Amon perpetual scan vs. in-depth Analysis

Discussion in 'NOD32 version 2 Forum' started by yontev, Jun 6, 2007.

Thread Status:
Not open for further replies.
  1. yontev

    yontev Registered Member

    Joined:
    Jun 6, 2007
    Posts:
    57
    Hello,

    I am a new owner of Nod32--actually 30-day trial owner at this point. So far I just love this software. it's non-intrusive...quiet, and doesn't drain the system. I especially love Amon...perpetual scanning; it's beautiful.

    Does Amon scan as deeply as the In-depth Analysis? What is the difference. I see Eset suggests an In-depth Analysis should be done from "time to time." But they don't specify how often. I suppose it's on a case-by-case situation dependent on how conservatively one surfs the web. But let me give you a couple of cases in my family, and you advise me how often the In-depth Analysis should be done for each

    Case 1--my husband. He is an artist who uses Google Images sometimes daily for ideas. He also downloads images too. Also, periodically he visits adult entertainment sites. His view is he would rather depend on the security technology to catch things than to be more cautious in his web surfing habits. Also, he uses Outlook Express. He has his own laptop.

    Case 2--my daughter (18 years old). She received a new laptop several months ago; and the virus vault shows many viruses were caught from the very beginning of ownership (70 days ago.) They appear to be in the internet temporary files, so she probably got them from visiting not very well-maintained websites. She's been known to do file swapping with friends as well as Kazaa. She does the whole thing IM, My Space, etc. and has an hotmail account that she depends on for virus scanning e-mail attachments. Her new laptop is chocked full of viruses...that disabled her ability to go online. It's so bad, that we will need to have the computer professionally cleaned out.

    How often should the In-depth Analysis be run in case 1 and case 2?

    Nancy
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi there, welcome to Wilders.

    AMON is the resident scanner that checks all opening and closing files, whereas a Manual on Demand Scan will scan all files on your system, as new updates come through your system is then scanned with the latest signatures, hence it is always a good idea to run regular scans.

    I would suggest a run through the NOD32 Tutorial located HERE this will answer you questions.

    Cheers :D
     
  3. pain4gain

    pain4gain Registered Member

    Joined:
    Feb 8, 2007
    Posts:
    54
    Easiest way to put this...

    AMON scans files which are being clicked on by you...

    In-depth analysis is so NOD32 will scan files already on your hard drive...

    Since you receive updates (new virus definitions) almost daily, it is wise to scan your hard drive at least once a week since NOD32 becomes better at detecting malware each time. It's possible NOD32 may have missed something on your hard drive but tends to catch it later after an update.


    My rule that I go by....."The more you download, the more often you should scan.."

    If both PCs are constantly on, you can schedule an automatic scan every few days.

    It sounds like your daughter's PC may need specialized help. Please open a case so a NOD32 Technical Support Engineer can assist you.

    http://www.eset.com/support/contact.php

    Support is free and the staff will work with you until a solution can be reached.
     
    Last edited by a moderator: Jun 7, 2007
  4. yontev

    yontev Registered Member

    Joined:
    Jun 6, 2007
    Posts:
    57
    Thanks for the responses. I ran through the tutorial and did everything on it. Except username and password; do I get provided these once I purchase the product?

    Now I am very confused with all these scanning options. First the tutorial had me set up a scan of execution of external applications. The second one is demand-scanning of all drives. What is the difference between the two. I have them set up for once a week. Is that enough given what I've told you about my users. And what about the in-depth scanning. I want to keep things simple. Painagain said do one type of scan every 3 days (which type) and another type once a week (which type)?

    Also, the tutorial said the e-mail is set up for Microsoft Outlook not Outlook Express. Am I covered now for Outlook Express?

    I'm not sure you folks can help me with my daughter's situation, since we weren't running Nod32 on her computer at the time...but ZoneAlarm Security System.
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    You are welcome.


    Correct.


    The first scan is one that pops up on screen and cn be used for 1 Hard Drive (C:\) or if you have multiple Hard Drives (/local would be used).

    The 2nd scan is useful in multi-user environment where a scan might be stopped while in progress; it is a totally silent scan that can not be stopped.


