[Help]How to Detect the infected file from a big LOG file

Discussion in 'ESET NOD32 Antivirus' started by shai_m, Aug 30, 2009.

Thread Status:
Not open for further replies.
  1. shai_m

    shai_m Registered Member

    Joined:
    Aug 30, 2009
    Posts:
    8
    Hi,

    I have NOD32 version: 3.0.672
    Windows XP.
    After running a computer scan, I get in the results that 1 file is infected and 0 files had cleaned.

    When I open the log file (150 MB), The log file is soooo big and long so I cannot understand where is the infected file! I want to know what is infected so I can try to clean it.

    Anyone have an idea?

    Thank you very much!
    Shai.


    Capture:
    http://i28.tinypic.com/vzijuu.jpg

    http://i28.tinypic.com/vzijuu.jpg
     
  2. Brambb

    Brambb Registered Member

    Joined:
    Sep 25, 2006
    Posts:
    411
    Location:
    The Netherlands
    Open it and use the filter to only display 'warnings', this should display the virus entry.
     
  3. shai_m

    shai_m Registered Member

    Joined:
    Aug 30, 2009
    Posts:
    8
    Tnx for the reply, but I can't see the "Warning" that you are talking about..

    What I have is:
    1. Detected threats
    2. Events
    3. On-demand computer scan

    "Detected threats" displayed 0 results (Nothing to display).


    Tnx
     
  4. Fixer

    Fixer Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    141
    Location:
    Bulgaria, EU
    Hi!

    1.Click on On-demand computer scan
    2.Select the scan you want
    3. Choose Filter...
    4. Uncheck all items except on Warnings.
    5. Finally, click OK.

    That's all! :)
     
  5. shai_m

    shai_m Registered Member

    Joined:
    Aug 30, 2009
    Posts:
    8
    Hi,

    I guess we don't have the same version of NOD32.
    When I right-click on the result, I have:
    copy
    copy all
    delete
    delete all

    and export (Which allow you to export the file).

    BUT, I don't have "Filter" like you said.

    TNX
     
  6. Fixer

    Fixer Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    141
    Location:
    Bulgaria, EU
    Not right click, but double click on the resault.
     
  7. shai_m

    shai_m Registered Member

    Joined:
    Aug 30, 2009
    Posts:
    8
    Double click on the results, opens the LOG file.
    And the LOG it's like I mentioned before: Long and very heavy which stucks the NOD32 and force me to kill the process.

    Tnx again.
     
  8. Brambb

    Brambb Registered Member

    Joined:
    Sep 25, 2006
    Posts:
    411
    Location:
    The Netherlands
    Ah, version 3 doesn't support filters. If you install V4 you have a button called filters in the scanlog. See this screenshot.
     
  9. shai_m

    shai_m Registered Member

    Joined:
    Aug 30, 2009
    Posts:
    8
    Ohhh... ok :)
    Now I understand.
    But
    I don't get it why is it so unclear to understand which fule is infected? They made it so difficult.

    So?
    The only way is to install ver.4?

    By the way,
    It's been 2 months ago since he found this infected file, without cleaning it.
    Since then, every scan I see the same result: 1 infected file, 0 cleaned.

    What can I do?
     
  10. stimulator32

    stimulator32 Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    104
    Look,

    when you scan with this option :


    31-08-2009 9-39-43 AM.jpg


    ESET will scan without cleaning !

    If you want to clean infected objects , you ought to choose this one :


    2.jpg


    then :


    3.jpg
     
  11. shai_m

    shai_m Registered Member

    Joined:
    Aug 30, 2009
    Posts:
    8
    Actually I am right clicking on the icon in the status bar(Next to the clock), and then "Computer scan".

    But i will try also what you recommended.

    Thank you.
     
  12. jswas

    jswas Registered Member

    Joined:
    Jun 11, 2008
    Posts:
    18
    You say that your log file is 150MB. This is probably due to you having "Log all files" enabled! Go to scan setup and click on "threat Sense setup" then click "Other" and ensure that "log all objects" is UNCHECKED!
     
  13. shai_m

    shai_m Registered Member

    Joined:
    Aug 30, 2009
    Posts:
    8

    Ok I will check it.
    thank you.

    Do you recommend to install version 4?
    tnx
     
  14. mr_yoda

    mr_yoda Registered Member

    Joined:
    Jul 2, 2008
    Posts:
    57
    Location:
    Manchester, UK
    If it has cleaned 1 file, will that file not be in Quarantine?
     
  15. shai_m

    shai_m Registered Member

    Joined:
    Aug 30, 2009
    Posts:
    8
    Hi jswas,

    I tried to find the:
    scan setup-->"threat Sense setup"-->"Other"-->"log all objects"

    But I didn't.
    could you please upload a screenshot?

    Another question:
    Once you unchecked the "log all objects" checkbox, so which objects will be logged although?

    Thank you.
    Shai

    Edit: I found it and i Unchecked the "log all objects" checkbox.
    Now - I will still be able to see the infected object in the next scan log?
    Tnx again and sorry.
     
  16. jswas

    jswas Registered Member

    Joined:
    Jun 11, 2008
    Posts:
    18
    The only objects that will now show in the log will be those that return an error such as "file locked or in use by system", errors such as " damaged archives" etc. Any file that is infected with a virus will also be shown in RED which makes it easier to locate. I am assuming that your scanner is set up correctly to at the very least the default settings.
    "Objects" Check all boxes
    "Options" Check all except "Potentially unsafe applications"
    "Cleaning" The slider should be in the middle
    "Limits" Check all boxes
    "Other" Check all boxes except "Log all objects"
    Hope this helps!
    I run Nod32 on windows Vista but I beileve that the above headings are te same for V3

    Also ensure that under "user interface" Click "Alerts and Notifications" then check "display alerts" and check " Close Messages" then set seconds to say 120
    Also when performing an on demand scan select "custom Scan" ensuring that "indepth Scan" is shown in the interface and also ensure that"Scan without Cleaning" IS NOT TICKED!! Then press th "Scan" button and then press "show scan as log in new window" and when the log window appears ensure that the "Scroll" box is checked. You will now be able to see files which Nod32 is not able to scan. These files will be listed in blue and files which are infected will be shown in red. Do not be concerned if infected files appear in the Sysatem Volume Information restore points as they will have no detrimental effect on your system unless you restore your system from this particular restore point. Also to the best of my knowledge viruses etc cannot be deleted from system restore points. After your system is clean you may delete all restore points by switching off system restore and then re-enabling it.
    I strongly recommend that you view EAV 3.0 Tutorial 15 Jan 2008 by Blackspear.
     
    Last edited: Sep 1, 2009
Thread Status:
Not open for further replies.