Hi,

I'm trying NOD32 and I have some questions about the scan :

I have configured NOD32 following this link Extra settings for Nod32 (http://www.wilderssecurity.com/showthread.php?t=37509)
After my scan I have this result :

Scanning Log
NOD32 version 1.1062 (20050414) NT
Checking CRC of the NOD32.EXE file: status OK
Operating memory is OK.
date: 14.4.2005 time: 23:08:20
..........................................
.........................................
C:\Documents and Settings\Peuj\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-275f9aa3-63f31d45.zip »ZIP »Dummy.class - Java/ClassLoader.Dummy.D trojan
C:\Documents and Settings\Peuj\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-43d9c9cd-694bf2a2.zip »ZIP »Dummy.class - Java/Exploit.Bytverify.I trojan
C:\Documents and Settings\Peuj\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6d3f9713-5d627279.zip »ZIP »Dummy.class - Java/ClassLoader.Dummy.D trojan
C:\Documents and Settings\Peuj\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-79baf131-62d06402.zip »ZIP »Dummy.class - Java/ClassLoader.Dummy.D trojan
C:\Documents and Settings\Peuj\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv462.jar-3991947d-66752ce8.zip »ZIP »Dummy.class - Java/Dummy trojan
C:\Documents and Settings\Peuj\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv539.jar-69bbea68-64da4708.zip »ZIP »Dummy.class - Java/Dummy trojan
.........................................
.........................................
number of scanned files: 108815
number of viruses found: 6
number of active viruses: 6
time of completion: 23:18:26 total scanning time: 606 sec (00:10:06)

I don't know if they are true virus/trojans but my "problem" is that I was not asked to clean or delete them. On my first scan I just have box which only allow e to keep the "infected" files and on the second scan nothing.

I have used TrojanHunter but it found nothing.

Did I do something wrong ?

Thanks in advance.

I had a similar problem with another program. A Cox Technition (cable provider for my area) told me that trial version software such as what your trying may tell you that you have such problems on your computer, just trying to make you buy their product, then once you do buy the product and do a scan, nothing will even come up. If your happy with the virus protection you have then good for you, however I'm useing AVG FREE Edition and I haven't had any problems so far.
Theresa

{QUOTE-> A Cox Technition (cable provider for my area) told me that trial version software such as what your trying may tell you that you have such problems on your computer, just trying to make you buy their product, then once you do buy the product and do a scan, nothing will even come up. <-QUOTE}Resa05, please do NOT infer illegal activity by Eset, when ther is not a grain of evidence in any manner or form that they do such a thing. What you are saying is totally untrue. No reputable company would do such a thing, it would be commercial suicide.

There is NO difference in detection between the trial version and the commercial version of Nod32. The sole difference is the way in which the updates are handled, period.

Blackspear.

See this URL:

http://java.com/en/download/help/cache_virus.xml

{QUOTE-> Did I do something wrong ? <-QUOTE}Hi Peuj, welcome to Wilders.

My 1st question to you is, did you run a "Clean" or did you run a "Scan" ?

Clean, scans your system and removes viruses according to your settings.

Scan, simply scans your system and advises you of the results, no actions are performed.

Hope this helps...

Cheers ;D

You may need to go to the Actions tab and set Delete for archives, then click on the Clean button (well, it will actually be called Scan & Clean in the next beta).

Hi,

Thanks for the quick answer.

My fault about "no asking box" I do a scan.

But if I do a clean I have the message box as you can see in the attached image. I can just leave the infected file.....

I don't yet look at the link given by Stan999.

Thanks

{QUOTE-> well, it will actually be called Scan & Clean in the next beta. <-QUOTE}A very nice change Marcos, and a good improvement for those new to Nod32.

Cheers ;D

{QUOTE-> You may need to go to the Actions tab and set Delete for archives, then click on the Clean button (well, it will actually be called Scan & Clean in the next beta). <-QUOTE}

Thanks, I will try that, for the moment the action for the archives is set to "prompted for an action". I should have the possibilty to clean it in the prompt no ?

Edit :
OK I just try with the option "clean if a virus is found" and "prompt if it's an uncleanable virus" for all the type and I still have the same message to keep the file.

and thanks to Stan999 I will clean the cache if I don't find the solution with Nod32.

{QUOTE->

number of viruses found: 6
number of active viruses: 6
<-QUOTE}


What exactly does this "active viruses" mean anyway?

/DaK/

REMAINING

{QUOTE-> OK I just try with the option "clean if a virus is found" and "prompt if it's an uncleanable virus" for all the type and I still have the same message to keep the file. <-QUOTE}Try booting into safe mode and run a "Clean". This should fix it.

Cheers ;D

ok thanks I will try in safe mode and give you the result later.

