Keeping 2nd 'on-demand scanner' with NOD32 as main antivirus

Discussion in 'NOD32 version 2 Forum' started by gunnarj, Aug 16, 2003.

Thread Status:
Not open for further replies.
  1. gunnarj

    gunnarj Registered Member

    Joined:
    Jun 8, 2002
    Posts:
    80
    Greetings all!

    Previously asked by myself in another part of Wilders forum:

    Is it possible to keep the antivirus that I now use, which is the free version of AVG, installed on my PC alongside the Nod32 app? Or is it not necessary or not wise?

    ...........

    previously answered by Yorkdale:

    "I have three antivirus installed, and no complications. The trick is only one should be set as your active program, I suggest NOD32 for that, and stop AVG from running so it is only "on demand" as a second opinion.

    Since it is AVG I don't see why there should be a problem, it's pretty friendly with others. Just two points to remember: 1. AVG placed a boot sector scan line into your autoexec file (or your equivalent) so that needs commenting out, and 2. do remember to deactivate it as your email scanner."

    ________________

    New question (s):

    I am now almost ready to install my newly licensed NOD32 v2 to be my main antivirus app. I want to keep AVG free as my secondary on-demand scanner only. However, after deactivating AVG as best I could from the AVG control panel, these three items are still starting up at bootup:

    1.) RunServices: Avgserv9.exe
    2.) HKLM Run: avgcc32.exe/startup
    3.) dosstart.bat (BAT file): mscdex.exe/d:IDECD000 /L:M

    I am running WinME with IE 6 - I don't want to uncheck any starting items from Msconfig - I like to keep that as 'normal startup'.

    1.) Is there an easy or best way to keep the previous three listed files from starting on Windows bootup?

    2.) I am unsure how to 'comment out' the dosstart.bat file as mentioned above by Yorkdale - if someone could give me a direction (easy if possible) way to comment this out, I would appreciate it.

    3.) The AVG 'System Status' gui STILL shows the Email Scanner as "Active and Functional" even though all items have been unchecked in the AVG Control Center panel and the computer has been rebooted. Is this a quirk or is the email scanner still running somehow?

    Once I no longer have AVG starting up at bootup I will install NOD32 v2 and be on my way to enjoying and learning what I read and hear is one of the best, if not THE best, antivirus apps available - thanks to the generosity of Wilder forums and the luck of the draw. :D

    Thanks all,

    gunnarj
     
  2. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Hi gunnarj,

    Just a question, why dow you want two AV running, while NOD is the only AV you need, is fast, low on system resources and the best viruscatcher in the wild around ;)

    Just curious gunnarj.

    rgds,
    Martin
     
  3. Madsen DK

    Madsen DK Registered Member

    Joined:
    Nov 23, 2002
    Posts:
    324
    Location:
    Denmark
    I agree Martin.
    Simply overkill IMO.
     
  4. gunnarj

    gunnarj Registered Member

    Joined:
    Jun 8, 2002
    Posts:
    80
    Hello all!

    I am now running NOD32 V2 antivirus, and am thrilled to be doing so.

    To answer the question of Martin's, I am only running the NOD32 antivirus app, and am just keeping AVG as a secondary 'on-demand' scanner. I guess it isn't necessary to keep a second antivirus scanner, but I can always uninstall down the road. I want AVG as a second app to scan 'unpacked' files if necessary. As long as it isn't harmful to keep it as long as it isn't 'running' alongside NOD32, I'll just keep it on hand for now, and probably uninstall after a while.

    I used 'IBS Startup Editor' to disable the two following files:

    1.) RunServices: Avgserv9.exe
    2.) HKLM Run: avgcc32.exe/startup

    (this way keeping MSCONFIG at 'normal startup')

    I think that the dosstart.bat (BAT file): mscdex.exe/d:IDECD000 /L:M
    is only a generic BAT file and not specifically for AVG so I didn't do anything with that.

    NOD32 V installed beautifully, and it updated immediately to version 1.486 (20030815).

    I found this page - http://www.wilders.org/screenshots.htm -
    to be very worthwhile also.

    I am glad to be a member of the NOD32 version 2 community. :D

    Thanks,

    gunnarj
     
  5. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Hi Madsen,

    I never quite understood why people want two or even more AV on their system (that's in general), you can run into trouble coexcisting those AV's.

    rgds,
    Martin
     
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Gunnarj,

    Can you tell me as of why? It's perfectly safe, the method is in use by many and you can revert in any time you like.

    Gents,

    Please let's stay on topic ;). Having a non resident other antivirus installed isn't that uncommon - Let's address the specific question asked, and start a new thread over on for example "other antiviruses" as for having more then one AVs installed ;).

    regards.

    paul
     
  7. gunnarj

    gunnarj Registered Member

    Joined:
    Jun 8, 2002
    Posts:
    80
    . . .

