I have a macro virus sample, if i set macro safety to medium then,open the virus sample,let macro code go,then close the file,that means i just let macro go and do nothing more,then NOD32 can clear the macro code and save the oringnal doc. that is why?
but if user had been infected by the virus, then they choose NOD32 trying to clear it and save the doc itself healthy,that needs NOD32 to clean it,instead of del it~ As we all seen, the sample defined by xaler.f, does it mean ESET lab had been analysed it,and give it a name and its corresponding handling way? just like the final judgment? any submition to their email is labour in vain ?