I like nod32 very much since I install the new version. But I still concern the unpack ability of Nod32 as many virus pack by UPX etc Can I as a potential user know what exactly the unpack ability of Nod32.
Can you give me a list of packer which nod32 support?
Thank you.

Quoted from Eset's website:
Virus detection in compressed or protected executable files, such as UPX, AsPack, FSG, Petite, Neolite, ExeStealth, yoda's Crypter, PECompact, Pklite, Lzexe, Diet, Exepack, CPAV .
Support of many archive formats, e.g. ZIP, RAR, ARJ, LZH, LHA, CAB, CHM, TAR, GZIP + SFX archives.

How about PeX or JDpack etc ???

I forgot to mention that Advanced heuristics supports a generic (universal) unpacker.

You mean that all packer is ok for AH?
That is very good.
I guess Nod use some technology run the file like in VPC and see the virus's behaviours So it doesn't matter what packer it used. ;)

If one virus has already in Nod's database. But someone pack it by other packer which nod32 can not unpack. What happen then? Can it be caught by AH? not sure ???

{QUOTE-> If one virus has already in Nod's database. But someone pack it by other packer which nod32 can not unpack. What happen then? Can it be caught by AH? not sure ??? <-QUOTE}
Sometimes yes, sometimes no, it depends on circumstances

Amon can detect it while u try to unpack it (if the virus signature is in the database)

Stephanos raises a good point - a packed virus must either be unpacked to deploy it's payload, or some other portion of the virus must be able to read the packed code - either way, at the point it's unpacked, either signatures, or AH should detect it using AMON - the filesytem monitor, which scans all accessed files.

hth

Greg

One interesting thing is if the file already exist, Amon will not scan it using AH even I execute it. :-\ So, That is what I worried about.

have a look at this threat http://www.wilderssecurity.com/showthread.php?t=83266

AMON should detect it via AH upon creation / rename.