Any advice please

Hi, I just scanned a dvd containing many music albums.I first scanned with Kaspersky online scanner,then with Avg anti-spyware,neither found anything.I then scanned the disk with Nod and it found a virus, Win32/HackAV.G application, which it quarantined.I had disabled the autoplay on the drive using TweakUI, before scanning,( I heard that was a good idea !)
I have just scanned again with Nod,(twice,once in safe mode).It said no threats found.Does this mean I'm totally clean? Nothing shows up on Google for this virus,can/should I submit it from quarantine for analysis, if so how. Many thanks for any advice,it is much appreciated. Obviously my main concern is that nothing bad is on my computer.

 

Could you cut and paste location (from logfile) where the piece of malware has been found ?

 

Dear Mrtwolman,thanks for the quick reply,the virus was on the dvd,I didn't transfer anything from the dvd onto my computer ( unless it transferred itself )Please forgive my lack of knowledge in these matters.This is the scanner log
Scan performed at: 07/08/2007 15:29:54
Scanning Log
NOD32 version 2441 (20070807) NT
Command line: D:\
Operating memory - is OK

Date: 7.8.2007 Time: 15:30:06
Anti-Stealth technology is enabled.
Scanned disks, folders and files: D:\
D:\Software\_NOD32 v2.70.32 virus checker\NOD32.FiX.v2.2.exe - Win32/HackAV.G application - quarantined - unable to clean - error while deleting - file is locked up
Number of scanned files: 1166
Number of threats found: 1
Number of active threats: 1
Time of completion: 15:30:31 Total scanning time: 25 sec (00:00:25)

Notes:
[5] File is currently being used (open or running) and cannot be cleaned now. It cannot be replaced with a clean copy even after computer restart, since it is not located on a local disk.


And this is the threat log

Time Module Object Name Threat Action User Information
07/08/2007 15:29:48 AMON file D:\Software\_NOD32 v2.70.32 virus checker\NOD32.FiX.v2.2.exe Win32/HackAV.G application error while cleaning - operation unavailable for this type of object ANON-\Owner Event occurred at an attempt to access the file by the application: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe.
07/08/2007 15:28:36 AMON file D:\Software\_NOD32 v2.70.32 virus checker\NOD32.FiX.v2.2.exe Win32/HackAV.G application error while cleaning - operation unavailable for this type of object ANON-\Owner Event occurred at an attempt to access the file by the application: C:\Program Files\Internet Explorer\IEXPLORE.EXE.
12/07/2007 23:43:41 IMON file http://xx.92.235.111/o=256/b=QmVqZX...GVkPUdCUA==/r/dm/dm/Bej2Setup_TryGames-dm.exe Win32/Adware.Trymedia application Connection terminated ANON-\Owner
12/07/2007 19:54:40 IMON file http://xx.92.235.111/o=256/b=QmVqZX...GVkPUdCUA==/r/dm/dm/Bej2Setup_TryGames-dm.exe Win32/Adware.Trymedia application Connection terminated ANON-\Owner
12/07/2007 19:54:26 IMON file http://xx.92.235.111/o=256/b=QmVqZX...GVkPUdCUA==/r/dm/dm/Bej2Setup_TryGames-dm.exe Win32/Adware.Trymedia application Connection terminated ANON-\Owner
I hope this is what you asked for, many thanks

 

NOD32 FiX isnt malware but it is a sort of patch for the trial version of NOD32; probably thats why its detected by NOD32 and only them iirc.

 

ADVICE: DO NOT USE NOD32.FiX.v2.2.exe

if you really want to protect your computer make sure you get a valid licensed version of NOD32. and certaintly using NOD32.FiX is not the way

 

Sorry,WSFuser, I'm even more confused.I only scanned the dvd,and I don't have the trial version.This has never shown up before,once again sorry for my inexperience.

 

So you dont know about NOD32 FiX? Did someone give you that DVD because it seems to have more than just music albums.

