nod 32 trial: problems ; please help...

Discussion in 'other anti-virus software' started by TC, Mar 2, 2002.

Thread Status:
Not open for further replies.
  1. TC

    TC Registered Member

    Joined:
    Mar 2, 2002
    Posts:
    8
    Location:
    Europe
    Hi there

    sorry, but newbie'questions

    since i installed the trial v. of nod 32 ( and disabled nav 2002) i experience lots of freezes and reboots with a blue screen  ( message : problem with vsdatant.sys)

    config: win XP pro 512 ram, ZAlarm pro 2.6.362

    i saw on a post that there was maybe prob between nod32 & ZA pro but nothing on their sites...?

    BTW i lost the url to get help to configure nod32 email protection, any kind soul here to remind it to me ( i use eudora 5)?

    TIA
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi TC,
    Welcome aboard.
    Is the site not www.eset.com and from there to help instructions?
    Are you sure the install was ok, no error messages?
    In many cases it's best to disable ZA temporary and reboot before installing an anti-virus, after you can enable all again.
    NAV might be part of the blue screen game as well, not really liking other protective software. In fact it should be possible to have both installed, as long as none is resident then.
     
  3. Tiger_Barb

    Tiger_Barb Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    61
    Hi TC,

    As per your
    I currently have both running, been running for about 4 months and I've never had a problem with either one......Sorry can't help with the XP/NV2002...I'm sure someone here will have the answer for you.

    T Barb
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi TC,

    In adittion to the usefull former posts:

    a) indeed there have been compability problems regarding NOD32 and ZA pro; these occured only with the recently released various ZAP Beta versions, and have been solved in the meanwhile.

    b) vsdatant.sys does belong to ZA, and ZA only. NAV isn't the problem here.

    c) I would recommend Jooske's suggestion: uninstall NOD32, disable all non necessary running apps, and install NOD 32 once again.

    d) needed: update NOD32 after install immediately. Not only the database will be updated, but the latest release will be updated as well.

    As for Eudora/POP3 scanner: need to dig for this one.

    Keep us posted!

    regards.

    paul
     
  5. TC

    TC Registered Member

    Joined:
    Mar 2, 2002
    Posts:
    8
    Location:
    Europe
    thanks guys, i will follow your install advice...and i found the info about eudora on the site you mentioned...

    hum may I abuse of your kindness?

    I checked my system (win XP)
    with Norton AV 2002 (virus def are uptodate)= ok
    with the trial of nod32 = same

    finally, reading posts here i installed AntiVir®/XP (2000 + NT) Personal Edition v6.12.07.57 ( which is said, if i understood well to be = vixeira from centralcommand): *sigh* here is what i got:

    E:\WINDOWS\SYSTEM32
     Analizar.dll
         Contains signature of  VBS/NewLove.A
         File was destroyed by virus!
         Not deleted after prompt!
     Anasent.dll
         Contains signature of  W32/Kenston-1895.X
         File was destroyed by virus!

    what the hell does it mean? is the last one (antivir)better or is it false alarms? how can i know?

    anyway the files are quarantined, but i don't even have an idea of what they're supposed to do ( google search= nada)

    any idea about the value of these different soft and/ their accuracy?

    TIA
     
  6. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    VBS/NewLove.A is a vbs script worm. Such malware does not infect other files and therefor it can not be in a *.dll -> false positive

    W32/Kenston-1895.X is a virus which infects other files. As only one file is shown as infected this is also a false positive. A real virus infection on a system has normaly more than just one infected file.

    wizard
     
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi again,
    are you sure about the spelling, as i tried many search engines, but nada de nada on those names (not even in the spanish engines:))
    Don't panic yet, can be files belonging to the just installed AntiVir, so if you installed this after the former scans it sounds rather reasonable they did not see them.
    And they can be false alarms (which i think from your description and of Wizards words in the mean time).
    Did you look at date/time they were created/modified on your system?
    Have you ever been infected with or received them somehow and deleted them?
    Did you try to scan them with a right-mouse click from windows\explorer with your virus scanners?
    Do you run also TDS to do a deep scanning?

    You could close all scanners and try an online scan, either http://housecall.antivirus.com either the avx http://www.bitdefender.com (panda seems to be very good as well, the link was posted somewhere in this forum; maybe somebody knows it?)

    If you want to look deeper inside dlls there is info on the MS site as far as it's their stuff, and if it's running  FaberToys gives good deeper technical explanations of it www.faberbox.com (free tool)

    Please keep us informed about your progress...........


