Infected file in NOD32 Cache

[verktyg]

KAV32DOS reports that the file FND0.NFI in my NOD32 Cache is
"Infected by virus:not-a-virus:AdWare.Win32.WinAd.bg".

Nothing shows in the NOD32 Control Console Quarantine Window.

Running Win98SE. NOD32, F-Prot DOS, AdAware, SpyBot, a-squared and others find nothing.

Is it safe to delete this file?

Chas.

[Marcos]

It's definitely a false positive from KAV, nqi files only contain information about files stored in NOD32's quarantine.

[verktyg]

Thanks,

That's what I suspected. Is it safe to delete the file or is it part of NOD32's detection process?

Chas.

[Brian N]

Why do you wanna delete the file when it's an F/P as stated above?

[pykko]

verktyg, you should let the file there.
It's inoffensive and it's used by NOD32 to stoer informations about quarantined itmes as Marcos stated.

[Marcos]

It can actually be deleted, especially if there ain't a file with the same name and the nqf extension.

[verktyg]

Thanks for the feedback. I do a lot of technical searches and at least 1 or 2 times a month a bad link takes me to a malware site. NOD32 has been very good at notifying me when some kind of threat tries to attack my system. Most of the time I get a warning screen with options.

On occasion, NOD32 has quarantined the malware before I could respond. I delete the quarantined files when this happens.

Since this file serves no purpose I'll delete it.

Chas.

[Zookeeper]

Both the Kapersky & F-Secure online scanners reported that the file FND0.NFI is infected with Backdoor.Win32.Agobot.gen & should be deleted. I've already deleted all the things that NOD32 put into quarantine. Is it safe to delete this file?

[The Hammer]

Quote:

Originally Posted by Zookeeper

Both the Kapersky & F-Secure online scanners reported that the file FND0.NFI is infected with Backdoor.Win32.Agobot.gen & should be deleted. I've already deleted all the things that NOD32 put into quarantine. Is it safe to delete this file?

Try an online scanner that is not associated with the Kaspersky engine such as Bitdefender perhaps.

[Lollan]

Quote:

Originally Posted by The Hammer

Try an online scanner that is not associated with the Kaspersky engine such as Bitdefender perhaps.

Bitdefender runs the Kaspersky engine

[Zookeeper]

Basically, what I'm trying to find out is if FND0.NFI is an infected file or not. Has anyone else tried to use one of the online scanners? Has FND0.NFI popped up as being infected? Is this a false positive, or is NOD32 not capable of determining whether FND0.NFI is infected or not? Can I delete FND0.NFI?

As I'm typing this, I'm having Mcafee scan my computer.

[danieleb]

Quote:

Originally Posted by Lollan

Bitdefender runs the Kaspersky engine

No, I don't think it does.

[Zookeeper]

Can I delete FND0.NFI?


Help me Please

[BFG]

Hello,

You initially referred to it as a .nfi file. Is that the extension or is it .nqi?

BFG

[Marcos]

It's nfi, nqi files only contain information about a particular quarantined file.

[DVD+R]

Heres your answer And yes please delete it:

C:\Program Files\ESET\cache\FND0.NFI</location> <risk>High</risk> <description>Backdoor.Agent.AIR is a malicious application that runs in the background and allows remote access to your system ...

[Marcos]

It's a file detected by NOD32, stored in a safe, encrypted form and pending for submission for analysis. You can delete it anyway.

[Zookeeper]

Quote:

Originally Posted by DVD+R

Heres your answer And yes please delete it:

C:\Program Files\ESET\cache\FND0.NFI</location> <risk>High</risk> <description>Backdoor.Agent.AIR is a malicious application that runs in the background and allows remote access to your system ...

Quote:

Originally Posted by Marcos

It's a file detected by NOD32, stored in a safe, encrypted form and pending for submission for analysis. You can delete it anyway.

Thanks for a clear answer. I still don't understand why this file was never picked up by NOD32. Shouldn't I have been given a warning?

Once again, thanks to all of you who have responded to my request for help

[Marcos]

If it actually wasn't picked up by NOD32 then NOD32 would not have encrypted it and stored it as an nfi file in its cache NOD32 will never detect its encrypted cached and quarantine files.