    Yes, that should be fine.


    Not required as you have set up the "On Demand Scanner" with stronger and automated settings, any time that you want to run a manual scan you would simply click on NOD32> Run On Demand Scanner? Scan and Clean.


    Once a week is ample.


    All POP3 email clients such Outlook Express are checked by IMON.


    Yes we can, please complete the following:

    Run a scan by following these steps:

    1. Click on the NOD32 Control Centre (Green and White split square on the bottom right hand corner of your computers screen).
    2. Click on NOD32.
    3. Click on Run NOD32.
    4. Click on “Scan and Clean”.
    5. When the scan has completed reboot your Computer into “Safe Mode”.
    6. Click on Start> All Programs> ESET> NOD32
    7. Click on “Scan and Clean”.
    8. Check the scan results.

    If the system remains infected start a support case here: http://www.eset.com/support/contact.php

    Cheers :D
     
  6. yontev

    yontev Registered Member

    Joined:
    Jun 6, 2007
    Posts:
    57
    You answered everything completely. Thank you. I'm sure you will be hearing from me again as more things come up. You wrote

    "The first scan is one that pops up on screen and cn be used for 1 Hard Drive (C:\) or if you have multiple Hard Drives (/local would be used).

    The 2nd scan is useful in multi-user environment where a scan might be stopped while in progress; it is a totally silent scan that can not be stopped."

    So do both scanners do the exact same thing. Will running one of them be sufficient if they duplicate the same efforts? Or do I need both?

    As far as my daughter's computer, since it won't go online, it doesn't have access to the definition updates. I even tried getting online by hardwiring it, and that doesn't work either. As long as I can't get online, I'm stuck...or am I? Any suggestions?
     
    Last edited: Jun 7, 2007
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    You are welcome.


    I'll be around, as will others ;) :D


    They do indeed, the only difference is the ability to stop the first one.


    Try running a scan in Safe Mode after changing the settings and see if that will clean it enough to get it back on the Internet.

    Cheers :D
     
  8. yontev

    yontev Registered Member

    Joined:
    Jun 6, 2007
    Posts:
    57
    You suggested I run Nod32 in safe mode, but how good can that scan be if I don't have the most updated virus definitions which I can only get while online? My other concern is that damage has already been done; and the Registry might be all messed up. Can the Nod32 support people help me with that as well? Also, the PC technician I spoke to was concerned that her data files might also have been contaminated...and they would have to be analyzed. Can Nod32 determine this as well?

    I read somewhere that there is a virus that rewrites over various data files every 3 days (like excel files as well as others). What does this mean? And will Nod32 detect them?

    Here's a general question. I noted in the scan results as well as was pointed out in the tutorial that some files are locked because they are password protected, so the scanner skips them. Is there any way to unlock them to have the most thorough scan as possible?

    So many topics...I really should have started a new thread. Sorry.


    Nancy
     
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi there, NOD32 has a vast virus signature database preloaded, hence I would run it in Safe Mode and see if it can give you a little functionality back, enough to get you back online.


    This may be the case, however you can perform a Windows Repair after the system is cleaned up.


    Yes, NOD32 will scan and check the data.


    Yes.


    No, nothing to be concerned about.


    No, let's keep this all together.

    Time to run a scan in Safe Mode and then report back.

    Cheers :D
     
  10. yontev

    yontev Registered Member

    Joined:
    Jun 6, 2007
    Posts:
    57
    Okay. Before I install Nod32, should I uninstall ZoneAlarm Security Suite since it has a competing antivirus program on it?

    Also, before I do the Safe Mode scan, do I first need to do the Nod32 tutorial set-up referred to in this thread?

    -N:)
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi there, the answer is yes to both questions.

    Uninstall ZA, install NOD32, adjust the settings, reboot into Safe Mode, run a "On Demand Scan", Scan and Clean.

    Report back.

    Cheers :D
     
  12. yontev

    yontev Registered Member

    Joined:
    Jun 6, 2007
    Posts:
    57
    Okay...I did it. I did a safe mode scan and found two viruses which are safely quarantined. Then in normal mode I was able to connect to the internet and download the latest virus definitions. I did another scan; and found a third virus.

