imon1.dat in \system32

Discussion in 'NOD32 version 2 Forum' started by poogimmal, Jan 6, 2007.

Thread Status:
Not open for further replies.
  1. poogimmal

    poogimmal Registered Member

    Joined:
    May 7, 2004
    Posts:
    79
    doing a semi-regular system scan for changes, I got an alert that their was a new file in w2k \system32\imon1.dat 43 bytes of text. google finds vague references to this file usually in a malware context. the file itself scans clean in nod32 and total virus scans. did nod32 create that file? if so, should it have left it in \system32? what is it doing, and any harm if manually deleted?? I asked the same question to eset support and so far (at more than 24 hours) and no reply)_not intended as negative criticism of nod32, I've been using it happily a few years now on several pc.
     
  2. gnervt

    gnervt Registered Member

    Joined:
    May 6, 2005
    Posts:
    53
    Location:
    Germany
    hi poogimmal!

    this file is definitely from nod32
    this file was updated(recreated) after every update/upgrade
    this file contains one or more e-tag's and timestamp's
    this e-tag is submitted at every update to the eset server...
    ...maybe to identify a client as nod version
    ...maybe to count the updates/upgrades
    ...maybe to count how many nod installations are runnin
    ...maybe someone from eset is willing to clarify that... :cautious: :D
     
    Last edited: Jan 6, 2007
  3. poogimmal

    poogimmal Registered Member

    Joined:
    May 7, 2004
    Posts:
    79
    thanks for the "confirmation" of what I was thinking. if you are 100% correct then it is curious in that, I've had nod32 on this box 2+ years, it updates automatically almost daily, and I scan system for changes and new files semi_frequently and on an irregular basis, and I'm pretty sure (99.9% sure) I've never had imon1.dat reported before as either new or changed file. otherwise, yes, it appears to be an %ETAG with a "time-stamp" || and... I have a licensed version on a 2d w2k box here, and just searched it and it finds no imon*.dat anywhere on its c\ || so it's not updated or recreated on every machine after every update. meanwhile, still no reply from eset re my support msg, this topic. it's the weekend, so I'll see if & when I get an "official" reply (hopefully) this coming week.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    How do you know?

    Ehm, how come I don't know about such a "feature" ?

    How come nobody from ESET's developers know about e-tag? Nothing like this is submitted to ESET.

     
  5. poogimmal

    poogimmal Registered Member

    Joined:
    May 7, 2004
    Posts:
    79
    yikes! marcos, you are also confirming my "curious" reply above re me not finding imon1.dat on my other nod32 protected w2k. hummm, so I guess I'll delete imon1.dat and hold it until further notice, and monitor my system files more often. hard to image anything mal* created it on this box, which has strong protection, practices safe hex, and scans clean even booted from LiveCD. So, I like to assume that nod32 *did* legitmately create that file, but I assume, as moderator, your post has the more infomative data.
    I wonder if it could have anything to do with already having nod32 installed, and then downloading another copy to put on another machine??
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Send it to support @ eset.com along with a link to this thread so that I can have a look at it.
     
  7. poogimmal

    poogimmal Registered Member

    Joined:
    May 7, 2004
    Posts:
    79
    I sent ESET msg the other day, got reply this am.

    "Update for Case #9257 - "imon1.dat"

    An ESET Customer Care Representative has updated this case with the following
    information:

    Hello,

    If your NOD32 is up to date you should be fine. I would leave it.

    Thank you,
    Eset Technical Support
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's a response from the guys in the US, I work for Slovak ESET's headquarter. If you send it to support @ eset.com I'll get it.
     
  9. gnervt

    gnervt Registered Member

    Joined:
    May 6, 2005
    Posts:
    53
    Location:
    Germany
    http://img218.imageshack.us/img218/5411/imonqh1.th.gif
    using sysinternals process explorer on a runnin nod32

    dunno...
    dunno...look at the pic above the marked line... http://www.rokop-security.de/style_emoticons/default/confused.gif

    i'm sorry about that - as far as i can see YOU ARE RIGHT - the e-tag was sent from the server to the client...ehm, a lil mixup...​

     
    Last edited by a moderator: Jan 7, 2007
  10. Hazeleyze

    Hazeleyze Guest

    I would trust Marcos over Sysinternals. This is obviously something that isn't suppose to be there. I've had Nod on this computer for two years and I don't have imon1.dat.

    Marcos, please let us know what you come up with.
     
  11. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    I would like to believe this is not about trusting one individual over another considering I also have imon1.dat created Sunday, September 24, 2006, 6:23:10 AM located in my system32 folder with the below contained within.
    It's garbage to me and only because of this thread did I care to look. Whether it's Eset's file or not I have no clue but via notepad instead of Sysinternals my imon.dll file makes reference to imon1.dat even tho that still does not make me suspicious of Eset :blink:
    YMMV,
    Bubba
     
  12. gnervt

    gnervt Registered Member

    Joined:
    May 6, 2005
    Posts:
    53
    Location:
    Germany
    I am sure that anybody in this thread wasn't suspicious about eset (inc me. I am sorry if you or anyone else got that impression.)
     
    Last edited by a moderator: Jan 7, 2007
  13. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    So there's no further mis-understanding on your part or others....my use of "suspicious" was not negatively directed at no one in this thread....least of which Eset.

    Back on topic....this file was of interest to member poogimmal and if\when Eset determines the legitimacy of this file as it relates to Nod32....I'm sure a comment will be made.
     
    Last edited: Jan 7, 2007
Thread Status:
Not open for further replies.