I ahve my NOD set to delete virsues when it catches them without asking. Now if it wwere a trojan orsomething and it added something to the registry would it bebetter to have it clean the virus instead of delete it? Should I have it set to clean first, then ask/delete?

If the trojan is in an operating system file and it deletes it something might quit working ;)

bigc

I have it set to Clean, if unable to Clean, then Delete and Quarantine. Quarantine enables a file to be restored if on the off-chance that it turns out to be a false positive.

Hope this helps...

Cheers ;D

I meant, does it still leave part of the virus in the registry if you have it set to just delete the file, or does it delete the registry entries also? And does the clean setting clean the registry also?

It depends on whether it is a heuristic detection or a definition detection. A detection by heuristics will generally only delete the offending file. A definition is generally needed for succesfull removal of all registry entries made by a trojan or virus. System restore or a backup could also do the job based on a heuristic detection. Just restore back to a time before the infected file was downloaded or executed. That would require that you knew it was not a false positive, which is the downside of setting NOD to auto delete uncleanable virii. Any heuristic detection is considered uncleanable as NOD doesn't know what changes the file would make so it is just deleted. As Blackspear suggested checking quarantine would allow the file to be kept just in case it is needed later, as well as sending in a copy to both verify it isn't an FP and to allow a definition to be made if it is a real baddie.

flyrfan111, very good post!

Yes, it's true that you need exact identification of malware before you can clean it in a proper way. Deleting the file is not the problem but there will be remaining registry entries for autostart-registered malware. And to help improving this you should collect heuristical detected files and submit them to our sample (at ) eset (dot) com email. We can then add these files for signature based detection including registry removal.

Cheers ;D

-{ Quote: "flyrfan111, very good post!

Yes, it's true that you need exact identification of malware before you can clean it in a proper way. Deleting the file is not the problem but there will be remaining registry entries for autostart-registered malware. And to help improving this you should collect heuristical detected files and submit them to our sample (at ) eset (dot) com email. We can then add these files for signature based detection including registry removal.

Cheers ;D" }-

I am not sure that i understand, when i select to delete trojan nod32 will delete trojan and registry entries connected to it? Or this works only when i select Clean? Because I have never seen that NOD32 is able to clean trojan only delete it..

Basicly, there's nothing to clean with Trojans. NOD32 will delete it and also remove it form the Run key in the registry, if possible.

Thanks, good to see that NOD cleans registry, too..

What sometimes happens with viruses that use iFrame launchers is that the virus is deleted but not the iFrame launchers - not necessary, they're useless without a virus to launch, but very few av programs spot them or get rid of them. (Panda does.) However, you can add some protection to this in Internet Explorer/Tools/Options/Security/Internet by disabling 'launch programs with iFrame' - and make sure if you're using Outlook Express that whatever Security level it's using also has 'launch programs with iFrame' disabled.