0 files scanned?

Discussion in 'NOD32 version 2 Forum' started by Elwood, Nov 24, 2005.

Thread Status:
Not open for further replies.
  1. Elwood

    Elwood Registered Member

    Joined:
    Sep 12, 2005
    Posts:
    205
    Location:
    Mis'sippi
    Hi folks,

    Running NOD32 in Windows ME, both up to date.

    After downloading a mod for Unreal Tournament ('99), I right clicked the file and tried to scan it with NOD32, but it says 0 files scanned. This is the first time I've seen this behavior. Here is a picture:
     

    Attached Files:

  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Didn't you exclude exe files from scanning in error? If possible, please send the file to support[at]eset.com with a link to this thread.
     
  3. Elwood

    Elwood Registered Member

    Joined:
    Sep 12, 2005
    Posts:
    205
    Location:
    Mis'sippi
    No, I did not exclude exe files. I can scan any other exe file that I have tried without problems. Here is an example of another file in the same folder scanned without problems:
     

    Attached Files:

  4. Elwood

    Elwood Registered Member

    Joined:
    Sep 12, 2005
    Posts:
    205
    Location:
    Mis'sippi
    The tacops file is 204 MB and I'm on dial up, so it would be extremely difficult if not impossible for me to upload the file anywhere. I downloaded it from Fileplanet; http://www.fileplanet.com/87345/80000/fileinfo/Tactical-Ops-v3.15-UT-Mod-Version-2

    If I highlight the file by clicking once on it, AMON claims the file has been scanned (NOD interface, highlight AMON) and does not warn me of any threats.

    Thanks for any further input.
     

    Attached Files:

    Last edited: Nov 25, 2005
  5. Elwood

    Elwood Registered Member

    Joined:
    Sep 12, 2005
    Posts:
    205
    Location:
    Mis'sippi
    I emailed a link to this thread a few days ago to Eset Support, but still no answer. I don't understand why this one file refuses to be scanned...

    Makes me wonder if I need a secondary virus scanner, like maybe Bitdefender free version...
     
  6. Farbod

    Farbod Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    88
    It is a bit abnormal, because you scanned 204MB in 0 second. So it is better to say your on-demand scanner can not scan this file. maybe the file archived with an unknown archiver/Packer for Nod32 scan engine. (AMON only check .exe but on-demand also check file content)

    Please reinstall again your Nod32 and try again, it maybe solved your problem. :D
     
  7. Elwood

    Elwood Registered Member

    Joined:
    Sep 12, 2005
    Posts:
    205
    Location:
    Mis'sippi
    You mean to uninstall/reboot/reinstall NOD32? What about my activation code? Will the one I received in September (when I received the CD version) still be good?

    Will this require everything to be reconfigured?
     
  8. BJStone

    BJStone Registered Member

    Joined:
    Oct 31, 2005
    Posts:
    139
    DON"T reinstall, not necessary... see screenshot in link below which I 'll post in a few minutes.

    OK, here it is : http://tinypic.com/hwlf5v.jpg

    (The file in question in the above screenshot is JetAudio MediaPlayer)

    This is behaviour I already had contact with with the dutch support for NOD32 : they told me it's normal. I'll see if I can restore the email-messages I sent and received from them. I'll be back later on this this evening.
     
  9. Elwood

    Elwood Registered Member

    Joined:
    Sep 12, 2005
    Posts:
    205
    Location:
    Mis'sippi
    Thanks BJStone,

    That makes me feel better. I will certainly appreciate any further clarifications.
     
  10. FirePost

    FirePost Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    212
    Hello Elwood,
    You may wish to check that the "Context menu Profile" self extracting archives is still checked. Either try scanning another known self extractor you have handy or you can find the information by doing the steps below. If scanning another known self-extractor also does not work then the steps could also be a way of correcting it.

