Nod Blocking DL of TCP Patcher..

I find myself uncomfortable in complaining, but Nod is actually doing too good of a job for me. It's blocking my attempt to download the TCP patcher @ lvllord.de/... I quit Nod, but the nod32krn.exe can't be stopped in task manager... Anyway, I'm hoping I don't have to go through the extreme of unistalling/re-installing Nod so I can DL & run that patcher... Any other Nod users use that TCP patch?

 

hi

NOD32 detects this file when the "Potentially dangerous applications" option is selected, and it's not the only scanner that flags it as a possible threat - see screenshot from Virus Total

lee

 

NOD detects it as Win32/Tool.EvID4226. Try unchecking PDA's in IMON setup, if you still wish to use it, personally I would search for another patcher as it seems to be a hack tool.

 

If you are sure the file you wish to download and execute is safe:
Untick the boxes for:
1 AMON and
2 IMON
temporarily while you download and execute it.
Do not forget to tick the 2 boxes again when finished.

HTH ...

 

hi! sorry for askin it again - but why nod only detects the english version from that patch? the german version isnt detected...

 

The English version of the Event ID 4226 Patch, available here:

http://lvllord.de

With MD5 hash:

Code:

6293BE40916B014903ED2CFB356AB1BB

Is not malicious. It changes exactly two bytes in TCPIP.SYS, related to the maximum number of concurrent outgoing connections allowed by that driver. It does nothing else (except create a backup copy of the file it alters).

You may need to temporarily disable IMON and AMON to download and use the Event ID 4226 Patch. I have added an exclusion in AMON for EvID4226Patch.exe, so I can run it whenever I want or need to. (Excluding it from the on-demand scanner is a whole other issue, as I found out recently.)

 

Yep, I figured as much...Not sure I want to go through the BS if only to run into issues on my next active scan... Thanks for the tips everyone; gonna have to see if I can perhaps hack TCP manually instead of using this tool so as not to run into problems...

 

Using this utility is a lot more foolproof than hacking it manually. You don't need to keep the EXE around afterward, and if you do, you can put it in a password-protected ZIP archive or something, which will keep it from being detected by NOD32 (or anything else).

The modified TCPIP.SYS won't be detected by NOD32 as any sort of malware, of course.

Disable IMON and AMON, download and run the utility, then delete (or archive) the utility and reboot. It's really easy.