Cleaning usb drives with NOD32 automatically

Discussion in 'NOD32 version 2 Forum' started by kruz, Oct 16, 2007.

Thread Status:
Not open for further replies.
  1. kruz

    kruz Registered Member

    Joined:
    Nov 15, 2006
    Posts:
    18
    Hi...

    When NOD32 detects malware in usb drives in real time (by AMON), it just deny acces to the infected file but is not able to clean or delete this one until you send a on demand scann, is there a way that AMON clean or delete automatically malware existing in usb drives without needing to run an on demand scan?

    Thanks for your help.
     
  2. sparx

    sparx Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    60
    If you go into AMON > Setup > Actions, you can set AMON to clean automagically.
     
  3. ASpace

    ASpace Guest

    No , this won't clean the file if already on the infected drive and if it is not viral (e.g. worm or trojan) .

    kruz , make sure that the drive is not protected and that Local Media and disks is checked in AMON -> Setup -> "Detection" tab
     
  4. kruz

    kruz Registered Member

    Joined:
    Nov 15, 2006
    Posts:
    18
    I`ve reviwed AMON configuration and Local Media is checked, and the usb drive is not protected, so what else can I do? and by the way I've seen this issue in others pc's with different usb drives.

    and thanks for the fast reply.
     
  5. ASpace

    ASpace Guest

    Ok , can you then provide more information about this part of your original post:

    What was the threat (name) ? Can you provide us a screenshot of the alert you receive from NOD32?

    Is the alert like that (options Clean,Rename,Delete - all blank) ?
     

    Attached Files:

  6. kruz

    kruz Registered Member

    Joined:
    Nov 15, 2006
    Posts:
    18
    The threat name could be any detected by nod32. For example look at the screenshot 1
    Screen shot 1.JPG

    I tried to execute bush.exe inside drive H (usb drive) and that is the alert that is generated by windows and what it says is "Windows doesn't have access to the especified device, path or archive. It could be that you don't have privilege to access this element". Then in nod32 threat log appear this:
    DATE: today
    MODULE: Amon
    OBJECT: Archive
    NAME: H:\Bush.exe
    THREAT: Win32/VB.NLY (internet worm)
    ACTION: There was an error while tryng to desinfect - unable to execute this action to this kind of object.
    SYSTEM INFORMATION: Event occurred when trying to acces to the file by application C:\Windows\Explorer.exe.

    And below the screenshot of AMON activity when I tryed to execute this file:

    Screen shot 2.JPG

    In conclusion, AMON didn't allow to get my pc infected, but it didn`t delete this file.
     
  7. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hi,

    run NOD32 in cleaning mode (on-demand scanner) => the worm should be removed. I reccomend format usb drive, then.:thumb:
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You have AMON set to clean infected files automatically. Since only viruses infect other files, trojans and other malware can only be deleted. Set AMON to prompt for an action, then you should be prompted for an action upon accessing the file.
     
  9. kruz

    kruz Registered Member

    Joined:
    Nov 15, 2006
    Posts:
    18
    ok, then just wanna know if is there a way that AMON delete automatically this malware, trojans, worms etc.?, or this is not possible?
     
  10. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
  11. ASpace

    ASpace Guest


    No , not possible . It can only clean viruses and prohibit access to non-viral malware - this AUTOMATICALLY .

    The other options in AMON called "Prohibit access and show alert windows with action options" will first prohibit access to the malware , then alert in a windows similar to the one I attached above and ask for confirmation.

    By default AMON will AUTOMATICALLY move to quaratine newly-created infected files.

    What is good and ray of light in your case that the upcoming version 3 of the product does the cleaning automatically for ALL kind of threats :thumb:
     
  12. kruz

    kruz Registered Member

    Joined:
    Nov 15, 2006
    Posts:
    18
    Thanks you all for your help ;) , and now I'm tryin' the EA RC1 and I found this function is available :thumb: ,and works excelent!!
     
  13. ASpace

    ASpace Guest

    That sounds OK . :thumb:
     
Thread Status:
Not open for further replies.