Nod amuset.

Discussion in 'NOD32 version 2 Forum' started by Get, Feb 6, 2006.

Thread Status:
Not open for further replies.
  1. Get

    Get Guest

    To my surprise for the first time an on-demand full scan found a virus (win95/sk) and not only that, it found it in an old file (a game, an extracting exe-file). I was/am quite sure it was a false positive and I scanned only the file, but nod froze on it. Then I unpacked it and scanned the unpacked game and it was clean. Then in my everlasting wisdom I changed the extension to .zip and somewhat later an amon-screen told me there was an infection , but all the options where unavailable, so I closed the screen and found out nod had deleted the file and it also wasn't in quarantaine. Ok, no harm done, because I still have the unpacked one. The question is: I've setup Amon good, it must give me action options, move newly created files to quarantaine and ISN'T allowed to clean automatically so ehm I can't see what I did wrong and must therefor the conclusion be that NOD32 screwed up?:doubt:
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
  3. Get

    Get Guest

    Well , that's very nice of course, but doesn't answer my question. The problem isn't the FP, but the fact nod deleted a file which it, as far as I understand, isn't allowed to do.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    With default settings, AMON automatically moves newly created files reported as infected to quarantine.
     
  5. Get

    Get Guest

    And with these settings, which are mine, it deletes them..?
    get-5a-nod10zd.jpg
    get-5b-nod27me.jpg
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Yes - see the lower screenshot - you set AMON to move newly created files to quarantine which means they will be removed from the original location.
     
  7. Get

    Get Guest

    Yes, I know, but it isn't in quarantaine. It's deleted.
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I tried it with a 340 MB file and it was moved to quarantine and subsequently successfully restored.
     
  9. Get

    Get Guest

    get-9-nod32zq.jpg
    Strange. I don't know why it went wrong, but it has always been this way, only then it were infected files so I didn't give it a second thought. hmm . Maybe someone has an idea...?
     
  10. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I've been getting this as well...
     

    Attached Files:

    Last edited by a moderator: Feb 6, 2006
  11. Get

    Get Guest

    Strangely enough "c:\Program Files\Eset\infected" isn't present on my pc and I can't add files to quarantaine and when I scan the eicar.com file and tick quarantaine and choose delete it says there's an error quarantaining. I will uninstall/install nod later and see what happens.
     
  12. Get

    Get Guest

    Well, i've tried to get the quarantainefunction back by changing the nodsettings and disabling other securityapps and also i've made a folder named "infected" in the esetfolder, but it didn't help so I got a fresh nodcopy and installed that one and now everything works fine. I don't know what made this happen, but I will check it "frequently" to see if it goes wrong again and then maybe I can find the reason.
     
  13. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    Some registry cleaners remove the registry value for the NOD32 "infected" folder.
     
  14. Get

    Get Guest

    You're absolutely right SSK! :thumb: I found it in my JV16-backups. I allready thought about "remove junk files" and "find empty folders" of Ace Utilities, but when the first would have mistakingly found it (why would it??) I would have noticed and the latter I don't use, but still I had a vague memory of some Eset/quarantine-thing being found somewhere. I would never have guessed it was in the registrycleanerresults and the problem was caused by cleaning the registry...the folder is there so why remove the key?...or... the folder isn't there so there's no key to remove...but that's where I went wrong. When you install Nod32 the infected-folder isn't there but the key is. The folder is created when the first file is quarantined so when you use a registry cleaner before the creation the key is removed and the folder will never be created. You could say that's a mistake made by the registrycleaner, but the folder isn't there so you can't call that a mistake, or by the user who isn't paying enough attention :rolleyes:, but it can be solved easily, I guess, by Eset, by creating the folder when installing Nod32 or by creating the key when the folder is created.
     
  15. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    Nice write-up :)

    You can exclude the key in JV-16 by selecting it and use right click - never show again.
     
  16. Get

    Get Guest

    Yes, I know, it's indeed a nice write-up. I solve it by after installing adding and removing a file to quarantine btw, but your solution is also good of course.
     
  17. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    To make a long story short, I don't use JV-16 at all and I never have used it and I had the same problem with the 'infected' folder not being there.
     
  18. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Why exclude it, rather than just creating the directory, so registry cleaners won't find a missing directory?

    Start > Run > cmd /c mkdir "C:\Program Files\Eset\infected" > OK

    I'm not a fan of registry cleaners--as we see here and so often, they cause nothing but harm--but in this case, it's doing exactly what you've asked it to do.
     
Thread Status:
Not open for further replies.