    Edited:
    In the meantime see Wizards posting, makes sense; looked for some analysis of the VBS/LoveA where other file names are mentioned with .vbs extension.
    http://www.f-secure.com/v-descs/love.shtml
     
  8. TC

    TC Registered Member

    Joined:
    Mar 2, 2002
    Posts:
    8
    Location:
    Europe
    hi

    thank you for all your suggestions....more info:

    i completed the drive scan (first, only the windows directory was scanned)

    - on the main drive: AntiVir®/XP (2000 + NT) Personal Edition v6.12.07.57 of 26.02.2002 found  around 10 files infected ( most of them by the previous virus i told you) when NAV found nothing;  
    amongst these infected files, there was an installer which was downloaded from a spanish site; it was a panda titanium trial installer ( i wanted to test it, btw i think that panda is spain based), but i remember it crashed the computer...i did not try again but left the installer on the drive ...until today (wiped)

    - and just now i checked an external drive (firewire 80 gigas): AntiVir isolated 2 infected files in 2 .zip files
    1 Contains signature of W32/Leave.Worm
    1 Contains signature of VGEN/877.0

    I rechecked specifically these files witn NAV: no infection found

    o_Oo_O

    Jooske:answering your questions:
    - i did not check the modif dates of the infected files in the windows directory i told you about;
    - yes i did a right click
    - yes i will try to setup an online check but i'm afraid it will be sluggish for large drives...
    - could you tell me what you mean with "Do you run also TDS " ?
    last :
    < talkin privately to Jooske  ;) >
    I'm not spanish but you're right the files names sounded spanish
     
  9. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi TC,

    Without interfering here, just a remark: Antivir is well known for its many, many false positives. Wizard pointed this out quite clear in your case. We have had countless help request concerning this matter - even users deleting clean and needed Windows files.

    In short: in order to avoid any further confusion, ditch Antivir.

    regards.

    paul
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Seems we're getting further now.
    Mind each av/at developer has their own database and even several own names for infections, which can cause different alarms or none at all, and some files are excluded, like for instance other security products, while heuristic or generic scans can cause more suspicious alerts or even false alarms, causing you to look deeper at those given files.
    Now you found more files with either the suspicious code either (badly?) cleaned rests of a former cleaning, either completely legal parts of that installer.
    Many kinds of software either don't like other products of the same kind on a system at all, either accept it more or less if installed on if possible on different partitions/drives, as long as none is ever resident but all on demand scanning. My own system became much more stable after removing some and after that i even had to do a repair windows install as those programs can make rather defenitive changes in Windows.

    Now thinking, those alerts probably can be parts on the lose of the defenitions database of that Panda trial, now you say so, and can't harm on their own and can be considered false alarms and removed or quarantined.
    Does this make sense?
    Although, if you say some 10 files were infected by the same infection, you might really have been infected and never cleaned complete until now....
    You can check the Panda site (also found their free online scan there now) www.pandasoftware.com
    where i saw that panda.titanium name.
    Just checked the whois, it's Spanish yes, so that was hasta nunca for them for you :)
    <not Spanish either but i speak it>  

    The others in zip files seem your downloads, would treath them with caution, but as long they're zipped they should not be active.

    The online scan is not a permanent activity, so it will slow down your pc during scanning, but you have maybe more insights about nasties and cleaning or maybe cleaning instructions. This moment i'm running the Panda online scan myself and i don't notice too much slowing down.

    In this forum you read more about various security products, also look at the descriptions on the www.wilders.org sites.

    TDS is Trojan Defence Suite, the trojan specialists tool from DiamondCS (http://tds.diamondcs.com.au) with which you have bunches of extra tools to dig deeper in your system and protect it tremendously. You might have seen the special part in this forum.  
     
  11. TC

    TC Registered Member

    Joined:
    Mar 2, 2002
    Posts:
    8
    Location:
    Europe
    Hey Jooske

    Oh, OK.....TDS: I'm just waiting for my licence key....:D
    I subscribed/paid 2 days ago (yes it's true!) online, after reading the antitrojans page of this amazing site (thanks to the creator of this site!) but ...damned they ask for 2 open days to send the key ....but, hum, I guess it's illegal to use a keymaker  ;)
    not a prob to support/pay for a reliable and useful soft, but if you're in touch with these TDS guys, tell 'em to hurry to send me my key...
     
