Nod 32 Doesn't scan Archives :o

Discussion in 'NOD32 version 2 Forum' started by fblitk, Apr 11, 2007.

Thread Status:
Not open for further replies.
  1. fblitk

    fblitk Registered Member

    Joined:
    Apr 11, 2007
    Posts:
    9
    Hi all,

    I just recieved a RAR file containg an EXE file with a virus inside it, the RAR file wasn't password protected...
    when I open the RAR file with WinRAR, it doesn't warn me and opens correctly, but when I open the EXE it warns me and doesn't let me open it!!
    My friend got the same RAR file, with the virus in there, he states that when he clicks the RAR file it Alerts him straght away!:eek:
    and, also, when the alert comes up on my pc, the delete option and the rest are not available , only the "leave" opyin is available!

    please help,
    thx
     
  2. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    setup your nod32 protection behaiour as described in the extra settings thread:

    https://www.wilderssecurity.com/showthread.php?t=37509

    Archives can be ignored if you don't SET THEM to be scanned - but as you saw, the threat itself was detected by AMON when it was ACCESSED - ie, you extracted it. You are not really losing any protection...
     
  3. ASpace

    ASpace Guest

    And after you setup your computer , you can perform full scan of your computer by opening Control Center -> NOD32 -> Run NOD32 -> Scan & Clean ;)
     
  4. fblitk

    fblitk Registered Member

    Joined:
    Apr 11, 2007
    Posts:
    9
    I set it up now...
    this time no alert is given!!
    and the file is left as it is!
    I have no Idea... the NOD32 has to scan when I open the RAR !!!
    but it doesn't
     
  5. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    AMON does not scan archives in realtime, but when you downloaded it, IMON shouldve scanned it.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    If the on-demand scanner did not detect the virus inside with archives enabled, please submit the file to support[at]eset.com along with a link to this thread.
     
  7. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    I have a question not exactly related to the topic, but I noticed that whenever it is needed to send an email to support for further investigation into any issue, you always recommend to include a link to the thread where the problem was initially described. I'm not bashing you for this, but I wanted to know why this is necessary. I mean, if the problem is anyway described in a detailed manner in the email to Eset's support, then there would be no need to provide any link to a thread on a forum. Could you please explain this? :)
     
  8. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Hi:-your friend who is alerted straight away,is he also using Nod?if he is its the way in which your two configurations of Nod differ that is causing the difference in behaviour not an inability of nod to scan archives,it does scan inside rar files
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    That's because threads at Wilders contain a track of what a user has tried to resolve the issue so far.
     
  10. fblitk

    fblitk Registered Member

    Joined:
    Apr 11, 2007
    Posts:
    9
    nope, i tried everysetting!!!
    duno wy it's like that anyway,i switched to Avst Home edition :S
    oh I hate the ugly looks and sounds but, no other choice!
    doesanyone sugest i use another program?
     
  11. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Give Kav a whirl:-I use that as well as Nod(on different PCs!)and that seems to scan inside almost anything,if thats your main concern
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    Could you please send that RAR file to support[at]eset.com as I suggested before so that we can have a look at it and tell why NOD32 doesn't scan it?
     
  13. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    Perhaps the user isn't aware of the profiles and that the settings are tied to the profiles?
     
  14. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Or right click ..
     
  15. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    i THINK ESS/NODv3 does though, if anyone can confirm?
    at least in the help file it says "the resident protection supports archive scanning". Though it doesnt seem to work this way in beta 1 as far as i can tell
     
  16. ASpace

    ASpace Guest

    Yes , it supports archive scanning but NOD/ESS scans archive only upon extract and later all extracted files on-create/on-access .

    The real archive (e.g. the ZIP file itself) is not scanned on-create or on-access because as I have said , there is no point of scanning such files , while packed/archived , no risk . If one wants this archive scanned before being extracted , it can scan it manually with a right click ;)
     
  17. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    Hm, I will ask my colleague what he meant by this. This sentence must be removed or rewritten so that it's correct.
     
  18. fblitk

    fblitk Registered Member

    Joined:
    Apr 11, 2007
    Posts:
    9
    1)You may be right, but erm... My friends nod poped up an alert right after he accessed the zipped file... and not the exe..

    2)there is a melissa thing ... on this site.. ~Snip~ No links to malware are to be posted on Wilders.
    Avast detects it! straight after accesing that page either on ie or ff but nod had let me see it! and Avast never!

    3)Does NOD protect P2P File Sharing... etc.

    and final bu not least,

    4)Does NOD disinfect a file with virus?

    and this is then last!! ;) (sorry)

    5) How can I make NOD avoid showing me those annoying blue locked messages on scan?

    and by the way, i got the file sent through MSN, so iI doubt it would have catched it...

    these are my actual concernes of NOD32...
    Thx.
     
    Last edited by a moderator: Apr 12, 2007
  19. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    Of course, text files are non-executable. NOD32 detects it heuristically with the vbs extension.
     
    Last edited by a moderator: Apr 12, 2007
  20. fblitk

    fblitk Registered Member

    Joined:
    Apr 11, 2007
    Posts:
    9
    Yes but it's still supposed to have catched it!
     
  21. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
    Regarding Melissa.txt

    On the frontpage: ~Snip~ Link removed. - Ron

    View real examples of virus/worm code, including CIH, MyDoom and Bagle.Ad. The samples on this site are harmless PROVIDING you do not change any file extensions when saving them to your computer.

    Regarding MSN

    Have you set the following command line under: Tools,Options,File Transfer, Scan files for viruses using:

    "C:\Program Files\Eset\nod32.exe" /selfcheck+ /list+ /scroll+ /quit+ /pattern+ /heur+ /scanfile+ /scanboot- /scanmbr- /scanmem- /arch+ /sfx+ /pack+ /mailbox- /adware /unsafe /ah /prompt /all
     
    Last edited by a moderator: Apr 12, 2007
  22. fblitk

    fblitk Registered Member

    Joined:
    Apr 11, 2007
    Posts:
    9
    thx for the info...
    now for the other points of concern...
    thx
     
  23. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,798
    Location:
    Texas
    Regarding potential or real malware, no links are to be posted on this forum.

    See The Terms of Service for clarification.

    Please send samples to the respective anti-malware companies.
     
  24. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
    @ronjor
    Oeps...sorry :)
     
  25. fblitk

    fblitk Registered Member

    Joined:
    Apr 11, 2007
    Posts:
    9
    yes me too... now lets get to the points please...
    I am thinking of an av product
     
Thread Status:
Not open for further replies.