For those that use NOD32 in Bart's PE

Discussion in 'NOD32 version 2 Forum' started by lepicane, Feb 23, 2007.

Thread Status:
Not open for further replies.
  1. lepicane

    lepicane Registered Member

    Joined:
    Sep 23, 2004
    Posts:
    20
    Need some help. I have been using a NOD32 plugin for Bart's PE for some time without any problems. Basically Bart's PE would boot, the complete ESET directory would be copied to the RAMDisk, and once networking was started NOD32 would update and provide resident protection (icon in system tray and all modules except EMON active).

    It seems that something has changed recently with how 2.70.32 updates or it might have happened with an earlier 2.70 version (not sure). The problem is that when the ESET directory gets copied to the RAMDisk, the file 'nod32.000' is 5,792 kb before the update. After the update this file is 0 kb and if I try perform a scan I get the following error 'The file nod32.000 is damaged'. All the downloaded update files are in the 'updfiles' directory on RAMDisk.

    Is anyone else experiencing this or knows why nod32.000 gets damaged after an update. Everything works fine before the update. Is the update trying to update something in %systemroot% oro_O?

    Thanks.
     
  2. lepicane

    lepicane Registered Member

    Joined:
    Sep 23, 2004
    Posts:
    20
    NOD32 Update

    I will keep my question simle this time (hopefully). It relates to https://www.wilderssecurity.com/showthread.php?t=166586

    When NOD32 performs an update, apart from the windows registry, does the update attempt to read/write anywhere else except the ESET directory?

    Thanks
     
    Last edited by a moderator: Feb 25, 2007
  3. ASpace

    ASpace Guest

    Re: NOD32 Update

    I believe NO
    but I am not 100% sure sure
     
  4. lepicane

    lepicane Registered Member

    Joined:
    Sep 23, 2004
    Posts:
    20
    Thanks HiTech_boy, but I beleive something has changed because NOD32 in Bart's PE keeps telling me to check my TEMP and TMP locations. Funny since I'm running Windows from a CD which is not writeable.

    This has never happened before with previous versions. So why is NOD32 now asking me for these paths. I know this TEMP/TMP issue has been discussed on the forum previously, and resolved for windows installations on a hard disk, but what is it NOD32 wants with these locations in a Bart PE environment?

    Appreciate any help...
     
  5. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    When updating, NOD32 makes use of the %WINDIR%\TEMP\ directory (e.g., C:\WINDOWS\TEMP\, C:\WINNT\TEMP\ and so forth) for temporary storage. If this directory is not present or writeable then problems may occur during the update process.

    Regards,

    Aryeh Goretsky
     
  6. lepicane

    lepicane Registered Member

    Joined:
    Sep 23, 2004
    Posts:
    20
    Thanks Aryeh, I did suspect this at first but was confused as to why this didn't happen with previous builds of NOD32. In any case when you boot BartPE.iso your CD effectively becomes the %WINDIR% and cannot be written to.

    I forgot to mention initially that all of these problems occurred while testing the plugin in the latest build of VMWare. I finally tested this plugin on Microsoft Virtual PC 2007, by booting the exact same BartPE.iso. Here the NOD32 2.70.32 plugin worked flawlessly. Also, the plugin works on a real system as well.

    The only thing I can conclude is that there is a compatibility issue with VMWare and the newest NOD32 version.

    Anyway, thank you all for your help.
     
  7. dgmiii

    dgmiii Registered Member

    Joined:
    Jan 1, 2007
    Posts:
    2
    Can anyone tell me how or where I can get instructions on how to add Nod32 2.7 to my Bart PE or UBCD. I have only been able to get 2.5 with updating to work.
     
  8. lepicane

    lepicane Registered Member

    Joined:
    Sep 23, 2004
    Posts:
    20
    @dgmiii

    I have uploaded my working BartPE plugin (without the program files) to http://www.megaupload.com/?d=XBKOFR5P

    This will only show you how the plugin should look (especially the nod32.inf file). I did a clean install and exported the registry without updating NOD32 (to keep the file size down). If you are exporting the registry make sure that the values for username, password, last update etc. are there (they will differ from my values). The settings are set to maximum in my nod32.inf file. I usually use a program for comparing text files (like CompareIt!) to make sure that I don't lose track of the changes to my nod32.inf file for every new version of NOD32 that comes out.

    Also you need to edit the autorun0penetcfg.cmd to the following if you want to start NOD32 automatically.

    As you already use a plugin for 2.5 this shouldn't be too difficult.

    Good luck.
     
  9. dgmiii

    dgmiii Registered Member

    Joined:
    Jan 1, 2007
    Posts:
    2
    Thanks I'll give it a try.
     
Thread Status:
Not open for further replies.