Explanation needed Amon Alert

Discussion in 'NOD32 version 2 Forum' started by CesiaS, Feb 6, 2007.

Thread Status:
Not open for further replies.
  1. CesiaS

    CesiaS Registered Member

    Aug 6, 2006
    I'm new to NOD32, started using it 2 weeks ago.

    While I was scanning my PC with Housecalls this alert popped up ( log)

    Time Module Object Name Threat Action User Information
    7/02/2007 8:51:39 AM AMON file C:\DOCUME~1\ELISAB~1\LOCALS~1\Temp\VDN4FHa01056 Win32/PowerReg application quarantined - deleted DHVC391S\Elisabeth Event occurred on a new file created by the application: C:\Program Files\Internet Explorer\iexplore.exe. The file was moved to quarantine. You may close this window.

    I was using IE7, Amon is configured as follows - Options all selected, Actions - Prohibit access and show alert windows, move to quarantine.

    Qustion1. Could NOD32 be flagging Housecalls activities ?( ie this is a false positive)

    Question2. With AMON setting as described above is my PC totally protected from the suspect/infected file?? Is "prohibit access" enough or do I need to delete it or attempt to clean it at some stage as well? If so - how?

    I find this confusing
    http://www.wilderssecurity.com/showthread.php?p=266653#post266653 post #35 "...Quarantine ONLY makes a secure copy of the Virus or Trojan found so it can be sent to Eset for further analysis, it does NOT isolate the Virus or Trojan".
    I know there is an option "clean automatically", but I'm not conmfortable using it in case false positive gets deleted. o_O As I said I'm still learning.

    BTW Housecalls returned all clear

    Thank you
    Last edited by a moderator: Feb 6, 2007
  2. lucas1985

    lucas1985 Retired Moderator

    Nov 9, 2006
    France, May 1968
    The key word is "copy" ;)
    Quarantine makes a copy of the suspicious file. But it leave the original file in its place, which may continue to do harm.
  3. Blackspear

    Blackspear Global Moderator

    Dec 2, 2002
    Gold Coast, Queensland, Australia
    No, the key word was "deleted".

    as well as for safety reasons a copy was encrypted and held in Quarantine for the next 30 days, however unlike customs, this quarantine is deleted at the 30 day mark.

    Cheers :D
Thread Status:
Not open for further replies.