Amon is showing in the window that 5 files are infected but when I did a scan nothing was found. What do I do?

Dave

Get a second opinion? Scan the files online with KAV.
http://www.kaspersky.com/remoteviruschk.html

Or McAfee http://www.mcafee.com/myapps/mfs/default.asp

Or Housecall http://housecall.trendmicro.com/

What files? We need more info.



Technodrome

Well, if your AMON is set up to delete/desinfect infected files on the fly, you could be safe. You should perform a full NOD32 scan (all files, deep heur etc....)

-{ Quote: " quoting: worldcitizen link=board=35;threadid=9978;start=0#msg64934 date=1054909606]
Amon is showing in the window that 5 files are infected but when I did a scan nothing was found. What do I do?

Dave
" }-

Dave,

Please post a screen shot as well.

regards.

paul

HouseCall gave me a clean bill of health.

In the Amon Window it still says I have 5 infected files but I don't know which 5 it is referring to - it doesn't say.

I did a scan and it found eicar (I ran a few tests today) which I deleted and it also found a 'probable' virus in an old program I had but this was the 1st scan where I had deep, runtime packers, archives and all files ticked and as that file was in a compressed folder and was a probable it makes NOD the only program to ever detect it.

Next what is the difference between the 'scan' and 'clean' buttons?.

Also why does NOD scan only about 14,000 files but Housecall scanned over 24,000?

Amon says 5 files are infected and none have been repaired but what 5 files is it referring to? I found only 2 1 was a test file and the other a compressed file found because I upgraded my settings to include archived packed files so that's understandable.

Are these 5 files still on my computer or is Amon just saying that 5 files WERE infected. It gives no more information about these 5 files.

When I did the scan I got dozens of error messages saying it could not open many files but Housecall didn't give any errors. Why?

I went to 2 test sites today - Eicar and an email testing site. Amon popped up but I don't know what it did to those files. I was testing The Bat Email client and downloaded many files. There was a 5 part test file which came in five different emails but Amon didn't pop up for them and I deleted the files since.

I'm positive I have no worm or trojan because I have Wormguard and TDS 3 on at all times.

So is Amon giving me accurate information and what do I do next?

Sorry for all the questions and many thanks for any help.

Dave

You'll have to enlarge this jpg to see the info.

Dave

Ok stop Amon, then restart it, make sure defaults settings, EG like this picture, now you should get another pop up box telling you the name and location of the virus.

zOK

Here is the other pop up box.

Made no difference. Did exactly what you said but no lead to those files. Strange eh?

Can you verify you have the latest defs? We've had about three in the last 24 hours, the latest of which is this one:

NOD32 Antivirus System information
Virus signature database version:***1.431 (20030606)
Dated:***Friday, June 06, 2003
Virus signature database build:***3715

Information on other scanner support parts
Extended heuristic module version:***1.002 (20030606)
Extended heuristic module build:***1030
Archive support module version:***1.001 (20030430)
Archive support module build version:***1031

Information on installed components
NOD32 For Windows NT/2000/XP - base
Version:***2.000.1
NOD32 For Windows NT/2000/XP - Internet support
Version:***2.000.1
NOD32 for Windows NT/2000/XP - standard component
Version:***2.000.1

Operating system information
Platform:***Windows XP
Version:***5.1.2600 Service Pack 1
Version of common control components:***5.82.2800
RAM:***768 MB
Processor:***AMD Athlon(tm) Processor (1325 MHz)

I'm running a quick scan with that one now - I'll let you know if that one comes out clear or not. Pete

All clear on a quick scan. Don't have time today to get you the results of a full scan, sorry. Pete

Dave,

just start up NOD32 (green-crossed), make sure to instruct it to clean, and perform a full system scan - presuming you do have the latest database.

Please post the results after doing so.

regards.

paul

-{ Quote: "In the Amon Window it still says I have 5 infected files but I don't know which 5 it is referring to - it doesn't say." }-

That is "statistical" information.. It has encountered five infected objects. Most likely each of those infections should've displayed the alert window that zOK showed. You might also have changed the default settings so that "Display warning panel" is not selected, which means no warnings would've been displayed.

-{ Quote: "Next what is the difference between the 'scan' and 'clean' buttons?" }-

Clicking the 'scan' button results in a scan, but no action is taken on infected files. If you click 'clean' it will take whatever action is specified under the 'Actions' tab. If you used 'scan' you can also right-click on an infected object in the log, and manually choose 'clean' for that specified object.

-{ Quote: "Also why does NOD scan only about 14,000 files but Housecall scanned over 24,000?" }-

That depends on the settings of the scanners. Also, some scanners only count files that are really scanned, some scanners count all files, etc.

-{ Quote: "Amon says 5 files are infected and none have been repaired but what 5 files is it referring to?" }-

The name/location of the infected object is shown in the alert window.

-{ Quote: "Are these 5 files still on my computer or is Amon just saying that 5 files WERE infected." }-

It's merely "statistics". If you scan all local drives using the on-demand scanner, and it comes up as clean, you don't have to worry.

-{ Quote: "When I did the scan I got dozens of error messages saying it could not open many files but Housecall didn't give any errors. Why?" }-

Once again, that depends on the settings, and on the scanner. Some scanners don't display such warnings. There are often many files that can't be opened and it should be nothing to worry about. Example of benign files that can't be opened are c:\pagefile.sys, c:\hiberfil.sys, c:\windows\system32\config\*, etc

-{ Quote: "I went to 2 test sites today - Eicar and an email testing site. Amon popped up but I don't know what it did to those files." }-

When Amon shows the alert, it is waiting for user interaction regarding what should be done to the infected object. What Amon did depends on what you selected in the Alert box. By clicking the Close button, or closing the window, no action is taken, but access to the file is denied. If you clicked "Clean", the file would've been disinfected. If you clicked "Delete", the file was deleted. If you clicked "Rename", the file was renamed.

-{ Quote: "So is Amon giving me accurate information and what do I do next?" }-

The information should be accurate. Five times you tried to access an infected object. That could've been one file you accessed several times, or five different files.

First of all, make sure you have the latest updates. After that, start the NOD32 scanner via the start-menu. Make sure "Local" is selected in the Targets tab, and click Scan. If nothing is detected when the scanning is done, then there should be nothing to worry about.

If you are uncertain whether you "messed up" the settings, go to the Setup tab and click the button "Default", then start the scan.

Regards,
Anders

HI everyone,

Well I got up this morning and had a look at Amon and there is no more refernce to those 5 files.

The only think I've done since last night is turn off my machine and go to bed.

A reboot may have been all that was needed to reset the details. Anyone have any other ideas.

Whatever, it looks ok now.

Dave