AMON with AH - Anyone heard of this virus?

Discussion in 'NOD32 version 2 Forum' started by Mele20, Jun 9, 2004.

Thread Status:
Not open for further replies.
  1. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Looks like my beta version does have AH for AMON although I don't have the radio buttons for AMON like Marcos has posted will be in the new beta release.

    AMON just popped up when I was trying to download a copy of MSJVM to see if the link worked so I could point someone with W2000SP4 (new install) who needs MSJVM to this link. AMON detected a "probably unknown virus....." and that language indicates AH is enabled in AMON.

    I can't find anything anywhere about this supposed virus...either it is too new to be in virus encyclopedias or it is a false alarm. I suspect the latter. This download was from a Microsoft MVP so I doubt it is a real virus. The question becomes should I point this user wanting MSJVM to this link...guess not even though I doubt this is a virus.
     

    Attached Files:

  2. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hello,
    your AMON doesn't have AH. It's a detection of a normal heuristic used on normal or deep level.
    When AH detect something, it said: Probably new unknown NewHeur_PE Virus
     
  3. pj320

    pj320 Registered Member

    Joined:
    May 12, 2004
    Posts:
    21
    hello since its about ah on amon i'll post my question here. whats the use if i set to "1" ah from the registry? HKLM\Software\Eset\Nod\Currentversion\Modules\Amon\Settings\Config000\Scanner\adv_heur_enable
     
  4. profhsg

    profhsg Registered Member

    Joined:
    May 18, 2004
    Posts:
    145
    Although I don't use NOD32 any more (I've switched to KAV 5.0), my wife still has it on her computer. Both on her computer and on mine when I used NOD32, I got the exact same warning about the same type of virus. It always happened after I ran a scan of the computers with TrojanHunter. It turned out to be an incompatability between AMOM and TrojanHunter which generated false alarms. It stopped happening when I turned off AMON when doing a TrojanHunter scan. See this thread over at the TrojanHunter forum for a discussion of the issue:

    http://forum.misec.net/?board=TrojanHunter;action=display;num=1081929263;start=5#5

    I wonder if its possible that one of your programs is generating a similar or even identical false alarm?
     
  5. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    It won't work. Others have tried that before. As mentioned here and in other threads, apparently AMON in the new as yet unreleased NOD beta has AH capabilites. That reg hack in the current NOD version won't add AH functionality to AMON.
     
  6. gate1975mlm

    gate1975mlm Registered Member

    Joined:
    Jun 12, 2004
    Posts:
    156
    May I ask why you switched to KAV 5.0?
     
  7. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    No offense intended :) - but let's keep on topic; this is the NOD32 support forum.

    regards,

    paul
     
Thread Status:
Not open for further replies.