It DOES actually catch things, you know

FI, my son was on the computer this past weekend while I was at work and the NOD32 Beta 2 popped him up a warning:
"NAME = " C:\\Documents and Settings\\ XXXXX XXXXXXX\\Local Settings\\Temporary Internet Files\\Content.IE5\\G1AZ4PIR\\pup[1].htm"%ITYPE=FILE @ INFECT=susp@TYPE=Trojan@NAME=JS/NoClose.C@CLN=BAA %UINFO="Event occured on a newly created file."%INFECTED=%ACTION=AQ"
(Thought that was pretty cool - didn't even know it would catch JS/NoClose).

Then, the next day, I was playing with something I saw on DSLReports Security forum. Had it d/l'ed to my DeskTop in zipped form but hadn't done anything with it yet (besides send it to someone else) and NOD popped up a warning (apparently from AMON as it was chugging along checking things. NOTE: Did not receive any warning when I initially d/l'ed the file itself - that's by design, I guess?)

"NAME="C:\\Program Files\\TDS-3\\xDynamic\\TDS.Unpk\
hota.exe"%ITYPE=FILE @INFECT=inf@TYPE=Trojan@NAME=Win32/Spy.Small.B@CLN=BAA %UINFO="Event occured during attempt to access the file."%INFECTED= "

So I Erased the file off of the DeskTop without un-zipping it.

Anyway, just thought I'd let you know it's working here for me. Pete

P.S. - That all shows up in the main interface windows' "Virus Log" like this:

Time   Module   Object   Name   Virus   Action   Info
2/16/2003 13:08:55 PM   AMON   file   C:\Program Files\TDS-3\xDynamic\TDS.Unpk
hota.exe   Win32/Spy.Small.B trojan      
2/15/2003 20:06:53 PM   AMON   file   C:\Documents and Settings\Steven Yevchak II\Local Settings\Temporary Internet Files\Content.IE5\G1AZ4PIR\pup[1].htm   probably modified trojan JS/NoClose.C   quarantined