    I noticed on the log after the safe mode scan the following message after the Anti-Stealth technology is enabled:

    "Scanned disks, folders an files: c:\/adware\
    Path c:\/adaware\ is invalid" Is this a problem? I am running Windows XP Home sp2. Here is the path I had put in as was specified in the tutorial. Let me know if it is correct:

    C:\/adware /ah /all /antistealth+ /arch+ /clean /cleanmode /delete /heur+ /log+ /mailbox+ /ntfs+ /pack+ /quarantine /scanboot+ /scanmbr+ /scanmem+ /scroll+ /sfx+ /unsafe /unwanted /wrap+


    Now, even though I can connect online to download defs; both Explorer and Firefox will not connect at all. I compared the proxy settings of Explorer on my daughter's with my husbands wireless that has not been contaminated; and they have different connection settings. Here is the difference:

    Husband's in Proxy Server under Lan Settings:
    Address is blank and port = 80

    Daughter's settings :
    Address is "localhost" and port = 8182

    How does that look?

    I am concerned that when I installed Nod32, I clicked Proxy settings to be set like Explorer's, but if Explorer's configurations have been corrupted, it could interfere with Nod32's efficiency.

    The other thing I noticed today is that the priorities of my wireless connections were switched. My connection was put at the bottom of the list; and an unsecure connection was put at the top; and I kept getting automatically connected to it. I removed all of the other connections but mine.

    So here's where I stand:

    3 viruses quarantined and 1 malware found by AVG spyware quarantined. Will you need to know the specific paths of these 4 items now?

    After updating the definitions, I reran AVG again, and found nothing. I reran Nod32 in both normal and safe mode too; and everything is fine.

    Look forward to hearing from you.
     
  13. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    The problem you have is a missing "space" as well as "spelling" it should be C:\ /adware


    Both should not have a tick, and both should be greyed out where you see the port number.


    Please complete the following to see if your Windows Winsock Layer has become corrupt:

    Download and SAVE WinsockXPfix from here: http://www.spychecker.com/download/d...sockxpfix.html


    For Windows XP:

    Click on Start
    Click on Run
    Type in cmd
    Click on OK
    Type in netsh winsock reset
    (Please note there are spaces between the netsh and winsock and reset)

    Press ENTER
    Restart your computer.

    If the above does not work due to an issue with Windows, run WinsockXPfix that you downloaded above and follow the prompts.


    For Windows VISTA

    1. Click Start. In the Start Search dialog box, type: cmd, and right-click cmd.
    2. Click Run as administrator.
    3. Type: netsh winsock reset, and then press the ENTER key.
    4. Type: Exit and press ENTER.
    5. Restart the computer


    AFTER the above please go to the NOD32 Control Centre
    Click on IMON
    Click on Start and restart IMON.

    Then reboot your PC.


    Try the above for your system as well.


    I think the laptop is now clean.

    Cheers :D
     
  14. yontev

    yontev Registered Member

    Joined:
    Jun 6, 2007
    Posts:
    57
    I did everything you said, and it didn't work until I went to Lan Settings and clicked on "Automatically detect settings," and clicked off "Use a proxy server for your LAN." Is that correct? I downloaded a new version of Firefox, and fooled around and figured it out. Hurraaay--I'm posting this from the laptop.

    Now, I still feel the need to run the antivirus for a while before handing it back to my daughter. I just want to make sure it's absolutely clean. I remember cleaning it (or so I thought) and new ones popped up. Also, I was wondering if I should also do some more spyware scans too. The malware AVG found was a bad one os.backdoor (something or other). At the same time I ran Ad-Aware which found nothing. These programs vary in their abilities to detect this stuff. Is there any you can suggest just to double-check my work?

    Finally, I want to make sure the Registry is in order. Is that something you can help me with or should I look elsewhere? I know of another online forum who can help if you are unable to.

    In any case, thanks so much for all your help. I really thought this was a lost cause...and I would have to pay a technician.
     
    Last edited: Jun 9, 2007
  15. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Yes.