 

Dear xTiNcTion what on earth do you mean !!!!!! I really resent your comments.Of course I have a valid license, paid for with my own money.What kind of person do you think i am.I swear I am telling you the truth.Please explain

 

This guy at work gets dvds weekly with music on them.He sells them for £5,I know absolutely NOTHING about Nod32 Fix

 

Description Subtotal
1 NOD32 PC/Workstation Licence
Licence Expiry: 14/05/2008 GBP 23.00

Sub-total GBP £23.00
VAT GBP £4.03
Grand Total GBP £27.03


This is part of the email from Eset,when I purchased Nod32

 

why? i just saying do not use suspicious/risky files. thats all.

glad to hear that. sorry for the misunderstanding but every time i see NOD32.FiX is related to piracy... but this is not your case.

 

If you get things from unknown sources you'll never know what is inside...

 

I dont know where that guy gets those DVDs but for now Id just ignore NOD32 FiX being detected.

 

Why ignore - the file is real security threat ?!

Most of the fixes are not detected just because they are "fixes" - they contain real threats in them . As a NOD reseller I have met lots of illegal NODs installed and I have seen lots of fixes . Those "fixes" are not only threats , they destroy the programs ability to catch malware ( I mean licensed NOD catches what the fixed misses )

As Inspector Clouseau said , all "unknown and untrused" sources are risky . I have seen fixes even with Brontok worm inside , fixes with trojan-backdoors , intentionally or not intentionally but there-in.

Well , perhaps the user (OP) don't know about the fix in the DVD but the seller of this music definitely knowns about it - what the seller doesn't know is that he installs security to ~destroy~ his machine

 

Ok, I googled Nod32Fix,I think I know why you accused me of using some sort of crack.If I was using a crack version,then this Nod32fix would probably show up on every scan.I admit it does look suspicious that this showed up on scanning the dvd.I am totally paranoid about getting malware on my computer,this is why I scanned the dvd with 3 different programs.I never do porn sites or download from p2p,or anything dodgy, let alone cracks for programs.My Nod was paid for, as was my AVG anti-spyware ( I know there is a free version).If I didn't want to pay for an anti virus program, I would simply use Avast, or Avg.My computer habits probably don't even warrant the need for a paid for anti virus.The dvd was a freebie, when I thought it had a virus on it,I was livid.Oh the irony,it appears to have some patch for Nod32, this seems an almost unbelievable coincidence.Most people I work with have never heard of Nod32 ( no offence ).Anyway I hope people believe me, I would never go on a forum and ask for advice,knowing I had a crack program.I'm not very clever with computers,but even I'm not that stupid.

 

The guywho sells the music doesn't know anything about viruses,he makes money selling dvds and cds.He buys them from another source, I don't know where.We work in a factory,he is about computer literate as me.Whats with the thumbs up

 

Ok , no problem . However , the one who created/who burned the DVD do know what they have put inside

 

"A DVD containing many music albums"....hmmm......

P2P stuff, or products of, often contain many unwanted things.

Albums purchased through proper retail channels are usually clean.

I have found, through my work in IT, that computers of "P2P users" will usually be quite infested.

 

I'm sure the person who created the dvd is also connected to other illegal activities,cracks,porn,drugs etc,its called organised crime,don't be naive.It probably got on their unintentionally.I'm past caring.
As for your comment YeOldeStonecat, I already said I don't do p2p, neither does the person who sells the cd's/dvd's,he buys the disks.Where they come from, who knows,who cares.I have done nothing wrong,other than accept a music disc from a collegue,who is trying to earn extra money.

 

Um... Did anyone catch that the threat was on a DVD...? NOD32 isn't going to remove it.... It's on a DVD.... anyone? Quarantine just means that NOD made a copy of it and encrypted it and filed it away.

Just thought I'd clear that up since it seemed like everyone got all up in a frenzy at the mention of the "C" word... : )

 

Where they come from is ...P2P. (I can't imagine the person who made that disk paid for the music) Just because you aren't actually running a P2P program doesn't mean you aren't getting the same files -- music and malware -- as the person who originally downloaded the files that are burned to that disk. Best to be wary of content from unknown sources, unless you like the occasional frog in your salad.

 

Good one, sparx!

I have a question regarding this little issue - if the file was on a CD/DVD, and as such is undeletable (read only), wouldn't NOD have flagged it again on the next scan?

EDIT:

Not necessarily. I know other places where you can find pirated NOD (or any other software for that matter), and I'm sure you know the same.

Cheers.