Possible Smitfraud fix False Positive ?

No need to notify Nod.nl. The infected-folder is created now, because something is quarantined before you used a registrycleaner.

edit: yes, it will stay the way it is now. Good night also.

 

Thanks a million Get, you've done a great job. Appreciate that!!

 

You're welcome.

 

I have been to hasty with my remark about Nod32 not quarantining things when the Control Center is open. It does now. Don't know why it didn't back then, but I guess it was sloppyness on my part.

 

Same here about the Dutch version being crippled. It all has to do with the fact that a registry cleaner removes a key that is coupled to the map "infected". Get has posted about this already!

I'll leave the English version installed, as it makes it all easier when posting about problems here at Wilders.

But the fact remains: once Nod is configured properly.....it's great, but getting there is too hard and should be a lot easier!

 

It is easy....

https://www.wilderssecurity.com/showthread.php?t=131388

 

Windows Defender, System Restore... ?
Why even bother reading that post.

 

It's not.......not for everybody anyway! And about your post: I don't think it's fair to state, that one has to go through all that in order to get rid of an infection of some kind. I find that ridiculous, really.
I've seen other scanners, maybe not as good as Nod, but configuring a piece of cake!

 

Dear Get,

Surprise, surprise.........I couldn't rest before testing this matter again. I uninstalled the English version of Nod32 2.51.26 and removed the folder Eset from Program Files. I used a register cleaner and removed everything possible from the registry.
I did a clean install of Nod (Dutch), configured according to Blackspear's settings and downloaded the file SmitfraudFix.zip again and when Nod detected this as a dangerous application, I put a checkmark to send it to Quarantine. The log again showed it had been quarantined, but.........again, no map 'infected' and I had to create this map again by hand, as you stated yesterday. All fine, but.......I did an uninstall again, ran a reg cleaner, removed the folder Eset from Program Files, restarted the pc and installed the English Nod again and configured everything according to Blackspear's settings. Now, here we go........I did not make the folder 'infected' by hand and downloaded the file SmitfraudFix.zip again. Nod32 detected perfect, I checkmarked the option to send it to quarantine and YES..........it was placed in Quarantine and the folder 'infected' was created automatically.
To make a long story short, I'm 100 % convinced, that the Dutch version of Nod32 2.51.26 is NO GOOD.
It proves now, that it has nothing to do with running a registry cleaner in my case. I hope everybody from Eset is reading this and will look into this BUG. I have been screwing around with this for months and reported several times, that infections were not sent to quarantine, either automatic or by hand.....and I never had the idea, that I had to create the folder 'infected' by hand!!!!
I am beginning to wonder if this problem has not been noticed by other users of the Dutch version!!!!

Hoping for a quick reply from the experts!

 

Surprising indeed. I will test it also and see what happens.

 

Great and I hope you will find the same!

 

I uninstalled the English Nod, deleted the Eset-folder in program files, cleaned the registry, rebooted, installed the Dutch Nod (registered version), set it up the way I always do, I guess it will be the same as blackspears settings (I normally have automatically deny download of infected files ticked in Imon, but now I chose the other option to also get a screen in which I can choose copy to quarantine), updated nod, downloaded the smitfraudstuff, chose copy to quarantine and yes it's quarantined and yes there's an infected-folder... I don't know what you did/set differently, but the Dutch version seems ok.

 

Did one and the same - no issues in any way. Conclusion: the users' system is at fault here, NOD32 is acting as it should (and has been for the record).

 

I didn't do/set anything differently.....installed and uninstalled the same way as you did, but when installing the Dutch version, no way to get into quarantine. Repeat the same with the English version and......everything is just fine!
It's easy to say it's my system, but how on earth do I know that? What could be at fault within my system, when it's not making a folder? You must agree with me. I hope there are a few more willing to test the same thing, before stating that Nod32 is acting as it should (and has been for the record).
It beats me all together just now and I just hope to get some more reactions. I also mailed this thing to support in The Netherlands and I just like to see what they come up with.

