Explanation needed Amon Alert

Discussion in 'NOD32 version 2 Forum' started by CesiaS, Feb 6, 2007.

Thread Status:
Not open for further replies.
  1. CesiaS

    CesiaS Registered Member

    Joined:
    Aug 6, 2006
    Posts:
    22
    Location:
    Australia
    I'm new to NOD32, started using it 2 weeks ago.

    While I was scanning my PC with Housecalls this alert popped up ( log)

    Time Module Object Name Threat Action User Information
    7/02/2007 8:51:39 AM AMON file C:\DOCUME~1\ELISAB~1\LOCALS~1\Temp\VDN4FHa01056 Win32/PowerReg application quarantined - deleted DHVC391S\Elisabeth Event occurred on a new file created by the application: C:\Program Files\Internet Explorer\iexplore.exe. The file was moved to quarantine. You may close this window.

    I was using IE7, Amon is configured as follows - Options all selected, Actions - Prohibit access and show alert windows, move to quarantine.

    Qustion1. Could NOD32 be flagging Housecalls activities ?( ie this is a false positive)

    Question2. With AMON setting as described above is my PC totally protected from the suspect/infected file?? Is "prohibit access" enough or do I need to delete it or attempt to clean it at some stage as well? If so - how?

    I find this confusing
    https://www.wilderssecurity.com/showthread.php?p=266653#post266653 post #35 "...Quarantine ONLY makes a secure copy of the Virus or Trojan found so it can be sent to Eset for further analysis, it does NOT isolate the Virus or Trojan".
    I know there is an option "clean automatically", but I'm not conmfortable using it in case false positive gets deleted. o_O As I said I'm still learning.

    BTW Housecalls returned all clear

    Thank you
    Cesia
     
    Last edited by a moderator: Feb 6, 2007
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    The key word is "copy" ;)
    Quarantine makes a copy of the suspicious file. But it leave the original file in its place, which may continue to do harm.
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    No, the key word was "deleted".

    as well as for safety reasons a copy was encrypted and held in Quarantine for the next 30 days, however unlike customs, this quarantine is deleted at the 30 day mark.

    Cheers :D
     
Thread Status:
Not open for further replies.