the latest version?? <-QUOTE}
This has also been added to the “Future changes for Nod32” sticky thread at the top of the forum, as in to have “Program Component Updates” set to download by default…

In regards to the latest virus signature, by manually pressing “Update Now”. I advise ALL of my clients to do the following:

“…at least once a day you check and know for sure that Nod32 is actually up-to-date, just to be sure, it is a man-made program and one day it will fail, you DO NOT want to find out there was a problem with updating 3 months ago. This is just an additional security step to make it that little bit safer.”


{QUOTE-> Eset – You can ignore the false positive caused by Trojan hunter. Nod32 sees it as a possibly harmful script because it scans files, but it is harmless.

*don't all file scanners use scripts? How is the end-user to know that it is a false positive?? Strange that nobody on the Trojan hunter forum has that problem using other antivirus programs! <-QUOTE}
Occasionally there will be a “False Positive”, and these can be sent to Eset to be checked out, once discovered Eset usually respond pretty quickly…


{QUOTE-> Eset – Outgoing email in outlook express uses SMTP protocol. Nod32 does not scan email sent over SMTP. However, if you use pop3 to receive email in outlook express, all incoming email is scanned by the imon module.

*not much help if I (or anyone else) is sending an e-mail using the most common and standard SMTP protocol and nod32 happens to miss a virus (I don't think any AV program is flawless, but at least it should scan outgoing mail to prevent the spread of viruses and worms and Trojans). Don't you agree? Actually, after doing a little homework, Nod32 is the only AV I could find that doesn't scan outgoing smut e-mail. That, IMO, is a major flaw in the program. <-QUOTE}
AMON will not allow an infected file to be attached to an outgoing email…


{QUOTE-> *Blackspear... Please don't take personal umbrage at my comments regarding Eset’s tech support. I sincerely appreciate all your help and the rapidity of your responses and those others who have pitched-in. My comment was that Eset should have 7/24 telephone support for something as important as an antivirus security program. If they intend to succeed in business, they will have to find some way to rapidly respond to their customers' questions/problems with concise and valid answers if they expect to stay in business…. <-QUOTE}
As has been discussed elsewhere, this issue (24/7 day tech support) is currently being addressed, it does take time to train up staff…


{QUOTE-> …The forum is great and you and a few others are obviously very adept at using Nod32, but as much help as you are, I don't think you are a member of Eset's tech support team... <-QUOTE}
No, I am not an Eset employee; I am a Reseller of Nod32 in Australia.


{QUOTE-> And that is where the answers to many questions should be coming from. At least on forums such as "Trojan hunter", the company's owner is constantly on the threads responding to problems and posting resolutions for them. <-QUOTE}
“Actual ESET Staff” are on the forum every day, and some of them are here on their own time, after hours and on weekends… They are a dedicated lot, as are many of the members that frequent this forum and other forums throughout this site…


{QUOTE-> Blackspear – “as I have said further up, it is safe to quarantine a file and delete, even if found to be a false positive, as quarantining allows restoration of the file at a later date, if the need arises…”

*I seem to be getting mixed messages on this. Some say it just makes a copy of the file for submission to Eset... Still not sure how to do that regardless of the fact that I have the e-mail address for submissions... But the file still is not actually quarantined and may still have the ability to activate. <-QUOTE}
No mixed messages, as I have stated, “…quarantining allows restoration of the file at a later date, if the need arises…”


{QUOTE-> Blackspear – “you received all previous updates as well, as per the logs you posted here.”

*you know that, but how is the end-user supposed to know that he is current? Yes, I know there is a message saying an update has occurred, but there is no message saying an update is available and the program failed to update due either to a program problem or server problem. <-QUOTE}
Addressed above, press update now. Your problem was due to altering settings that had Nod32 remain silent…

I have suggested a default fully maximized button for Nod32, so that in the situation you have found yourself in, we could simply have said, press this button…


{QUOTE-> Blackspear – “good to see you have had a result in relation to your settings being changed to “silent mode”, now back to default, everything is normal…”

*now it's time to recheck all my settings as per your posts at the top of the forum. Btw, what is the risk of clicking "clean" rather than "scan"? I am concerned I will delete files that are false positives. <-QUOTE}
No problem in deleting a suspect file, so long as you have Quarantine checked, before doing so…

I always run a scan using “Clean”.


{QUOTE-> *also noted this morning when I turned on my computer that the update occurred automatically to 1.884. The previous was 1.882... So what happened to 1.883?? Are the updates cumulative... Or am I missing the 1.883 update and definitions? <-QUOTE}
There has been the odd case that a sequential number is missed by Eset, as to why, I do not know. If you have the latest virus signature, you will have all virus patterns available…


{QUOTE-> many thanks again for all your kindness and assistance. I would sincerely appreciate your comments (and anyone else's regarding my comments. <-QUOTE}
My pleasure…


{QUOTE-> cheers to you and good health and best wishes... And sorry again for the "all caps". <-QUOTE}
Thank you, and all the best to you as well…

Cheers ;D