 

RegCleaner 4.3 by Jouni Vuorio, translation by Johan Vreugdenhil
Deze programma's worden gestart, telkens wanneer u uw computer opstart. Het is raadzaam deze lijst zo kort mogelijk te houden
[syntax: Programma, Bestandsnaam, Gestart vanuit ]

Acronis Scheduler2 Service, "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe", HKEY_LM\Run
AutoSizer, "C:\Program Files\AutoSizer\AutoSizer.exe", HKEY_CU\Run
FreeWheel, {onbekend}, menu Opstarten
Mail Direct, "C:\Program Files\Ocloud\Mail Direct Pro\MADYPRO.exe", HKEY_CU\Run
Mailmoa, {onbekend}, menu Opstarten
MsnMsgr, "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background, HKEY_CU\Run
NoAdware4, "C:\Program Files\NoAdware4\NoAdware4.exe" :Min:, HKEY_CU\Run
Nod32kui, "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE, HKEY_LM\Run
RemindMe, {onbekend}, menu Opstarten
Second Copy, "C:\Program Files\SecCopy\SecCopy.exe" /InitialWait=1, HKEY_CU\Run

Is dit voldoende of is een Hijackthis.list beter?

 

This thread has now returned minus certain off-topic posts un-related to the topic at hand.

Bubba

 

Just for the record. The Nod problem regarding not quarantining the SmitfraudFix infection is fixed now. I had this strange behaviour with the Dutch version and not with the English. After downloading and re-installing the latest Dutch version everything is ok. I really don't know why it's working perfect now, as I have not done anything different, besides the fresh download.
Thanks everybody for all the help.

 

The problem Benvan45 had with the Dutch Nod32 not creating an infected-folder is solved by using the latest version. I would very much appreciate it however if Marcos would respond to the problem registrycleaners give, because I can't really believe Eset would let such a bug exist, when it is so easy to fix..as far as I know.

 

The fault lies with the registry cleaners and not ESET. Get in touch with the company that wrote it for a fix.

 

Facts plz.

 

If you took the trouble to read the thread then you would find the answer. JV16 found the key and deleted it. End of story.

 

After installation of Nod32, a key is made in the registry. "QuarantineDirectory" C:\Program Files\Eset\infected.
But the physical folder 'Infected' is NOT created in Program Files\Eset.

Great, but when a registry cleaner is ran before anything has been put into quarantine, it will delete the key in the registry. Also Regcleaner 4.3 will do so. (Just tetsted). Therefore it is impossible after the regclean to get an infection copied to quarantine, as the folder will not be able to be created, due to removal of the key from registry. So....Get hit the button already as he posted!!
The only way to avoid this 'BUG', is to add anything to quarantine after installation of Nod, in order to get the folder 'infected' created. Once the physical folder is in Program Files\Eset......no reg cleaner will be able to remove the key.
Get had it right all together!! I also think that Eset should fix this 'BUG' very soon. It's easy to state that the Regcleaner is at fault, but it shouldn't be this easy to remove a key 'SO IMPORTANT'!
I have a feeling, that a lot of Nod32 users have not noticed this problem, as long as there's nothing to quarantine!

By the way......this has nothing to do with Nod32 being Dutch or English, is a standard problem!

 

Right, so it depends on the emptiness of the created folder?
Imho it takes a minor change to create a dummy file which has to be placed in the Infected folder within the Nod installer... correct me if I'm wrong.

 

Okay. You are corrected. The issue is a registry cleaner will remove the key since it does not point to anything. Part of the cleaning process is to remove such entries.
There does not need to be anything in the folder, it just has to exist. Once the folder exists the key is no longer wasted space.
The easy way to fix the problem is for the installer to create the folder during the install instead of waiting until it is needed.

 

Even one step less needed.