|
|
#1
May 4th, 2003, 07:34 AM
|
||||
|
||||
Nod32cc.exe Pack file
Hello,
When I scan my P.C. with TrojanHunter it gives me a report that I have a possible Trojan in C:\Windows\System32\NOD32cc.exe (Suspicious WWPack32 packed file in Windows system)? Is that a problem with my AV? Thank you for your help
__________________
One for all/All for one |
|
#2
May 4th, 2003, 08:13 AM
|
|||
|
|||
|
Re:Nod32cc.exe Pack file
Not so much a problem as a feature, I guess. My memory might be failing me, but I seem to recall NOD installing its control center (NOD32cc.exe) in that location. It's a packed executable, and a default Windows installation doesn't leave any packed executables in the System folder. Many malware programs do hide themselves in the System folder to look 'valid', and since trojans in particular are often packed with an exe packer, it's a good idea to warn about packed files in the System folder - which TrojanHunter does. The NOD file is of course legit and not a trojan, though I don't see why NOD needs to leave packed files in the System folder.
|
|
#3
May 4th, 2003, 09:06 AM
|
||||
|
||||
|
Re:Nod32cc.exe Pack file
Thank you Tuulilapsi for the information. So we will wait to see if some one from Eset can give us the information why NOD would live a packed file in the System Folder
__________________
One for all/All for one |
|
#4
May 4th, 2003, 09:29 AM
|
|||
|
|||
|
Re:Nod32cc.exe Pack file
Imho, nod32cc.exe should be more likely in C:\Program Files\ESET\....
If you take a closer look on amon.exe, nod32.exe or nod32cc.exe, all are packed by wwpack32... just send the file to eset support to get answer if the file is okay. If they reply you it is okay, the the problem is with Trojan Hunter Myne nod32cc.exe is 235008 byset long... |
|
#6
May 4th, 2003, 10:28 AM
|
|||
|
|||
|
Re:Nod32cc.exe Pack file
Thank you, Sig.
 This is not a problem with TrojanHunter - TrojanHunter is doing what it is supposed to do by reporting any packed executables in the System folder. TH isn't saying the file is a trojan, TH is saying the file is suspicious because it is a packed exe file in a folder that does not normally contain packed exe files unless third-party programs have added such files there (a legitimate application like NOD could do it and apparently does, and most trojans do it). I personally think it's a bad idea for legit programs to leave packed files in the System folder unless it is absolutely necessary. (And when exactly is it ever necessary?) |
|
#7
May 5th, 2003, 08:36 AM
|
|||
|
|||
|
Re:Nod32cc.exe Pack file
Hi Antarctica,
>When I scan my P.C. with TrojanHunter it gives me a report that I have a possible Trojan in C:\Windows\System32\NOD32cc.exe (Suspicious WWPack32 packed file in Windows system)? Is that a problem with my AV? Yes, we used this packer for the current version of NOD32, but not in the v2 anymore. Anyway, it is not dangerous. You will get rid of that in the v2. Cheers, jan |
|
#8
May 5th, 2003, 11:13 AM
|
||||
|
||||
|
Re:Nod32cc.exe Pack file
Thanks jan
__________________
One for all/All for one |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
