Potential virus

Discussion in 'NOD32 version 2 Forum' started by bydand, Mar 2, 2004.

Thread Status:
Not open for further replies.
  1. bydand

    bydand Registered Member

    Help, please....this is my first time at this.
    I received an email, that has got past Nod32 and also Mail Defense that I use. The subject is "do not show this to anyone!" and has a file attachment called "mail.zip"

    Is this a virus that anyone knows? I have searched the net for information but cannot find anything about it
    Many thanks in advance.
     
    bydand, Mar 2, 2004
    #1
  2. Paul Wilders

    Paul Wilders Administrator

    byband,

    Looks like you failed to update NOD32 - this one is covered. Please update NOD32 as soon as possible - and keep doing so ;).

    You'll find a description as well as a free stand alone cleaning tool over here - it's a Netsky variant.

    regards.

    paul
     
    Paul Wilders, Mar 2, 2004
    #2
  3. bydand

    bydand Registered Member

    Thanks for the information......my version is 1.644 and says it
    does not need updating......
    Have I done the setup wrong or something ?
     
    bydand, Mar 2, 2004
    #3
  4. Paul Wilders

    Paul Wilders Administrator

    My pleasure ;) - you do have the latest update indeed.

    That's hard to tell - could you provide info on that (screen shots if you want to)?

    regards.

    paul
     
    Paul Wilders, Mar 2, 2004
    #4
  5. bydand

    bydand Registered Member

    Not sure which section to send
    How about this one
     

    Attached Files:

    bydand, Mar 2, 2004
    #5
  6. Paul Wilders

    Paul Wilders Administrator

    Looking good. Please forward the email to me - my addy is in my profile.

    regards.

    paul
     
    Paul Wilders, Mar 2, 2004
    #6
  7. bydand

    bydand Registered Member

    Done
     
    bydand, Mar 2, 2004
    #7
  8. dos

    dos Registered Member

    A few variants of Netsky have a bug in them which causes them to sometimes e-mail 0 byte .zip files, this may be why NOD32 isn't picking it up as a virus, because it possibly is nothing more than an empty file. :)
     
    dos, Mar 2, 2004
    #8
  9. bydand

    bydand Registered Member

    the zip file is 25.5kb in size......the email 36kb
     
    bydand, Mar 2, 2004
    #9
  10. dos

    dos Registered Member

    Hmm in this case it may be packed with something new.
     
    dos, Mar 2, 2004
    #10
  11. Paul Wilders

    Paul Wilders Administrator

    ..and received - as well as detected by IMON at the spot:

    regards.

    paul
     

    Attached Files:

    Paul Wilders, Mar 2, 2004
    #11
  12. Paul Wilders

    Paul Wilders Administrator

    ..renamed, deleted and compressed as well as removed from the email client trash box.

    Seems like there's something wrong on your side.

    [EDIT]: do you have "display warning"enabled?

    regards.

    paul
     
    Paul Wilders, Mar 2, 2004
    #12
  13. bydand

    bydand Registered Member

    Think I have solved it.
    Ran a manual scan before and it did not detect it.
    THESE WERE THE SETTINGS


    changed the settings (......which I will post seperately)
    then ran the manual scan again and it was detected.
     

    Attached Files:

    bydand, Mar 2, 2004
    #13
  14. bydand

    bydand Registered Member

    THESE ARE THE NEW SETTINGS UNDER WHICH IT WAS DETECTED.

    Many thanks for the assistance and help ...greatly appreciated.
     

    Attached Files:

    bydand, Mar 2, 2004
    #14
  15. Paul Wilders

    Paul Wilders Administrator

    Problem solved :cool: My pleasure.

    Overall, this is proof of the pudding all software has to be configured properly. If not, users are bound to get into trouble.

    As for NOD32: there is a help/instruction file available from the website ;)

    Take good care and regards,

    paul
     
    Paul Wilders, Mar 2, 2004
    #15
  16. bydand

    bydand Registered Member

    please excuse my ignorance..cannot find a setting that says
    "display warnings" enabled.

    Here are my settings
    The only thing that seems to be similar is the silent mode = No
     

    Attached Files:

    bydand, Mar 2, 2004
    #16
  17. Paul Wilders

    Paul Wilders Administrator

    IMON setup > scanner setup > actions > notify...

    will do the trick ;)

    regards.

    paul
     
    Paul Wilders, Mar 2, 2004
    #17
  18. bydand

    bydand Registered Member

    Thanks again.....my concern here is that this was setup as a
    "default" from the original installation ....therefore I am assuming
    the settings that "NOD" thinks we should have.
    Not being very experienced one would kind of rely on Eset to
    supply a default setting to "scan the lot"...
    I know this is the Nod forum, but do these messages get back
    to Eset?
     
    bydand, Mar 2, 2004
    #18
  19. bydand

    bydand Registered Member

    IMON setup > scanner setup > actions > notify...



    My setting was "Clean / Quarantine".....now changed
    to "notify / offer an action"

    Which one is better?
     
    bydand, Mar 2, 2004
    #19
  20. Paul Wilders

    Paul Wilders Administrator

    A matter of choice really. Personally, I do prefer the "notify/offer an action" option. This way, one has a choice in case there's no cleaning option (as has been the case here) - and will be alerted; a major advantage.

    regards.

    paul
     
    Paul Wilders, Mar 2, 2004
    #20
  21. Blackspear

    Blackspear Global Moderator

    My question to Eset, why not simply default the settings to the above/below screen shot, this is what we set up EVERY single installation of Nod on a clients PC, it gives the best detection, so why not default it? If someone wants to un-tick something, let them wander through the product and do so, the average user does not want to wander, they just want it to work straight out of the box, as can be seen by this post, unnecessary stress was caused to a user because these were not default settings.

    Cheers :D
     

    Attached Files:

    Blackspear, Mar 2, 2004
    #21
  22. Mele20

    Mele20 Former Poster

    What about scan all files under extensions ? That should added as default also.
     
    Mele20, Mar 2, 2004
    #22
  23. Blackspear

    Blackspear Global Moderator

    Agreed, that is also what we set up for every client...

    Cheers :D
     
    Blackspear, Mar 2, 2004
    #23
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice