Possible Smitfraud fix False Positive ?

@Benvan45: read post 14: https://www.wilderssecurity.com/showthread.php?t=119178

 

I'll suggest having a close look to the default settings from other well respected antiviruses. They all do offer the possibility to finetune. NOD32 is no exception to the rule in this perspective .

Checking the obvious never hurts indeed

Looking at your profile, you're from The Netherlands, aren't you? Logic demands your answer is based on experiences from your country. I do suggest having a look at the website from nod32.nl as for Blackspears' settings - copied and pasted - merely one example from many.

 

Re: Problems with NOD or viruses? Try this first

View attachment 178885 [

Sorry, it's all in Dutch, but pictures say enough!

 

That's great, but I'll be wondering why it doesn't work with mine!

 

Yep, future world champions, mankind thinks down here...
However it wouldn't hurt if Eset 'd consider hammerin more on this support forum.

 

Scrolling back to post 26 will do miracles .

 

So, to make a long story short......it could be a registry cleaner doing this! I'll check it out.

 

you've got me here...future world champions? Rugby, chess?

I'll guess the Eset guys have noted that one . That said: merely google for NOD32 support forums - that's all there's to it

 

Soccer, Panther.

Get is Get I used to know?
Seems like a school reunion down here?

 

Have checked the Dutch website and the settings are the same as posted here indeed! The only thing I changed: renaming instead of deletion in Imon.

 

Can't you tell by my skillfull posts? I sure as hell recognized yours.

 

wó›Ï4   *‚~‚\|Æ
*ß‹%î}Æ
*‚~‚\|Æ
 ÛÏ‹cö (

ö3á}Æ
IMON Î 
  9
\  Ö F
ÿÿÿÿ

€ ~
ì
\
 % N A M E = " h t t p : / / s i r i . u r z . f r e e . f r / F i x / S m i t f r a u d F i x . z i p " % A R C H _ T Y P E = " # z i p " % I T Y P E = A R C H % R A C T I O N = P % U S E R = " B E N \ \ b f " @ I N F E C T = i n f @ T Y P E = A p p l i c a t i o n @ N A M E = W i n 3 2 / P r c V i e w @ C L N = B A A % O K = A % I N F E C T E D = % A C T I O N = I Q E A % N A M E = " S m i t f r a u d F i x / P r o c e s s . e x e " % I T Y P E = F I L E % R A C T I O N = C Q @ I N F E C T = i n f @ T Y P E = A p p l i c a t i o n @ N A M E = W i n 3 2 / P r c V i e w @ C L N = B A A % I N F E C T E D = ÛÏ‹cf (

àÂ…%î}Æ
AMON
> 


<  ² "
ÿÿÿÿ  € % N A M E = " E : \ \ I n t e r n e t \ \ S m i t f r a u d F i x \ \ S m i t f r a u d F i x \ \ P r o c e s s . e x e " % I T Y P E = F I L E % U S E R = " B E N \ \ b f " @ I N F E C T = i n f @ T Y P E = A p p l i c a t i o n @ N A M E = W i n 3 2 / P r c V i e w @ C L N = B A A % U I N F O = " G e b e u r t e n i s o p g e t r e d e n o p e e n b e s t a n d d a t n i e u w i s a a n g e m a a k t d o o r d e a p p l i c a t i e C : \ \ P r o g r a m F i l e s \ \ W i n R A R \ \ W i n R A R . e x e . H e t b e s t a n d i s v e r p l a a t s t n a a r q u a r a n t a i n e . U m a g d i t v e n s t e r s l u i t e n . " % I N F E C T E D = % A C T I O N = A Q % A C T I O N = A D % A C T I O N = B C

This is the Virlog.dat and it is clearly stated in here, that it is moved to quarantine!!!!!! I'll check on a registry cleaner and see what comes up.

 

Sure - as has happened all over the web as for NOD32 configuration is concerned. I'll rest my case

I wonder why?

@Rieske: thanks for the info. Brazil will become world champions of course . That said: best of luck to The Netherlands!

 

Guess "I do not have a heart" did the trick?

@Panther: I did say mankind, not Rieske.

Ben, what happens when you uninstall Nod and then install it to another partition?

 

I agree. For any AV to be popular it must also be user friendly. What about the people who use NOD32 but don,t read about blackspears settings.
BTW, I have used few AVs and none of them I heard to be set from a tutorial like this for optimal protection!

( No bashing as for me Kaspersky and NOD are of course best AVs)

 

I second your line about needing a big tutorial for optimal protection! Just crazy!

 

I'll give that a try. And I'll install the English version also instead of Dutch, because it's a lot handier to get problems sorted out in English here!

 

But after detection, it should be in Quarantine right there. I have not used a registry cleaner right after detection, so I find it very hard to believe in my case.

 

No, it was the ' '-part that gave you away.


@Benvan45: Did you look if the "C:\Program Files\ESET\infected"- folder is present? If it's not: uninstall/install Nod and quarantine something. The "infected"-folder will be created then. Btw, when you have the Control Center open, things will not be quarantined and also when for example you unzip an infected file to a certain location from which that same file was quarantined earlier and is still in your quarantinelist it won't be quarantined again, only deleted.

 

There is no folder "infected" at all...... It's only listed/logged in the Virlog.dat
I understand about having the control center open, but even after a restart or whatever, there is just nothing!
I'll be installing the English version and hit Smitfraudfix.zip again to download and see what happens.

 

You didn't get the point from the link I gave you I guess. If you don't have the "infected"- folder, then the only thing you have to do is uninstall Nod32, install Nod32, quarantine something ( open Control Center -> Nod32 System Tools -> Quarantine -> click the Add-button -> doubleclick something (an image, whatever) so it's in your quarantinelist ) and the "infected" -folder is created.

 

Ok, sorry, I'll do that.

To be really very honest about this whole story.......It makes me really wonder if this is the way one should go about with a Virusscanner, as stated before, it shouldn't be such big thing in order to get a great scanner like Nod32 up and running. I'm getting a little fed up with it. I've been spending hours already to get this problem straight. It should not be the configuration here, as it is properly configured. Rieske has the detected file quarantined and I don't, so what's up?

 

There's a registry-entry that's vital to the creation of the infected-folder which is removed when you use a registrycleaner before the infected-folder is created and then the folder will never be created -> no more quarantine. I've brought that up earlier (in the link I gave you), but apparently there's nothing done about it yet.

 

You won't believe this........I installed the English 2.51.26 and this is what is detected:

Time Module Object Name Threat Action User Information
24-5-2006 0:34:10 IMON archive http://siri.urz.free.fr/Fix/SmitfraudFix.zip Win32/PrcView application quarantined BEN\bf

So....great and after that I opened the Quarantine folder and guess what? The bugger is in there completely.
There's a folder "infected" as well and it seems the Dutch f... version that's NO GOOD. There's nothing else I make of it. I'll hit the hay now, as I have square eyes.
It's amazing what we have to go through to get a pc secure! I think it's a bad case, if the Dutch version is crippled. I'll be notifying Nod.NL tomorrow.
Thanks for all the time and understanding.

 

That's even worse.....but now I have created the infected folder 'by hand', will it stay the way it is now?

Good night and sleep tight!