HELP! 5 VIRUSES!!

Discussion in 'NOD32 version 1 Forum' started by worldcitizen, Jun 6, 2003.

Thread Status:
Not open for further replies.
  1. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    Amon is showing in the window that 5 files are infected but when I did a scan nothing was found. What do I do?

    Dave
     
  2. zOK

    zOK Guest

    Get a second opinion? Scan the files online with KAV.
    http://www.kaspersky.com/remoteviruschk.html

    Or McAfee http://www.mcafee.com/myapps/mfs/default.asp

    Or Housecall http://housecall.trendmicro.com/
     
  3. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    What files? We need more info.



    Technodrome
     
  4. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    Well, if your AMON is set up to delete/desinfect infected files on the fly, you could be safe. You should perform a full NOD32 scan (all files, deep heur etc....)
     
  5. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Dave,

    Please post a screen shot as well.

    regards.

    paul
     
  6. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    HouseCall gave me a clean bill of health.

    In the Amon Window it still says I have 5 infected files but I don't know which 5 it is referring to - it doesn't say.

    I did a scan and it found eicar (I ran a few tests today) which I deleted and it also found a 'probable' virus in an old program I had but this was the 1st scan where I had deep, runtime packers, archives and all files ticked and as that file was in a compressed folder and was a probable it makes NOD the only program to ever detect it.

    Next what is the difference between the 'scan' and 'clean' buttons?.

    Also why does NOD scan only about 14,000 files but Housecall scanned over 24,000?

    Amon says 5 files are infected and none have been repaired but what 5 files is it referring to? I found only 2 1 was a test file and the other a compressed file found because I upgraded my settings to include archived packed files so that's understandable.

    Are these 5 files still on my computer or is Amon just saying that 5 files WERE infected. It gives no more information about these 5 files.

    When I did the scan I got dozens of error messages saying it could not open many files but Housecall didn't give any errors. Why?

    I went to 2 test sites today - Eicar and an email testing site. Amon popped up but I don't know what it did to those files. I was testing The Bat Email client and downloaded many files. There was a 5 part test file which came in five different emails but Amon didn't pop up for them and I deleted the files since.

    I'm positive I have no worm or trojan because I have Wormguard and TDS 3 on at all times.

    So is Amon giving me accurate information and what do I do next?

    Sorry for all the questions and many thanks for any help.

    Dave
     
  7. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    You'll have to enlarge this jpg to see the info.

    Dave
     
  8. zOK

    zOK Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    8
    Ok stop Amon, then restart it, make sure defaults settings, EG like this picture, now you should get another pop up box telling you the name and location of the virus.

    zOK
     

    Attached Files:

    • amon.gif
      amon.gif
      File size:
      37.1 KB
      Views:
      1,018
  9. zOK

    zOK Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    8
    Here is the other pop up box.
     

    Attached Files:

  10. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    Made no difference. Did exactly what you said but no lead to those files. Strange eh?
     
  11. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Can you verify you have the latest defs? We've had about three in the last 24 hours, the latest of which is this one:

    NOD32 Antivirus System information
    Virus signature database version:   1.431 (20030606)
    Dated:   Friday, June 06, 2003
    Virus signature database build:   3715

    Information on other scanner support parts
    Extended heuristic module version:   1.002 (20030606)
    Extended heuristic module build:   1030
    Archive support module version:   1.001 (20030430)
    Archive support module build version:   1031

    Information on installed components
    NOD32 For Windows NT/2000/XP - base
    Version:   2.000.1
    NOD32 For Windows NT/2000/XP - Internet support
    Version:   2.000.1
    NOD32 for Windows NT/2000/XP - standard component
    Version:   2.000.1

    Operating system information
    Platform:   Windows XP
    Version:   5.1.2600 Service Pack 1
    Version of common control components:   5.82.2800
    RAM:   768 MB
    Processor:   AMD Athlon(tm) Processor (1325 MHz)

    I'm running a quick scan with that one now - I'll let you know if that one comes out clear or not. Pete
     
  12. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    All clear on a quick scan. Don't have time today to get you the results of a full scan, sorry. Pete
     

    Attached Files:

  13. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Dave,

    just start up NOD32 (green-crossed), make sure to instruct it to clean, and perform a full system scan - presuming you do have the latest database.

    Please post the results after doing so.

    regards.

    paul
     
  14. anders

    anders Eset Staff Account

    Joined:
    Oct 25, 2002
    Posts:
    410
    That is "statistical" information.. It has encountered five infected objects. Most likely each of those infections should've displayed the alert window that zOK showed. You might also have changed the default settings so that "Display warning panel" is not selected, which means no warnings would've been displayed.

    Clicking the 'scan' button results in a scan, but no action is taken on infected files. If you click 'clean' it will take whatever action is specified under the 'Actions' tab. If you used 'scan' you can also right-click on an infected object in the log, and manually choose 'clean' for that specified object.

    That depends on the settings of the scanners. Also, some scanners only count files that are really scanned, some scanners count all files, etc.

    The name/location of the infected object is shown in the alert window.

    It's merely "statistics". If you scan all local drives using the on-demand scanner, and it comes up as clean, you don't have to worry.

    Once again, that depends on the settings, and on the scanner. Some scanners don't display such warnings. There are often many files that can't be opened and it should be nothing to worry about. Example of benign files that can't be opened are c:\pagefile.sys, c:\hiberfil.sys, c:\windows\system32\config\*, etc

    When Amon shows the alert, it is waiting for user interaction regarding what should be done to the infected object. What Amon did depends on what you selected in the Alert box. By clicking the Close button, or closing the window, no action is taken, but access to the file is denied. If you clicked "Clean", the file would've been disinfected. If you clicked "Delete", the file was deleted. If you clicked "Rename", the file was renamed.

    The information should be accurate. Five times you tried to access an infected object. That could've been one file you accessed several times, or five different files.

    First of all, make sure you have the latest updates. After that, start the NOD32 scanner via the start-menu. Make sure "Local" is selected in the Targets tab, and click Scan. If nothing is detected when the scanning is done, then there should be nothing to worry about.

    If you are uncertain whether you "messed up" the settings, go to the Setup tab and click the button "Default", then start the scan.

    Regards,
    Anders
     
  15. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    HI everyone,

    Well I got up this morning and had a look at Amon and there is no more refernce to those 5 files.

    The only think I've done since last night is turn off my machine and go to bed.

    A reboot may have been all that was needed to reset the details. Anyone have any other ideas.

    Whatever, it looks ok now.

    Dave
     
Thread Status:
Not open for further replies.