    1. Select Nod32 from the control center.
    2. Choose the run Nod32 button on the right.
    3. Select the profiles tab at the top. Then "Context menu Profile" in the listbox.
    4. Select the Setup tab now and verify it has "self extracting archives" selected
     
  11. Farbod

    Farbod Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    88
    OK, So Packer is unknown for nod32 scan engine. (With AMON enabled, there is no chance for any infiltration)

    Will added in next version, I wish :D
     
  12. Farbod

    Farbod Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    88
    I don't think his settings are the problem. ;)
     
  13. Elwood

    Elwood Registered Member

    Joined:
    Sep 12, 2005
    Posts:
    205
    Location:
    Mis'sippi
    Thanks FirePost,

    Yes, "self extracting archives" is checkmarked. If you will see the screenshot in my second post of this thread, you will note that the SpatialFear installer was said to be scanned. It is 107 MB and it seems to have been scanned in 0 seconds, although some much smaller installers take longer to scan than these larger files.

    This is a 503 kb file:
     

    Attached Files:

  14. BJStone

    BJStone Registered Member

    Joined:
    Oct 31, 2005
    Posts:
    139
    Ok, it's going to take a bit more time than I hoped, but I'll try it with my own words for now.
    As you can see from the screenshot above I have the exact same problem. I use Blackspeer's settings btw. About one and a half month ago I made a screenshot of all those settings and then sent them to the dutch support, including the screenshot above.I received a reply within an hour in which I was told ALL my settings were correct ( ! ) and regarding the problem of not scanning that particular file they would contact Eset headquarters and they would get back to me. Within about 1 hour I received another reply in which I saw they forwarded my email to Eset's headquarter : the end result of all this was that Eset explained to them and me what is happening : I can't remember how they explained it exactly (that why I need to restore that image in the hope these mails are in it) , but bottomline is this : as long as the file in question is not active nor does any threat comes out of it, there's nothing wrong : when the file becomes active NOD32 will catch it if it is bad.

    You could contact Eset support yourself about this issue or wait for a reply from one of the Eset moderators. In the meantime I'll see what I can do to dig up those emails.
     
  15. Farbod

    Farbod Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    88
    As I said, With AMON enabled, there is no chance for any infiltration. :)

    The archived files may have Auto-Extract function which can open themselves without user click, so, with disabled resident, they can not be 100% harmless. :D
     
  16. Elwood

    Elwood Registered Member

    Joined:
    Sep 12, 2005
    Posts:
    205
    Location:
    Mis'sippi
    So I should leave AMON enabled when installing programs? I have always been under the impression that antivirus programs (or other overzealous security programs) can prevent needed modification of the registry or interfere with initial configurations made by installers.
     
  17. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    I've never had any installation problems while NOD is running.

    From the help file: AMON is the most important line of antivirus defense. It is critically important to keep it running at all times using the most current version of the virus signature databases. AMON monitors all potentially threatening actions on protected computers such as opening, executing, creating, or renaming files.
     
  18. Farbod

    Farbod Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    88
    Yes, but there is a 'not good' thing, AH is disabled for AMON.
     
  19. Farbod

    Farbod Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    88
    It is good to say the users, With AMON, IMON and EMON they are completely protected. (+ on-demand scanning)
     
  20. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    AH is actually enabled in AMON by default.
     
  21. Farbod

    Farbod Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    88
    I don't think Marcos, Are you sure?
     
  22. Farbod

    Farbod Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    88
    I'm sorry, yes, My information was for version 1 & 2. :D now for version 2.5 AH is enabled for AMON by default.
     
  23. BJStone

    BJStone Registered Member

    Joined:
    Oct 31, 2005
    Posts:
    139
    OK, I was able to dig up those mails at my office during my everynights trip outside to catch some free air. Now I will not copy and paste those mails of course, so I'll explain the official response in my own words.
    In the first place it's a not supported selfextracting file. (in my case, the JetAudio pack : I was able to scan it with a free product and that one was also able to list the exact contents of the pack.)
    Secondly, they (official response) do not believe that a virus author will spent a huge amount of money on an expensive InstallShield package, just to hang some malicious piece of code at it, and even if he did the resident scanner would nail it.

    There's some more comments but I believe it's better not to talk about that in public.

    I hope that clears things up a bit.There's no need for a reinstall in your case, NOD will catch it if it's malicious.
     
Thread Status:
Not open for further replies.