    ......

    Paul,

    I use the app 'IBS Startup Editor' (which I am not sure is still available anymore*) to disable starting entries. I think it does the same thing with the registry as Msconfig does, so my reason isn't a technical one.

    * 'IBS Startup Editor' used to be found here as freeware: http://www.ibservice.com/
    That site no longer works so I assume it is an 'abandoned app'.
    I have the version 0.0.3
    I really like its ease of use and prefer it to msconfig.

    Thanks though for letting me know that using Msconfig to disable startup entries is perfectly ok - I am still learning many things about computer use and appreciate the advice on the forums.

    best,

    gunnarj
     
  8. Madsen DK

    Madsen DK Registered Member

    Joined:
    Nov 23, 2002
    Posts:
    324
    Location:
    Denmark
    Hi Martin.
    Yes, i agree again.
    I do understand , that someone would like a backupscanner, for easy acess.
    It depends of your needs, i guess.
    I do not do P2P & Kazaa stuff, so my backup is a weekly onlinescan with Panda or Trend. :-* This will do for me anyway.
    And with Nod & Trojan Hunter running permanently i feel quite safe :D :D
    Regards
    Ole
    EDIT. Sorry Paul. Didnt read your hint, before replying to Martin. A little OT. Sorry again.
     
  9. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I have NOD 32 that moniters all the time . I have BOClean and I also have Kaspersky Lite 40.71 loaded with the moniter disabled so I can scan with it when I desire. Do I need the second AV? Probably not. But I had read of a lot of people with back up scanners. What the heck, I like to play.So far no problems.
     
  10. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Ole,

    No prob ;)

    regards.

    paul
     
  11. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    gunnarj,

    Its perfectly safe indeed ;) Don't you worry: we all are learning, every day ;)

    regards.

    paul
     
  12. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Hi, gunnarj. I switch all the time back and forth between two antivirus, by using the msconfig, NEVER a problem. Good luck.

    Acadia.
     
  13. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    I agree with most of the above.

    However, if you do have Nod32, especially v2, as your main antivirus, the idea of using AVG as a backup AV strikes me as slightly comical.

    They're simply not in the same league.

    If you do want a well founded second opinion, I think Kaspersky or DrWeb would constitute much better choices.

    Although I'm elated with Nod32's performance, I'm also very impressed by the Kaspersky OnLine scanner's detection rate, and I'm now seriously considering purchasing Kaspersky Personal as an on demand scanner.
     
  14. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    All I can say is don't try running Panda Platinum with NOD32 or any other av! Panda warns you when you begin the installation that it has detected another av and tells you that you must remove it before proceeding. You are advised to pay serious attention to the warning, otherwise, you will most likely end up with a serious mess like i did. Nod was not running nor was PcCillin 2003 which I also stupidly tried to have as a backup scanner while using Panda as the main scanner.
     
  15. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    Sorry can't help with the specific questions on deactivating AVG. Posted the response below before a careful re-read of Gunnarj's post. Apologies. :oops:
    *************************
    Hi gunnarj
    I occasionally run F-Prot for DOS (a free AV, like your AVG) as a backup on-demand scanner. Last week it did find something that NOD32 did not. See thread link below.
    This is not to imply that NOD32 is deficient, but there's always the chance that you could pick up something that has not yet made it into one AV's definitions list, but has made it into the other.
    In my particular case, another forum member wondered if F-PROT found the virus because it is better at 'unpacking' compressed virus files than NOD32. I do not know if this is in fact the case, but it is perhaps something you would want to research yourself.
    BTW, as compare to AVG (which I installed on my Mom's machine), it is my impression that F-Prot is considered a better scanner.

    Regards!
    Optigrab

    http://www.wilderssecurity.com/showthread.php?t=12448
     
  16. gunnarj

    gunnarj Registered Member

    Joined:
    Jun 8, 2002
    Posts:
    80
    As an addendum to my original question and resolution to keep AVG as an 'on demand' scanner as backup to NOD32 V2.

    Today I received a suspicious email in my hotmail account. The hotmail account I am able to POP using my email reader. I didn't open this .eml message, but isolated it, and then scanned it using a.) the NOD32 advanced heuristic, b.) Trojan Hunter and c.) AVG 'the free version'.
    I used the right-click to scan the .eml file using the above 3 scanners.

    Guess which one of the three was the only one to detect the Sobig.F virus?? Yes, that is correct, the lowly 'slightly comical' AVG free version.
    All three were updated to the latest signature database, but two of them for some reason did not detect the worm/virus in the .eml file which by the way was 102kb and subject line of 'Thank You!' and I have heard elsewhere that this was received by others and was definitely a contaminated email.

