Nod Blocking DL of TCP Patcher..

Discussion in 'NOD32 version 2 Forum' started by feverfive, Feb 18, 2006.

Thread Status:
Not open for further replies.
  1. feverfive

    feverfive Registered Member

    Joined:
    Jun 17, 2005
    Posts:
    121
    I find myself uncomfortable in complaining, but Nod is actually doing too good of a job for me. It's blocking my attempt to download the TCP patcher @ lvllord.de/... I quit Nod, but the nod32krn.exe can't be stopped in task manager... Anyway, I'm hoping I don't have to go through the extreme of unistalling/re-installing Nod so I can DL & run that patcher... Any other Nod users use that TCP patch?
     
  2. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    hi

    NOD32 detects this file when the "Potentially dangerous applications" option is selected, and it's not the only scanner that flags it as a possible threat - see screenshot from Virus Total

    lee
     

    Attached Files:

  3. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    NOD detects it as Win32/Tool.EvID4226. Try unchecking PDA's in IMON setup, if you still wish to use it, personally I would search for another patcher as it seems to be a hack tool.
     
  4. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    If you are sure the file you wish to download and execute is safe:
    Untick the boxes for:
    1 AMON and
    2 IMON
    temporarily while you download and execute it.
    Do not forget to tick the 2 boxes again when finished.

    HTH ;) ...
     

    Attached Files:

  5. gnervt

    gnervt Registered Member

    Joined:
    May 6, 2005
    Posts:
    53
    Location:
    Germany
    hi! sorry for askin it again - but why nod only detects the english version from that patch? the german version isnt detected...
     
  6. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    The English version of the Event ID 4226 Patch, available here:

    http://lvllord.de

    With MD5 hash:

    Code:
    6293BE40916B014903ED2CFB356AB1BB
    Is not malicious. It changes exactly two bytes in TCPIP.SYS, related to the maximum number of concurrent outgoing connections allowed by that driver. It does nothing else (except create a backup copy of the file it alters).

    You may need to temporarily disable IMON and AMON to download and use the Event ID 4226 Patch. I have added an exclusion in AMON for EvID4226Patch.exe, so I can run it whenever I want or need to. (Excluding it from the on-demand scanner is a whole other issue, as I found out recently.)
     
  7. feverfive

    feverfive Registered Member

    Joined:
    Jun 17, 2005
    Posts:
    121
    Yep, I figured as much...Not sure I want to go through the BS if only to run into issues on my next active scan... Thanks for the tips everyone; gonna have to see if I can perhaps hack TCP manually instead of using this tool so as not to run into problems...
     
  8. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Using this utility is a lot more foolproof than hacking it manually. You don't need to keep the EXE around afterward, and if you do, you can put it in a password-protected ZIP archive or something, which will keep it from being detected by NOD32 (or anything else).

    The modified TCPIP.SYS won't be detected by NOD32 as any sort of malware, of course.

    Disable IMON and AMON, download and run the utility, then delete (or archive) the utility and reboot. It's really easy.
     
Thread Status:
Not open for further replies.