    Excellent.


    Sure, you can run a few of the online virus scanners; http://www.google.com.au/search?hl=en&q=online virus scanners&btnG=Search&meta=


    I would tend to leave the registry alone other than performing a System File Check:

    * From the Start menu, select Run.
    * In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
    * Select the OK button.
    * Follow the prompts throughout the System File Checker process.
    * Reboot the computer when System File Checker completes.


    You are welcome.

    Cheers :D
     
  16. yontev

    yontev Registered Member

    Joined:
    Jun 6, 2007
    Posts:
    57
    Blackspear,

    Before I end this thread, I have one last question. Earlier in the thread we discussed the two different scans created in the tutorial. The first was the one you described below:

    "The first scan is one that pops up on screen and can be used for 1 Hard Drive (C:\) or if you have multiple Hard Drives (/local would be used)."

    I was wondering what that string that refers to adware is for? Does it have to do with catching spyware? And does the other scan that runs in the background have this same command path built into it?

    Secondly, whenever I run Nod32 on-demand scan, is it picking up the pop-up scan I created? And if so, must I keep that scan definition always in the scheduler/planner even though I plan to use the one that runs in the background?

    I think that's all I have left to ask for the meantime? Good night.
     
  17. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    The adware string refers to Advertising/Spyware products. NOD32 handles Trojans, Viruses, Spyware, Malware, Phishing, Worms, Active Rootkits, Adware, Potentially Unsafe Applications.

    Both scans use the same switches, each scan just has a different function; one pops up, the other runs silently in the background and can't be stopped.

    When you run a "manual" On Demand Scan by clicking on NOD32> Run NOD32> Scan and Clean, it takes its settings from the settings you chose in the tabs alongside. All the "Scheduler Planner" does is automate the process at a regular interval so you don't have to remember to run a scan yourself.

    Cheers :D
     
  18. yontev

    yontev Registered Member

    Joined:
    Jun 6, 2007
    Posts:
    57
    Thank you so much for all your help. I am so happy I found Nod32; and I look forward to being a paid customer soon. See around the forum.

    Take care,


    Nancy ;)
     
  19. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    You are welcome.

    Cheers :D
     
  20. Webby

    Webby Registered Member

    Joined:
    Jan 1, 2006
    Posts:
    93
    :D Now thats what I call service, nice one Blackspear :thumb:

    Cheers Webby
     
  21. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thank you, always worth a good go at trying to clean a system before going to a shop.

    Cheers :D
     
  22. yontev

    yontev Registered Member

    Joined:
    Jun 6, 2007
    Posts:
    57
    Blackspear,

    I thought we were done, but not quite. I ran the sfc /scannow scan. Things seem fine; however, although Explorer stays with the correct lan settings of automatically detect settings, Mozilla will not. I click "auto-detect proxy settings" and then I can go online, but when I restart Mozilla, the settings go back to "Manual Proxy Configuration." I uninstalled Mozilla, and then reinstalled it...and the same thing happened again. Any suggestions...Registry issues?

    Nancy
     
  23. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
  24. yontev

    yontev Registered Member

    Joined:
    Jun 6, 2007
    Posts:
    57
    Blackspear,

    Just checking in. I was able to have Mozilla help me. All that was needed was to delete the old corrupted profile, and create a new one. Everything looks very good now. It's been a lot of work. I'm going to create an image of the system, so I don't have to go through this again.

    One last item though...which I suspect is related to the WinsockXP Fix program you had me run. We notice the internet connection is unstable. Are there any adjustments I should make regarding the running of WinsockXP Fix?

    Nancy
     
  25. The_Duality

    The_Duality Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    276
    Location:
    Liverpool, UK
    Are you using a wired or wireless network? Forgive me if it a stupid question, but I cannot see any mention in your previous posts. If it is wireless then try setting it to a constant connection speed. I find that if the speed is set to auto, then the connection can be very unstable. There is reasons for it, but I don't think it necessary to explain it all ;)

    If you are wired up, then I don't really know what to suggest. Perhaps Blackspear et al would come up with a fast solution as usual :)
     
Thread Status:
Not open for further replies.