Hundreds of "warnings" in scan report

Discussion in 'ESET NOD32 Antivirus' started by FanJ, Jun 5, 2013.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Last night I let NOD32 do an on-demand in-depth scan.
    Suddenly there are hundreds and hundreds of "warnings" in the scan report.
    Examples:

    C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Installer\338f.msi » MSI » core.cab » CAB » shlwapi.dll - is OK
    C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Installer\338f.msi » MSI » core.cab » CAB » eeclnt.exe - is OK
    C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Installer\338f.msi » MSI » core.cab » CAB » eguiProductRcd.dll - is OK
    C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Installer\338f.msi » MSI » core.cab » CAB » eplgOutlookEmon.dll - is OK
    C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Installer\338f.msi » MSI » core.cab » CAB » eplgOEEmon.dll - is OK
    C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Installer\338f.msi » MSI » core.cab » CAB » eplgHooks.dll - is OK
    C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Installer\338f.msi » MSI » core.cab » CAB » eplgTbEmon.dll - is OK
    C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Installer\338f.msi » MSI » product.cab » CAB » eguiProduct.dll - is OK
    C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Installer\338f.msi » MSI » Icon.egui.exe - is OK
    C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Installer\338f.msi » MSI » Binary.EpfwInst.dll - is OK
    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe » INNO » {app}\mbam.exe - is OK
    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe » INNO » {app}\ssubtmr6.dll - is OK
    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe » INNO » {app}\vbalsgrid6.ocx - is OK
    C:\i386\SP1.CAB » CAB » hidserv.dll - is OK
    C:\i386\SP1.CAB » CAB » dshowext.ax - is OK
    C:\i386\SP1.CAB » CAB » ativdaxx.ax - is OK
    C:\i386\SP1.CAB » CAB » msh263.drv - is OK

    The list goes on and on.

    Also suddenly tens and tens of "warnings" like:

    C:\Documents and Settings\...\...\FinePrint\Version 7_20\fp720.exe » ZIP » Ltkrnu.dll - archive damaged - the file could not be extracted.

    System:
    XP-home SP3
    NOD32 4.2.71.2
    Virus signature database: 8412 (20130604)
    Update module: 1042 (20130123)
    Antivirus and antispyware scanner module: 1393 (20130516)
    Advanced heuristics module: 1139 (2013020:cool:
    Archive support module: 1169 (20130521)
    Cleaner module: 1072 (20130524)
    Anti-Stealth support module: 1043 (20130322)
    ESET SysInspector module: 1233 (20130320)
    Self-defense support module: 1018 (20100812)
    Real-time file system protection module: 1006 (20110921)

    No pre-release updates enabled.

    Is there something wrong with, for example, Archive support module: 1169 (20130521)?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The "is OK" messages are displayed only if you enable logging of all scanned files. As for the error reporting damaged archive, we'll check it out.

    Feel free to make further reports to the new ESET's forum at http://forum.eset.com where they will receive better attention.
     
  3. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Then there must have been something changed between 03 June 2013 and 05 June 2013.
    My scan (on-demand, in-depth) on 03 June 2013 doesn't show those hundreds of "is OK" messages (except for CryptoSuite, which I reported months ago here on the forum).


    Further inspection of the scanlog tells that all those "damaged archive" messages are related to:

    1.
    Install file of FinePrint version 7.20 : fp720.exe

    SHA256: f367b5f53afdf8dc7ef1256d6a3d8437dbf7882a81a180d318c108261222a9d8
    SHA1: e216db2e71397fc70451b54e4b4a9431e7c8ba26
    MD5: fefde83bb1780375e73a756019a19ed7

    I just saw that the current version is 7.21. I haven't yet updated.
    http://fineprint.com/fp/

    2.
    Install file of pdfFactory version 4.80 : pdf480std.exe

    SHA256: 1c0eed9f8a401dc8386fb318a0eb7484480e72e3a512cffc3817f5e4546fee56
    SHA1: ed872b898278fe936a48e7c24280aa41b7c1ffcf
    MD5: 840924fb87a7e5eb47887738c42077eb

    I just saw that the current version is 4.81. I haven't yet updated.
    http://fineprint.com/pdf/
     
    Last edited: Jun 5, 2013
  4. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    As for the "archive damaged" messages from NOD32:
    I get them too on the newer install files of FinePrint and pdfFactory.

    1.
    FinePrint version 7.21 : fp721.exe

    SHA256: 3cb6a89e27159d2559a15e60b6fc6136050da0b01b989194f04f0f9e55a7c1af
    SHA1: cfa00e070c760a1bd9654c7efb8705fb80966b75
    MD5: e9f846a42744be11f8d2bfb11b80d859

    2.
    pdfFactory version 4.81 : pdf481std.exe

    SHA256: c05c68e2e0e70afc45745fbc6b89b114e3bd66749c3ac6b6159a5d3cff71209e
    SHA1: 49470a56329390725190ae859a7a2c06681a9cbc
    MD5: 3a755d0eb1981b7f7c9a6365dfc660df
     
  5. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hello Marcos,

    Considering the above issue:

    1.
    Why were suddenly all those "is OK" messages showing up in the scanlog?
    There must be a reason for it. Which reason? As far as I know I didn't make a change in settings on my NOD32 4.2.71.2.
    The reply from you, "The "is OK" messages are displayed only if you enable logging of all scanned files", doesn't explain this at all; well, at least in my humble opinion.

    2.
    I do want to see in the scanlog of NOD32 4.2.71.2 a warning when something is happening like NOD32 cannot extract a file because NOD32 thinks an archive is damaged. (In such a case further investigation is needed: is it caused by such a file, or is it caused by NOD32).

    3.
    Tell me exactly where in NOD32 4.2.71.2 I can change settings so not all scanned files are logged, considering above points 1. and 2. and if needed.

    Thanks.

    Best regards,
    FanJ
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The issue with the "archive damaged" reports on the reported zip sfx files will be fixed in the Archive module 1171 some time soon.
     
Thread Status:
Not open for further replies.