E-Mail BUG!!!!!!!!!!

Discussion in 'NOD32 version 2 Forum' started by controler, May 4, 2006.

Thread Status:
Not open for further replies.
  1. controler

    controler Guest

    Hello Eset


    I am trying out your product again after some time.

    I have the old Bagle worm in e-mail. It is a zipped, password protected file.

    You DO detect it but oh dear, I do have a question ok?

    Using Thunderbird, right clicking on the ZIP file, selecting save as to desktop , Whewww NOD kicks in and says you have a virus, file has been quaiirtened. Thing I want to know is why file is still in my e-mail?
    This may have been answered before but it is new to me.


    con
     

    Attached Files:

  2. the_sly_dog

    the_sly_dog Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    297
    Location:
    The Heart Of London
    hi controler
    im no eset guru or antivirus guru :mad: :mad: :mad:

    but have u enabled all blackspears extra settings
    in emon and dmon u have the setting to delete attachment if infected

    not sure if my help is actually any help but i did try lol

    im sure the pro`s will answer u question abit later anyway

    ben
     
  3. controler

    controler Guest

    Well yes you are correct but how does this help the defaylt install for the home user?

    con
     
  4. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    it doesn't help them - the point being that the default installation NEEDS to be enhanced. NOD32 is not plug and play.... you have to spend a few minutes to get the best from the product.. and that's true of cars, computers and just about most other complex items.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The thing is that you received this Bagle before installing NOD32 so IMON could not block it. This has absolutely nothing to do with Blackspear's settings which would, by the way, imply that default settings are not sufficient to detect viruses.

    It's perfectly OK that AMON springs into action when you try to save the file to the disk - this just confirms it's doing its job perfectly.

    If you want to remove the infected email completely, select it in Thunderbird and choose to delete it.
     
  6. controler

    controler Guest

    Thank you for your replys

    Marcos yes that is correct. I left the mail as is since I get is a few times a month and have for over a year now. yes I knew about other than default setting with this product also. I am wondering if my point was missed?
    Every time I look at the screenshot this is what I see. I see delete checked, I see display warning window and I see clean checked.
    The thing that bothers me is that in the comments section of the warning window, it reads file was moved to quarantine. As MArcos mentioned it actualy was not moved at all and this happens if you install NOD after an infection. What is stange about this file is when I shut NOD down and try save the ZIP to desktop it never shows up there. I have to save intire e-mail
    to desktop to get a copy. Then right click on the saved e-mail to desktop and scan , NOD window comes up says there is a worm, I click scanning targets and click delete button, the file goes away in the NOD window but remain on desktop including the ZIP file
    My question is when I clicked the delete button, why does the file remain?

    And this is a self extracting , password protected ZIP file. Designed to extract when user views e-mail without clicking the zip file.

    I ran a complete scan with everything set to high and it did not pick up the infection the e-mail was intended for. Either that of the e-mail does nothing and is harmless, correct?

    Thank you.
     
  7. wxboss

    wxboss Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    33
    Location:
    Jacksonville, FL
    I am in no ways a virus expert - far from it, but I believe the behavior you are describing is what made the Bagel worm so nasty. As all worms are designed to replicate and mass produce themselves, so the email zipped file needs to be removed in order for NOD to completley eradicate the problem and stop producing pop ups.

    Just delete the email and this will stop. Also, Blackspears settings tweak NOD's reaction to infected emails in order to handle them with less "hands on" work on your part.
     
Thread Status:
Not open for further replies.