AMON-infected 4, cleaned 2

Discussion in 'NOD32 version 2 Forum' started by TimaN, Aug 22, 2005.

Thread Status:
Not open for further replies.
  1. TimaN

    TimaN Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    125
    Location:
    Tulsa, OK
    I wonder why only 2 of 4 infections were cleaned (deleted) on this screenshot and not all 4. What happened to other 2 infections? Has anybody had this on their computer? I'm new to this forum as registered user, but visit this forum regularly in search of interesting topics. So finally I've registered and can post as well. :)
     

    Attached Files:

    • amon.jpg
      amon.jpg
      File size:
      110.9 KB
      Views:
      296
  2. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    I think it actually cleaned 2 of the 4, and deleted the other 2 (which were uncleanable).
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,764
    Location:
    Texas
    Hello TimaN

    Welcome to Wilders.

    Can you look in the threat log and see what info it gives you? Just doubleclick the entries for more info.
     
  4. TimaN

    TimaN Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    125
    Location:
    Tulsa, OK
    But in my action settings for AMON it's on "prohibit access and show alert". It is not on " clean automatically ". I remember I had to chose "delete" in the virus alert message and there were only two alert windows not 4. So this is what puzzles me, where other 2 infections came from.
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,764
    Location:
    Texas
    Anything in quarantine?
     
  6. TimaN

    TimaN Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    125
    Location:
    Tulsa, OK
    Yes those two files that I deleted, and in threat logs it's hard to tell which ones AMON has shown because it resets information to 0 after restart and I have restarted my computer after that screenshot.
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,764
    Location:
    Texas
    I assume those files in quarantine are newly created files. Have you tweaked your settings in NOD, or do you use the default settings?
     
  8. TimaN

    TimaN Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    125
    Location:
    Tulsa, OK
    I use default settings to promt me before any action. Only thing that I added is to scan within archived files during scan, that's all I changed.
     
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,764
    Location:
    Texas
    From the Amon help file of the program:

    If the file system monitor (AMON) detects a virus, several alternative scenarios are supported and can be selected using three radio buttons. The default scenario blocks access to the infected file, displays the warning panel, and offers a selection of follow-up actions. These selections are described in the Security Tab.

    Alternatively, access to the infected file can be blocked without any offer of further action.

    To request cleaning of the infected file, select the “clean automatically” radio button. This works only in the case of cleanable viruses, such documents infected with macro viruses.

    If you are not an advanced user, you may want AMON delete newly created infected files automatically. To accomplish this, select the "Prohibit access" radio button and check the "Move newly created files to Quarantine" check-box. For security reasons, files cannot be deleted automatically without placing a copy of them to quarantine first so it's a good idea to empty quarantine from time to time if no problems are observed after automatic deletion of infected files.
     
  10. TimaN

    TimaN Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    125
    Location:
    Tulsa, OK
    So I should be safe with all default security options and with "prohibit access and show alert", right? Still, usually it says "cleaned 1 of 1", but sometimes 2 of 4 for some reason.
     
  11. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    yep - you should be safe with that.
     
  12. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    You know when I test with eicar, I usually end up with 14 infected and 2 cleaned.
    This is because NOD checks not only the file, but also the app creating the file or running the file.

    So any sane person would say "well that has to be 2 each time then".
    Yes me too, but OS's works in a strange way :)
     
  13. TimaN

    TimaN Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    125
    Location:
    Tulsa, OK

    Thanks Brian N, this makes me feel little better, that I'm not the one who gets this. :doubt:
     
  14. ragnarok

    ragnarok Registered Member

    Joined:
    Jul 14, 2005
    Posts:
    36

    the stuff that all four modules detect as infected are listed in the threat log, (i have no clue why your threat log is deleted after reboot), there you can see wich actions were taken at an specific moment, so it comes very handy at times like this ;), you also may want to take a look at blackspear´s tutorial wich helps you to greatly configure your nod32.
     
  15. TimaN

    TimaN Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    125
    Location:
    Tulsa, OK
    No, I was talking not about log being deleted after restart, but AMON display showing "infected=0" and "cleaned=0" back to zero's. Sorry for the confusion..
     
Thread Status:
Not open for further replies.