  12. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    TC - Welcome to the forum. I've been following this thread since it started, just not responding because I don't use your OS, email program and have never tried AntiVir.

    But just from what I've read, a couple of things are jumping out at me here:

    You like to try a lot of programs out. That's fine, but when said programs don't work out for you, you really need to get into the habit of completely removing all traces of them from your system - it seems to me that that's where the majority of your problems are stemming from.

    Go thru your Add/Remove Programs list and un-install everything that you're not successfully currently using.

    After you use a programs' un-installer, you should immediately go back thru your HD and make sure to delete their original .zip files and folders, then follow that up with a good reg cleaning with either jv16PowerTools, RegClean or RegCleaner ( I use the first two, followed by a scanreg /fix, and then I'll run RegCompact http://talismanic.net/codeworld/regcompact/ ). Then re-start your computer before doing anything else. Follow that with a ScanDisk and DiskDefrag.

    (An even better procedure would be to run a program like InCtrl5 whenever you install anything, so that you can,  if needed, track down and eliminate every single mention of whatever program you're removing from your registry).

    "but, hum, I guess it's illegal to use a keymaker".

    You are so very right. We do not condone, in any way, shape, fashion, or form, the use of keygens to steal software . It's stealing, plain and simple. Since it's  "not a prob to support/pay for a reliable and useful soft" for you, I'm surprised you even mentioned the subject. We have a TDS forum here - if you're experiencing problems getting your registration back, that would be one of the places to bring that up and get it dealt with (email being the other, of course).

    You're in really capable hands here with the approaches to the solutions of your problems, so I'm outta here. Pete
     
  13. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi TC,
    Don't worry, no need to convince me for that! You're doing yourself a very great pleasure as the key gives you even more functionallity and the mentioned private forum for even more education and not to forget the scripts!

    Your other option i have not even read ;) or i should just comment: mind we have to do with security guys, who are not the greatest in their area for growing tall because of so much space between the kangaroos but for putting their braincells in the move in the products, for us to use.

    Think it's a wise decission to introduce office hours for the support part, as at DCS they are really hard working guys, even moderating with several others the DCS part of this forum.
    The good part is, they start their Monday 8 hours more early then we :)
    Hope your TDS version is still functional till you received the key from them.
    Looking forward to welcoming you there too!
     
  14. TC

    TC Registered Member

    Joined:
    Mar 2, 2002
    Posts:
    8
    Location:
    Europe
    Hi (again)

    thank you very much
    i really appreciate (and will follow your advice)

    <to spy1> in fact I'm a macuser   :oops: ....plonk!...are you always here?  ;)   don't shoot!

    @ home i have a small network 3 mac, and 1 PC  why 1 PC ?...hum because of my son for the main part: he's a hardcore gamer, from unreal to CS...and I don't know the other games....

    we're behind a Zyxel router w. ADSL and I discovered a few weeks ago the threats of virus infections on PC....i'm not beginning a thread mac vs wintel, but i did not remember any prob with virus on the mac (all running NAV)
    as PC newbie,  I 'm lookin for the best soft protection combination.... my kids exchange files with friends and spend so much time to play games and /or demos (guess the number of install-desinstallations...) that i appreciate your advice because i never heard the name of the softwares you use...

    actually, all I have is ZA pro , nav - bundled with the PC-, and i'm waiting for my TDS key bought 2 days ago  :)
    btw i always pay the soft i use, no misfire please ;)

    idea: can you suggest me your "perfect security/maintenance toolbox", with the pros and the projected budget; in fact it could be a question for all the experts / moderators

    I will really appreciate your answers thank you very much
     
  15. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    SpyBlocker (free) - http://personal.atl.bellsouth.net/mia/k/r/kryp/

    StartPageGuard (free) - http://pjwalczak.com/spguard/index.php

    ScripTrap - (free)  http://keir.net/

    HTAstop & SockLock - ( both free) http://www.nsclean.com/freebies.html

    NoScript (Norton Script Enabler/Disabler) - (free) http://www.sarc.com/avcenter/venc/data/win.script.hosting.html

    IE-SPYAD - (free) http://www.staff.uiuc.edu/~ehowes/main.htm

    AdAware - (free)  http://www.lavasoftusa.com/

    The Rx Trojan Assistance Pack - (free) http://home.earthlink.net/~rmbox/Reticulated/Toys.html

    InternetSweeper -  (free) http://www.geocities.com/Internet_Sweeper/isfw.zip
     
Loading...
Thread Status:
Not open for further replies.