Any advice please

Discussion in 'NOD32 version 2 Forum' started by mick92z, Aug 7, 2007.

Thread Status:
Not open for further replies.
  1. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    499
    Location:
    Nottingham
    Hi, I just scanned a dvd containing many music albums.I first scanned with Kaspersky online scanner,then with Avg anti-spyware,neither found anything.I then scanned the disk with Nod and it found a virus, Win32/HackAV.G application, which it quarantined.I had disabled the autoplay on the drive using TweakUI, before scanning,( I heard that was a good idea !)
    I have just scanned again with Nod,(twice,once in safe mode).It said no threats found.Does this mean I'm totally clean? Nothing shows up on Google for this virus,can/should I submit it from quarantine for analysis, if so how. Many thanks for any advice,it is much appreciated. Obviously my main concern is that nothing bad is on my computer.:doubt:
     
  2. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    Could you cut and paste location (from logfile) where the piece of malware has been found ?
     
  3. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    499
    Location:
    Nottingham
    Dear Mrtwolman,thanks for the quick reply,the virus was on the dvd,I didn't transfer anything from the dvd onto my computer ( unless it transferred itself )Please forgive my lack of knowledge in these matters.This is the scanner log
    Scan performed at: 07/08/2007 15:29:54
    Scanning Log
    NOD32 version 2441 (20070807) NT
    Command line: D:\
    Operating memory - is OK

    Date: 7.8.2007 Time: 15:30:06
    Anti-Stealth technology is enabled.
    Scanned disks, folders and files: D:\
    D:\Software\_NOD32 v2.70.32 virus checker\NOD32.FiX.v2.2.exe - Win32/HackAV.G application - quarantined - unable to clean - error while deleting - file is locked up
    Number of scanned files: 1166
    Number of threats found: 1
    Number of active threats: 1
    Time of completion: 15:30:31 Total scanning time: 25 sec (00:00:25)

    Notes:
    [5] File is currently being used (open or running) and cannot be cleaned now. It cannot be replaced with a clean copy even after computer restart, since it is not located on a local disk.


    And this is the threat log

    Time Module Object Name Threat Action User Information
    07/08/2007 15:29:48 AMON file D:\Software\_NOD32 v2.70.32 virus checker\NOD32.FiX.v2.2.exe Win32/HackAV.G application error while cleaning - operation unavailable for this type of object ANON-\Owner Event occurred at an attempt to access the file by the application: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe.
    07/08/2007 15:28:36 AMON file D:\Software\_NOD32 v2.70.32 virus checker\NOD32.FiX.v2.2.exe Win32/HackAV.G application error while cleaning - operation unavailable for this type of object ANON-\Owner Event occurred at an attempt to access the file by the application: C:\Program Files\Internet Explorer\IEXPLORE.EXE.
    12/07/2007 23:43:41 IMON file http://xx.92.235.111/o=256/b=QmVqZX...GVkPUdCUA==/r/dm/dm/Bej2Setup_TryGames-dm.exe Win32/Adware.Trymedia application Connection terminated ANON-\Owner
    12/07/2007 19:54:40 IMON file http://xx.92.235.111/o=256/b=QmVqZX...GVkPUdCUA==/r/dm/dm/Bej2Setup_TryGames-dm.exe Win32/Adware.Trymedia application Connection terminated ANON-\Owner
    12/07/2007 19:54:26 IMON file http://xx.92.235.111/o=256/b=QmVqZX...GVkPUdCUA==/r/dm/dm/Bej2Setup_TryGames-dm.exe Win32/Adware.Trymedia application Connection terminated ANON-\Owner
    I hope this is what you asked for, many thanks
     
    Last edited by a moderator: Aug 7, 2007
  4. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    NOD32 FiX isnt malware but it is a sort of patch for the trial version of NOD32; probably thats why its detected by NOD32 and only them iirc.
     
  5. xTiNcTion

    xTiNcTion Registered Member

    Joined:
    Oct 25, 2003
    Posts:
    253
    ADVICE: DO NOT USE NOD32.FiX.v2.2.exe

    if you really want to protect your computer make sure you get a valid licensed version of NOD32. and certaintly using NOD32.FiX is not the way
     
  6. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    499
    Location:
    Nottingham
    Sorry,WSFuser, I'm even more confused.I only scanned the dvd,and I don't have the trial version.This has never shown up before,once again sorry for my inexperience.
     
  7. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    So you dont know about NOD32 FiX? Did someone give you that DVD because it seems to have more than just music albums.
     
