One of the reasons I moved to NOD32 from Symantec is an infection my father got on one of his systems from an e-mail attachment. What was frustrating is that if you scan the file with Symantec's on demand scanner it finds the trojan. But if you run the file, the resident scanner does nothing to stop you. Anyway, I thought NOD32 would do a better job but I'm starting to wonder. During an on-demand scan of my system it found a number of potential threats. Most of these are not real Malware but are identified as threats since I enabled the potentially unwanted and potentially unsafe options. For instance it identifies an old copy of Rhinosoft's Serv-U FTP server I had in my download directory. The file is "susetup.exe" and it identified the embedded file "ServUDaemon.exe" as "Win32/ServU-Daemon application". I left the file where it was for now. Then, as a test I tried to run "susetup.exe" which NOD32 knows contains a potential threat. I was surprised to see that NOD32 raised no objection to this and I was able to run the installer largely unhindered. During the install, it DID raise a warning to "C:\Program Files\Serv-U\~GLH0008.TMP" as "Win32/ServU-Daemon application" and gave me the option to delete it, which I did. However, the installation continued and at least superficially, the server seemed to work. I was able to start the Serv-U GUI and set up a server. I didn't actually test whether the server actually worked, so it's possible that deleting ~GLH0008.TMP may actually interfere with the service and prevent it from taking connections, but I don't know that that's the case. Interestingly, later on, while doing nothing related, I got another warning. This one for "C:\Program Files\Serv-U\ServUDaemon.exe" as "Win32/ServU-Daemon application" as a result of "Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\rundll32.exe". Anyway, this seems strange to me as ServUDaemon.exe would have had to be created at install time and the realtime scanner should therefore have prevented this file from ever getting written to the hard drive or being accessible to the system. Yet there it was... Which all leads me to wonder if NOD32 (or any antivirus software) is actually effective at preventing malware infections (at least those it claims to know about) or does it let malware get installed and then go about trying to detect and remove it after the fact. If the latter, and this had been real malware (say some nasty rootkit) I'm not at all satisfied NOD32 could be guaranteed to remove the threat. Whenever I've been infected, I always reload an older backup of my system drive to be sure... Anyone have insight on this? Thanks!