0 files scanned?

Hi folks,

Running NOD32 in Windows ME, both up to date.

After downloading a mod for Unreal Tournament ('99), I right clicked the file and tried to scan it with NOD32, but it says 0 files scanned. This is the first time I've seen this behavior. Here is a picture:

 

Didn't you exclude exe files from scanning in error? If possible, please send the file to support[at]eset.com with a link to this thread.

 

No, I did not exclude exe files. I can scan any other exe file that I have tried without problems. Here is an example of another file in the same folder scanned without problems:

 

The tacops file is 204 MB and I'm on dial up, so it would be extremely difficult if not impossible for me to upload the file anywhere. I downloaded it from Fileplanet; http://www.fileplanet.com/87345/80000/fileinfo/Tactical-Ops-v3.15-UT-Mod-Version-2

If I highlight the file by clicking once on it, AMON claims the file has been scanned (NOD interface, highlight AMON) and does not warn me of any threats.

Thanks for any further input.

 

I emailed a link to this thread a few days ago to Eset Support, but still no answer. I don't understand why this one file refuses to be scanned...

Makes me wonder if I need a secondary virus scanner, like maybe Bitdefender free version...

 

It is a bit abnormal, because you scanned 204MB in 0 second. So it is better to say your on-demand scanner can not scan this file. maybe the file archived with an unknown archiver/Packer for Nod32 scan engine. (AMON only check .exe but on-demand also check file content)

Please reinstall again your Nod32 and try again, it maybe solved your problem.

 

You mean to uninstall/reboot/reinstall NOD32? What about my activation code? Will the one I received in September (when I received the CD version) still be good?

Will this require everything to be reconfigured?

 

DON"T reinstall, not necessary... see screenshot in link below which I 'll post in a few minutes.

OK, here it is : http://tinypic.com/hwlf5v.jpg

(The file in question in the above screenshot is JetAudio MediaPlayer)

This is behaviour I already had contact with with the dutch support for NOD32 : they told me it's normal. I'll see if I can restore the email-messages I sent and received from them. I'll be back later on this this evening.

 

Thanks BJStone,

That makes me feel better. I will certainly appreciate any further clarifications.

 

Hello Elwood,
You may wish to check that the "Context menu Profile" self extracting archives is still checked. Either try scanning another known self extractor you have handy or you can find the information by doing the steps below. If scanning another known self-extractor also does not work then the steps could also be a way of correcting it.

1. Select Nod32 from the control center.
2. Choose the run Nod32 button on the right.
3. Select the profiles tab at the top. Then "Context menu Profile" in the listbox.
4. Select the Setup tab now and verify it has "self extracting archives" selected

 

OK, So Packer is unknown for nod32 scan engine. (With AMON enabled, there is no chance for any infiltration)

Will added in next version, I wish

 

I don't think his settings are the problem.

 

Thanks FirePost,

Yes, "self extracting archives" is checkmarked. If you will see the screenshot in my second post of this thread, you will note that the SpatialFear installer was said to be scanned. It is 107 MB and it seems to have been scanned in 0 seconds, although some much smaller installers take longer to scan than these larger files.

This is a 503 kb file:

 

Ok, it's going to take a bit more time than I hoped, but I'll try it with my own words for now.
As you can see from the screenshot above I have the exact same problem. I use Blackspeer's settings btw. About one and a half month ago I made a screenshot of all those settings and then sent them to the dutch support, including the screenshot above.I received a reply within an hour in which I was told ALL my settings were correct ( ! ) and regarding the problem of not scanning that particular file they would contact Eset headquarters and they would get back to me. Within about 1 hour I received another reply in which I saw they forwarded my email to Eset's headquarter : the end result of all this was that Eset explained to them and me what is happening : I can't remember how they explained it exactly (that why I need to restore that image in the hope these mails are in it) , but bottomline is this : as long as the file in question is not active nor does any threat comes out of it, there's nothing wrong : when the file becomes active NOD32 will catch it if it is bad.

You could contact Eset support yourself about this issue or wait for a reply from one of the Eset moderators. In the meantime I'll see what I can do to dig up those emails.

 

As I said, With AMON enabled, there is no chance for any infiltration.

The archived files may have Auto-Extract function which can open themselves without user click, so, with disabled resident, they can not be 100% harmless.

 

So I should leave AMON enabled when installing programs? I have always been under the impression that antivirus programs (or other overzealous security programs) can prevent needed modification of the registry or interfere with initial configurations made by installers.

 

Yes, but there is a 'not good' thing, AH is disabled for AMON.

 

It is good to say the users, With AMON, IMON and EMON they are completely protected. (+ on-demand scanning)

 

AH is actually enabled in AMON by default.

 

I don't think Marcos, Are you sure?

 

I'm sorry, yes, My information was for version 1 & 2. now for version 2.5 AH is enabled for AMON by default.

 

OK, I was able to dig up those mails at my office during my everynights trip outside to catch some free air. Now I will not copy and paste those mails of course, so I'll explain the official response in my own words.
In the first place it's a not supported selfextracting file. (in my case, the JetAudio pack : I was able to scan it with a free product and that one was also able to list the exact contents of the pack.)
Secondly, they (official response) do not believe that a virus author will spent a huge amount of money on an expensive InstallShield package, just to hang some malicious piece of code at it, and even if he did the resident scanner would nail it.

There's some more comments but I believe it's better not to talk about that in public.

I hope that clears things up a bit.There's no need for a reinstall in your case, NOD will catch it if it's malicious.