Nod 32 V2 Couldn't Help

Hello, I had a "catch" in my scan this evening but Nod left me stranded
I wonder how NAV 2002 would have re-acted. Have a look.

Fortunately deleting the infected files cleaned up.

 

This is normal for NOD32 when finding virus's in zip files as far as I know. I think it has been mentioned before that this is because deleting the infected files also risks the deletion of other safe data contained in the zip file.

 

This is my first virus in perhaps 3 years online. I felt lost and stuck yet
I have read so much and should have re-acted more confidently. I did expect more from Nod, but you think this is normal behaviour. Surely
Nod could have helped in a more active fashion.
My main interest was to get cleared at any price.

 

It's always scary the first time, and even now when Nod catches a virus, I still run a second scan, just to be sure, to be sure

2 options available to you, find the infected file (where Nod has pointed to) and delete it, or Quarantine the file.

Nod has done it's job, now the choices are yours

Cheers

 

I deleted it a few hours ago. I have run 3 or 4 scans because I can't believe it went so easily. I deleted the file and as far as I can remember I tried to quarintine but it wouldn't

What about System Restore, would it need cleaned?
How is that virus carried?

 

Try rebooting and scanning again. If the virus is back shut off your systems restore, reboot, scan and clean.

You can turn your systems restore back on after that.

 

OK, rebooted and another "clean" scan. Made another restore point and deleted all previous to this, I have one and last scan running now
after cleaning restore points.

Thank - you to everyone who lent a helping hand. I do appreciate the help.

Edit: last scan clean.

 

Glad your system is clean again!

Don't u just hate those nasties?


Snowbound

 

I would have just left it there. It's zipped and thus totally harmless. If you ever decided to unzip it, Amon would have stopped you. So rather than go through all that system restore stuff it would be simplier to just leave it. I have several zipped viruses sitting around. I don't worry about them.

 

Well to explain this issue: did you notice text saying "probably unknonw NewHeur_PE virus" ? NOD just suspected the file could be a new unknown virus... It was detected by NOD32's advanced heuristic. Before you deleted the file, you should send it to ESEt for analysis....

Do it newxt time, okay? It could help to improve product and to protect the other users.

 

Hello and thanks for replies. As it was my first experiance of a virus the first thing I could think of was "get it out". I was unprepared for it.
I had visions of it whizzing around on my hard drive cutting down everything in it's path. Now that that's over I would be more knowledgeable next time. (Next time ) It turned out to be a pretty low key affair.

Now a question for all you wise old men . How did it come to be in that particular file, where would it even have come from?

PS. Also when I seen that it appeared that Nod was unable to help made the situation more desperate for me.

 

manOFpeace

I might have reacted the same as you: "get this off my machine now!" But with the luxury of hindsight, one might suspect it was a false positive. It appears it is an installation file for AIDA32. I don't run Aida32 but I'm guessing it probably runs a few high level (invasive?) processes that perhaps NOD32 hueristics thought were suspicious.

Or, perhaps it really was a virus

Regards,
Optigrab

EDIT: Out of curiosity, I found one or two download sites for the same file. Downladed and scanned my NOD32 with /ah reported it was suspicious too. Still, I suppose it could be that all the installation files for this particular version of Aida32 are infected.

 

Thanks optigrab, once I did a test to see how my anti-virus was working, everything turned red. This time if I hadn't checked the log I wouldn't even have known it was there, no alarm bells at all.
I don't have Aida now and at the moment I don't know whether to replace it or not. I have Belarc and I'm thinking of making do with that.

 

Very interesting indeed, although it is a few weeks since I done the upgrade. Out of interest are you sending that to Esat for testing?

 

D'oh! I deleted it too, without thinking about sending it to ESET. Went back to the site (not the official site, mind you), got another copy, and will send it.

Here's what is really interesting. I went over to the official Aida32 site and DL'd the latest instsall zip. NOD32 with /ah did not pick up anything suspicious in that file. So I would say, ManofPeace, that you should not be afraid to try Aida32 - just get the latest install from the official site. It's reputed to be a very good freebie.

 

Thanks optigrab for the help. There is supposed to be more of a commercial version which as far as I remember is free as well.

optigrab, the other aida32 is called, Aida32 Enterprise System Information,
I looked for this in Aida site but I couldn't find it. This is very deep stuff and would be aimed more at the professional IT personnell.
I think the plain edition would have done me OK but now that I have it, it's here.

 

Reply from ESET:

"the package "aida32pe_350.zip" doesn't cointain any virus or malware. Don't worry, this is just a false alarm."

- End of story.

 

Thanks for information optigrab.

 

Hello manOFpeace

There is a newer version than version 3.50. You can obtain version 3.85 here.

Best wishes

 

Thanks QSection, got it Sunday, did you read how many files can be deleted, all the Lan. plus about half of the remainder.