Infected file in NOD32 Cache

Discussion in 'NOD32 version 2 Forum' started by verktyg, Jun 12, 2006.

Thread Status:
Not open for further replies.
  1. verktyg

    verktyg Registered Member

    Joined:
    Dec 15, 2004
    Posts:
    17
    KAV32DOS reports that the file FND0.NFI in my NOD32 Cache is
    "Infected by virus:not-a-virus:AdWare.Win32.WinAd.bg".

    Nothing shows in the NOD32 Control Console Quarantine Window.

    Running Win98SE. NOD32, F-Prot DOS, AdAware, SpyBot, a-squared and others find nothing.

    Is it safe to delete this file?

    Chas.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's definitely a false positive from KAV, nqi files only contain information about files stored in NOD32's quarantine.
     
  3. verktyg

    verktyg Registered Member

    Joined:
    Dec 15, 2004
    Posts:
    17
    Thanks,

    That's what I suspected. Is it safe to delete the file or is it part of NOD32's detection process?

    Chas.
     
  4. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Why do you wanna delete the file when it's an F/P as stated above?
     
  5. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    verktyg, you should let the file there.
    It's inoffensive and it's used by NOD32 to stoer informations about quarantined itmes as Marcos stated. ;)
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It can actually be deleted, especially if there ain't a file with the same name and the nqf extension.
     
  7. verktyg

    verktyg Registered Member

    Joined:
    Dec 15, 2004
    Posts:
    17
    Thanks for the feedback. I do a lot of technical searches and at least 1 or 2 times a month a bad link takes me to a malware site. NOD32 has been very good at notifying me when some kind of threat tries to attack my system. Most of the time I get a warning screen with options.

    On occasion, NOD32 has quarantined the malware before I could respond. I delete the quarantined files when this happens.

    Since this file serves no purpose I'll delete it.

    Chas.
     
  8. Zookeeper

    Zookeeper Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    11
    Both the Kapersky & F-Secure online scanners reported that the file FND0.NFI is infected with Backdoor.Win32.Agobot.gen & should be deleted. I've already deleted all the things that NOD32 put into quarantine. Is it safe to delete this file?
     
  9. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Try an online scanner that is not associated with the Kaspersky engine such as Bitdefender perhaps.
     
  10. Lollan

    Lollan Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    288
    Bitdefender runs the Kaspersky engine :)
     
  11. Zookeeper

    Zookeeper Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    11
    Basically, what I'm trying to find out is if FND0.NFI is an infected file or not. Has anyone else tried to use one of the online scanners? Has FND0.NFI popped up as being infected? Is this a false positive, or is NOD32 not capable of determining whether FND0.NFI is infected or not? Can I delete FND0.NFI?

    As I'm typing this, I'm having Mcafee scan my computer.
     
  12. danieleb

    danieleb Registered Member

    Joined:
    Dec 11, 2006
    Posts:
    111
    No, I don't think it does.
     
  13. Zookeeper

    Zookeeper Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    11
    Can I delete FND0.NFI?


    Help me Please
     
  14. BFG

    BFG Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    482
    Location:
    San Diego
    Hello,

    You initially referred to it as a .nfi file. Is that the extension or is it .nqi?

    BFG
     
  15. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's nfi, nqi files only contain information about a particular quarantined file.
     
  16. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    Heres your answer :cool: And yes please delete it: :thumb:

    C:\Program Files\ESET\cache\FND0.NFI</location> <risk>High</risk> <description>Backdoor.Agent.AIR is a malicious application that runs in the background and allows remote access to your system ...
     
  17. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's a file detected by NOD32, stored in a safe, encrypted form and pending for submission for analysis. You can delete it anyway.
     
  18. Zookeeper

    Zookeeper Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    11

    Thanks for a clear answer. I still don't understand why this file was never picked up by NOD32. Shouldn't I have been given a warning?

    Once again, thanks to all of you who have responded to my request for help
     
  19. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If it actually wasn't picked up by NOD32 then NOD32 would not have encrypted it and stored it as an nfi file in its cache :) NOD32 will never detect its encrypted cached and quarantine files.
     
Thread Status:
Not open for further replies.