    I rest my case as far as my decision to use a secondary back-up on-demand scanner, and am also glad that I kept the one I did. If only for this once, it has outperformed two much higher rated apps.


    critics schmitics ;)


    regards,

    gunnarj
     
  17. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Gunnarj,

    I'm unaware of the way you have configured NOD32 - the IMON scans at the winsock level.

    Forward the infected email to your ISP email address and post results please. Sobig-F has been detected 300+ times on this system ;)

    regards.

    paul
     
  18. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Hmmm, I don't really think there's any way that Nod32 could fail to recognize Sobig.F:

    http://www.nod32.com/msgs/sobigf.htm

    It's been detecting it for 4 days.
     
  19. gunnarj

    gunnarj Registered Member

    Joined:
    Jun 8, 2002
    Posts:
    80
    Paul,

    I was using outlook express, and NOD32 has been catching the Sobig-F virus numerous times on my computer until it came to this particular .eml file coming from hotmail.
    I use the beta program from hotmail for outlook express, I understand that IMON reads pop messages on the 110 port. These hotmail messages in outlook express actually stay on the hotmail server until I move them elsewhere. I moved this particular .eml file to my pc, without opening it, and then scanned it as mentioned.

    I hadn't opened this email, I only right-scanned it, and only one of three right-scanners caught it. I'm certain that if I tried to open it and/or run anything that was runnable it would have been caught by NOD32 v2 before it could do anything.

    Don't know if this explains anything or muddles it further.

    unfortunately I deleted the .eml file, but if it or something similar comes through again I'll do as you suggest, send it to be analysed.

    regards,

    gunnarj
     
  20. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    gunnarj,

    have a look at our screen shots, in particular the AMON setup > extensions. How does this particular extension setup shows up?

    regards.

    paul
     
  21. gunnarj

    gunnarj Registered Member

    Joined:
    Jun 8, 2002
    Posts:
    80
    Paul,

    My setup is the same as the screenshots, except that I have the Heuristics Sensitivity on 'deep'. Also on the IMON screenshot my version does not include the 'Enable Modifying Infected Emails' line.

    I have received another .eml email that is behaving exactly the same as the one mentioned in my prior email. This one has the subject of "Re: Your Application" and it is 101kb size. I saved it to my download folder, but have not opened it. I scanned it (using right-click scan) with NOD, Trojan Hunter, and AVG - again only the latter comes up with the Sobig-F warning. To reiterate, I have not opened it, only scanned it.

    If you'd like, I could send it to you to be analyzed - maybe it is a false alarm on avg's part or something is not coming up with the other two.
    - is there an address that I could send it on to NOD32 to be checked?

    thanks,

    gunnarj
     
  22. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    gunnarj,

    What shows up when pressing the button AMON stup > extensions?

    regards.

    paul
     
  23. gunnarj

    gunnarj Registered Member

    Joined:
    Jun 8, 2002
    Posts:
    80
    __________

    There is a large list of extensions to be scanned there - including EML.
    I used the default settings for that.

    Would it be better to click 'Scan all files' and 'click extensionless files'?

    ......

    p.s. The beta hotmail program on outlook express is not a pop3 program as I thought, but is instead http.

    regards,
    gj
    __
     
  24. Pretender

    Pretender Registered Member

    Joined:
    Apr 23, 2002
    Posts:
    670
    Location:
    Virtual Paradise
    I have a topic that I started 8/23 that I've asked to have deleted. I was going to run NAV 2002 as my resident scanner, but have changed my mind and am going to use NOD as my resident scanner. I'm not sure how to stop NAV and AVG from firing up at startup. I removed them from startup menu manually rather than using msconfig (ME). Also, I changed all settings in both program's control centers to where I thought they wouldn't start up, but the NAV and AVG execs keep showing up when I ck task manager by using ctrl/alt/del. Today, before going online..........I used ctrl/alt/del and and killed the files there for NAV and AVG. Just replying here to add information..........sorry that I don't have the answer for you.

    bob


    My brain is on vacation sometimes and it was when I typed "I removed them from startup menu manually rather than using msconfig (ME). " above. The startup menu isn't going to stop anything from firing up at startup so deleting something from the startup menu is meaningless. Sorry.
     
  25. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    gunnarj,

    OK. Did you perform a full system scan? Please post results ;) You might consider to go for Paolo Monti's Shell addition - see the thread above in this forum.

    A matter of personal choice actually. I for one do prefer this option.

    That explains why the IMON did not jump in, doesn't it? ;)

    regards.

    paul
     
Thread Status:
Not open for further replies.