Nod 32 V2 Couldn't Help

Discussion in 'NOD32 version 2 Forum' started by manOFpeace, Nov 21, 2003.

Thread Status:
Not open for further replies.
  1. manOFpeace

    manOFpeace Registered Member

    Joined:
    Feb 1, 2003
    Posts:
    716
    Location:
    Ireland
    Hello, I had a "catch" in my scan this evening but Nod left me stranded
    I wonder how NAV 2002 would have re-acted. Have a look. :eek:

    Fortunately deleting the infected files cleaned up. :cool:
     

    Attached Files:

  2. dos

    dos Registered Member

    Joined:
    Oct 17, 2003
    Posts:
    43
    This is normal for NOD32 when finding virus's in zip files as far as I know. I think it has been mentioned before that this is because deleting the infected files also risks the deletion of other safe data contained in the zip file.
     
  3. manOFpeace

    manOFpeace Registered Member

    Joined:
    Feb 1, 2003
    Posts:
    716
    Location:
    Ireland
    This is my first virus in perhaps 3 years online. I felt lost and stuck yet
    I have read so much and should have re-acted more confidently. I did expect more from Nod, but you think this is normal behaviour. Surely
    Nod could have helped in a more active fashion.
    My main interest was to get cleared at any price. :)
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    It's always scary the first time, and even now when Nod catches a virus, I still run a second scan, just to be sure, to be sure :D

    2 options available to you, find the infected file (where Nod has pointed to) and delete it, or Quarantine the file.

    Nod has done it's job, now the choices are yours :doubt:

    Cheers :D
     
  5. manOFpeace

    manOFpeace Registered Member

    Joined:
    Feb 1, 2003
    Posts:
    716
    Location:
    Ireland
    I deleted it a few hours ago. :D I have run 3 or 4 scans because I can't believe it went so easily. I deleted the file and as far as I can remember I tried to quarintine but it wouldn't o_O

    What about System Restore, would it need cleaned?
    How is that virus carried? o_O
     
  6. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Try rebooting and scanning again. If the virus is back shut off your systems restore, reboot, scan and clean.

    You can turn your systems restore back on after that.
     
  7. manOFpeace

    manOFpeace Registered Member

    Joined:
    Feb 1, 2003
    Posts:
    716
    Location:
    Ireland
    OK, rebooted and another "clean" scan. Made another restore point and deleted all previous to this, I have one and last scan running now
    after cleaning restore points.

    Thank - you to everyone who lent a helping hand. I do appreciate the help. ;)

    Edit: last scan clean.
     
  8. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Glad your system is clean again! :)

    Don't u just hate those nasties? ;)


    Snowbound
     
  9. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I would have just left it there. It's zipped and thus totally harmless. If you ever decided to unzip it, Amon would have stopped you. So rather than go through all that system restore stuff it would be simplier to just leave it. I have several zipped viruses sitting around. I don't worry about them.
     
  10. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    Well to explain this issue: did you notice text saying "probably unknonw NewHeur_PE virus" ? NOD just suspected the file could be a new unknown virus... It was detected by NOD32's advanced heuristic. Before you deleted the file, you should send it to ESEt for analysis....

    Do it newxt time, okay? It could help to improve product and to protect the other users.
     
  11. manOFpeace

    manOFpeace Registered Member

    Joined:
    Feb 1, 2003
    Posts:
    716
    Location:
    Ireland
    Hello and thanks for replies. As it was my first experiance of a virus the first thing I could think of was "get it out". I was unprepared for it.
    I had visions of it whizzing around on my hard drive cutting down everything in it's path. Now that that's over I would be more knowledgeable next time. (Next time :D) It turned out to be a pretty low key affair.

    Now a question for all you wise old men ;). How did it come to be in that particular file, where would it even have come from? :cool:

    PS. Also when I seen that it appeared that Nod was unable to help made the situation more desperate for me. ;)
     
  12. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    manOFpeace

    I might have reacted the same as you: "get this off my machine now!" But with the luxury of hindsight, one might suspect it was a false positive. It appears it is an installation file for AIDA32. I don't run Aida32 but I'm guessing it probably runs a few high level (invasive?) processes that perhaps NOD32 hueristics thought were suspicious.

    Or, perhaps it really was a virus :p

    Regards,
    Optigrab

    EDIT: Out of curiosity, I found one or two download sites for the same file. Downladed and scanned my NOD32 with /ah reported it was suspicious too. Still, I suppose it could be that all the installation files for this particular version of Aida32 are infected.
     

    Attached Files:

  13. manOFpeace

    manOFpeace Registered Member

    Joined:
    Feb 1, 2003
    Posts:
    716
    Location:
    Ireland
    Thanks optigrab, once I did a test to see how my anti-virus was working, everything turned red. This time if I hadn't checked the log I wouldn't even have known it was there, no alarm bells at all.
    I don't have Aida now and at the moment I don't know whether to replace it or not. I have Belarc and I'm thinking of making do with that. :)
     
  14. manOFpeace

    manOFpeace Registered Member

    Joined:
    Feb 1, 2003
    Posts:
    716
    Location:
    Ireland
    Very interesting indeed, although it is a few weeks since I done the upgrade. Out of interest are you sending that to Esat for testing? :)
     
  15. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    D'oh! I deleted it too, without thinking about sending it to ESET. Went back to the site (not the official site, mind you), got another copy, and will send it.

    Here's what is really interesting. I went over to the official Aida32 site and DL'd the latest instsall zip. NOD32 with /ah did not pick up anything suspicious in that file. So I would say, ManofPeace, that you should not be afraid to try Aida32 - just get the latest install from the official site. It's reputed to be a very good freebie.
     
  16. manOFpeace

    manOFpeace Registered Member

    Joined:
    Feb 1, 2003
    Posts:
    716
    Location:
    Ireland
    Thanks optigrab for the help. There is supposed to be more of a commercial version which as far as I remember is free as well. :)

    optigrab, the other aida32 is called, Aida32 Enterprise System Information,
    I looked for this in Aida site but I couldn't find it. This is very deep stuff and would be aimed more at the professional IT personnell.
    I think the plain edition would have done me OK but now that I have it, it's here.
     
  17. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    Reply from ESET:

    "the package "aida32pe_350.zip" doesn't cointain any virus or malware. Don't worry, this is just a false alarm."

    - End of story.
     
  18. manOFpeace

    manOFpeace Registered Member

    Joined:
    Feb 1, 2003
    Posts:
    716
    Location:
    Ireland
    Thanks for information optigrab. ;)
     
  19. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    Hello manOFpeace

    There is a newer version than version 3.50. You can obtain version 3.85 here.

    Best wishes
     
  20. manOFpeace

    manOFpeace Registered Member

    Joined:
    Feb 1, 2003
    Posts:
    716
    Location:
    Ireland
    Thanks QSection, got it Sunday, did you read how many files can be deleted, all the Lan. plus about half of the remainder. ;)
     
Thread Status:
Not open for further replies.