  8. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    499
    Location:
    Nottingham
    Dear xTiNcTion what on earth do you mean !!!!!! I really resent your comments.Of course I have a valid license, paid for with my own money.What kind of person do you think i am.I swear I am telling you the truth.Please explain:mad:
     
  9. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    499
    Location:
    Nottingham
    This guy at work gets dvds weekly with music on them.He sells them for £5,I know absolutely NOTHING about Nod32 Fix
     
  10. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    499
    Location:
    Nottingham
    Description Subtotal
    1 NOD32 PC/Workstation Licence
    Licence Expiry: 14/05/2008 GBP 23.00

    Sub-total GBP £23.00
    VAT GBP £4.03
    Grand Total GBP £27.03


    This is part of the email from Eset,when I purchased Nod32
     
  11. xTiNcTion

    xTiNcTion Registered Member

    Joined:
    Oct 25, 2003
    Posts:
    253
    why? i just saying do not use suspicious/risky files. thats all.

    glad to hear that. sorry for the misunderstanding but every time i see NOD32.FiX is related to piracy... but this is not your case. :)
     
  12. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    If you get things from unknown sources you'll never know what is inside...
     

    Attached Files:

    • WTF.jpg
      WTF.jpg
      File size:
      49.8 KB
      Views:
      718,132
  13. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    I dont know where that guy gets those DVDs but for now Id just ignore NOD32 FiX being detected.
     
  14. ASpace

    ASpace Guest

    Why ignore - the file is real security threat ?!

    Most of the fixes are not detected just because they are "fixes" - they contain real threats in them . As a NOD reseller I have met lots of illegal NODs installed and I have seen lots of fixes . Those "fixes" are not only threats , they destroy the programs ability to catch malware ( I mean licensed NOD catches what the fixed misses )

    As Inspector Clouseau said , all "unknown and untrused" sources are risky . I have seen fixes even with Brontok worm inside , fixes with trojan-backdoors , intentionally or not intentionally but there-in.

    Well , perhaps the user (OP) don't know about the fix in the DVD but the seller of this music definitely knowns about it - what the seller doesn't know is that he installs security to ~destroy~ his machine :thumb:
     
  15. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    499
    Location:
    Nottingham
    Ok, I googled Nod32Fix,I think I know why you accused me of using some sort of crack.If I was using a crack version,then this Nod32fix would probably show up on every scan.I admit it does look suspicious that this showed up on scanning the dvd.I am totally paranoid about getting malware on my computer,this is why I scanned the dvd with 3 different programs.I never do porn sites or download from p2p,or anything dodgy, let alone cracks for programs.My Nod was paid for, as was my AVG anti-spyware ( I know there is a free version).If I didn't want to pay for an anti virus program, I would simply use Avast, or Avg.My computer habits probably don't even warrant the need for a paid for anti virus.The dvd was a freebie, when I thought it had a virus on it,I was livid.Oh the irony,it appears to have some patch for Nod32, this seems an almost unbelievable coincidence.Most people I work with have never heard of Nod32 ( no offence ).Anyway I hope people believe me, I would never go on a forum and ask for advice,knowing I had a crack program.I'm not very clever with computers,but even I'm not that stupid.
     
  16. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    499
    Location:
    Nottingham
    The guywho sells the music doesn't know anything about viruses,he makes money selling dvds and cds.He buys them from another source, I don't know where.We work in a factory,he is about computer literate as me.Whats with the thumbs up
     
    Last edited: Aug 7, 2007
  17. ASpace

    ASpace Guest

    Ok , no problem . However , the one who created/who burned the DVD do know what they have put inside ;) :thumb:
     
  18. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    "A DVD containing many music albums"....hmmm......

    P2P stuff, or products of, often contain many unwanted things. ;)

    Albums purchased through proper retail channels are usually clean. ;)

    I have found, through my work in IT, that computers of "P2P users" will usually be quite infested.
     
  19. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    499
    Location:
    Nottingham
    I'm sure the person who created the dvd is also connected to other illegal activities,cracks,porn,drugs etc,its called organised crime,don't be naive.It probably got on their unintentionally.I'm past caring.
    As for your comment YeOldeStonecat, I already said I don't do p2p, neither does the person who sells the cd's/dvd's,he buys the disks.Where they come from, who knows,who cares.I have done nothing wrong,other than accept a music disc from a collegue,who is trying to earn extra money.
     
  20. sparx

    sparx Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    60
    Um... Did anyone catch that the threat was on a DVD...? NOD32 isn't going to remove it.... It's on a DVD.... anyone? Quarantine just means that NOD made a copy of it and encrypted it and filed it away.

    Just thought I'd clear that up since it seemed like everyone got all up in a frenzy at the mention of the "C" word... : )
     
  21. Kirk Parker

    Kirk Parker Eset Staff Account

    Joined:
    Mar 4, 2003
    Posts:
    3
    Location:
    Eset
    Where they come from is ...P2P. (I can't imagine the person who made that disk paid for the music) Just because you aren't actually running a P2P program doesn't mean you aren't getting the same files -- music and malware -- as the person who originally downloaded the files that are burned to that disk. Best to be wary of content from unknown sources, unless you like the occasional frog in your salad. :p
     
  22. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum

    Good one, sparx! :thumb:

    I have a question regarding this little issue - if the file was on a CD/DVD, and as such is undeletable (read only), wouldn't NOD have flagged it again on the next scan?

    EDIT:
    Not necessarily. I know other places where you can find pirated NOD (or any other software for that matter), and I'm sure you know the same. ;)

    Cheers.
     
    Last edited: Aug 7, 2007
Thread Status:
Not open for further replies.