Hi,

I just try in safe mode and I still can't clean or delete infected files but only leave the infected file.....


any other ideas ??

thanks

{QUOTE->
and thanks to Stan999 I will clean the cache if I don't find the solution with Nod32 <-QUOTE}
Did you clean your cache? Set your cache to zero in control panel.

It sounds like the virus was detected in an archive. Try setting the action for archives to Delete as shown below:

I agree with Marcos. These Java viruses are located inside .jar files, which can be thought of as .zip files containing Java code. ".jar" = "Java archive". NOD32 is not able to *clean* individual pieces from .zip files, but at can delete the entire .zip file, using the setting the Marcos suggests.

Now, as to why "delete the entire .zip file" does not show up as an option when you are prompted for an action... I cannot answer that.

That's because of security reasons to prevent common users from deleting whole archives accidentally. Adjusting the aforementioned settings requires a bit higher level of technical education so we count on with that this change is performed only by advanced users who are aware of potential risk.

{QUOTE-> That's because of security reasons to prevent common users from deleting whole archives accidentally. Adjusting the aforementioned settings requires a bit higher level of technical education so we count on with that this change is performed only by advanced users who are aware of potential risk. <-QUOTE}
Ahhh, that does make sense. So if a normal user is not able to delete the entire archive, at least AMON should prevent the virus itself from running. Gotcha. ;)

{QUOTE-> any other ideas ?? <-QUOTE}In the following screen shot, there is a DROP DOWN menu at arrow number 2, in it you will find archives. Just choose an action for each of the file types found in the Drop Down Menu.

Hope this helps...

Cheers ;D

{QUOTE-> Did you clean your cache? Set your cache to zero in control panel. <-QUOTE}
no because I want to understand why I cannot use NOD32 but I know the solution ;D

{QUOTE-> In the following screen shot, there is a DROP DOWN menu at arrow number 2, in it you will find archives. Just choose an action for each of the file types found in the Drop Down Menu. <-QUOTE}
I have already set all objects type like this. clean + quarantine else delete + quarantine.
.... but I still cannot be able to delete the file.

Maybe I can send a log or configuration file to gie an idea ?

Thanks

{QUOTE-> I have already set all objects type like this. clean + quarantine else delete + quarantine. <-QUOTE}And you have clicked on the arrow that is next to "Files", this then has a drop down menu, as per screenshot, and when you click on each of the displayed file types, you then have to place settings into every single file type, including archives.

I'm at work so you won't get a pretty screenshot this time ;) ;D

Cheers ;D

{QUOTE-> And you have clicked on the arrow that is next to "Files", this then has a drop down menu, as per screenshot, and when you click on each of the displayed file types, you then have to place settings into every single file type, including archives. <-QUOTE}

Yes I have configured all type of objects like you write.

Please send the archive in question to support@eset.com with a link to this thread.

Hi, alot of java infections can be cleaned by emptying the java cache;

Go to start > Control panel > Classic view > Java > General > Delete files > Tick all 3 and delete.

If you have an uncleanable infection always submit a sample to Eset first.

Hi,

I have sent the archives to Eset and clean the cache to solve my problem.

Thanks

I ran a scan in cleaning mode with archives set to delete and this is the result I got:

I prefer to ask me first and after to delete the file cause i worry from the false positives. (or am i wrong?)

{QUOTE-> I prefer to ask me first and after to delete the file cause i worry from the false positives. (or am i wrong?) <-QUOTE}That is fine, the way you are doing things. As an added safety precaution you can/should tick quarantine, this would enable you to restore a file should it be necessary to do so later on.

Hope this helps...

Cheers ;D

Hmmmm ....Cheers ;D

{QUOTE-> Hmmmm ....Cheers ;D <-QUOTE}LOL, no worries ;D

Cheers ;D

In the memory of the U.S.
general Joseph W. "Vinegar Joe" Stilwell (1883-1946)

OK it works it was my fault :-[

I was sure that the second action was set "to delete" but it was set "to ask"....

but why with the rules "ask" I don't have the choice to delete ?

What I would like to do is if an infected file is detected, NOD32 tries to clean it and if it's not possible NOD32 ask me if I want to delete or to keep.
Is that possible ?

Thanks and sorry for the wrong information

Hey peuj,
No problem as far as wron info etc goes. I'm just glad to see you've got it sorted and thanks for posting back so everybody can see how you got on and what resolved the issue :)

wrong post sorry

{QUOTE-> wrong post sorry <-QUOTE}:)
Must've been all that getn' around florida on the ninja 10 !! ;D

{QUOTE-> What I would like to do is if an infected file is detected, NOD32 tries to clean it and if it's not possible NOD32 ask me if I want to delete or to keep.
Is that possible ? <-QUOTE}
That goes back to the question I asked Marcos, #17-19 in this thread. Apparently, NOD32 does not ask if you want to delete the entire archive as a safety feature... it prevents people from deleting the entire archive by mistake. If you do want to delete the entire archive, you can always delete it yourself. This is by design.