NOD32 Bug

Discussion in 'NOD32 version 2 Forum' started by linx05, Feb 11, 2004.

Thread Status:
Not open for further replies.
  1. linx05

    linx05 Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    30
    I found a bug in NOD32. This is how you replicate it:

    Open up NOD32.exe and in any tab, click on the help button. Then minimize the help file, and close NOD32 by clicking on quit. It will cause NOD32 to make an illegal operation.

    ================================
    NOD32 Antivirus System information
    Virus signature database version:   1.619 (20040209)
    Dated:   Monday, 9 February 2004
    Virus signature database build:   4208

    Information on other scanner support parts
    Advanced heuristics module version:   1.005 (20031222)
    Advanced heuristics module build:   1047
    Internet filter version:   1.001 (20031104)
    Internet filter build:   1012
    Archive support module version:   1.008 (20031127)
    Archive support module build version:   1078

    Information on installed components
    NOD32 For Windows 95/98[me=linx05]- Base[/me]
    Version:   2.000.9
    NOD32 for Windows 95/98[me=linx05]- Standard component[/me]
    Version:   2.000.9
    NOD32 For Windows 95/98[me=linx05]- Internet support[/me]
    Version:   2.000.8

    Operating system information
    Platform:   Windows 98
    Version:   4.10.2222 A
    Version of common control components:   5.81.4916
    RAM:   64 MB
    Processor:   x86 Family 6 Model 8 Stepping 6
     
  2. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    I believe I reported that bug directly to Eset a few months ago, when 2.006 was the current build.
     
  3. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    It doesn't happen on XP

    But I can't understand why anybody would want to do that anyway

    Why do you want to turn off the antivirus while looking at the help file

    It strikes me some people just go looking for problems :D
     
  4. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Why do people make light of others? Now there's a good question for you.

    It isn't hard to imagine why you would want to read the help file, or why you would want to exit the NOD32 Control Center. If how and when you do those two things results in a crash, then it's a bug--plain and simple--and no one has an obligation to defend their reasons for finding it or encountering it.
     
  5. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    But if you exit control centre it disables the antivirus protection, the pop up warns you it is going to do that, I can't understand why someone would want to disable their antivirus while still using the computer,it totally defeats the object of having an antivirus protection in the first place, if you don't have the background scanner working and protecting you

    I wouldn't consider that behaviour a bad bug

    In any program you use, it's good practice to close all parts of the program before you exit it otherwise crashes happen, They always have and always will. I don't suppose for one minute that it's NOD itself that is causing the fault, but Windows98 itself. It is reknown for crashes on program exits when parts of the program are still running and occupying the memory space

    That is one of the reasons why XP & other NTFS based O/S are more stable, You can get away with tbehaviour like taht without crashing
     
  6. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    You should disable AMON before installing Windows updates, for one thing. But exiting the NOD32 Control Center doesn't disable AMON anyway; it just prevents AMON from alerting you to malware it comes across.
     
  7. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    No, that's not true. If you *disable* AMON then what you say is true. However, if you quit the control centre - by pressing the Quit button - as dvk01 says - it disables NOD32 protection in toto. Further to that, there's no way to get it back without rebooting (on any version of Windows).

    Now IMO that really is a nasty bug. Eset have confused quitting the control centre with quitting NOD32 as a whole and they make some excuse about it being a problem with restarting the nod32krn service. AMON, the CC, and the nod32krn service should all be independent: there's absolutely no valid technical reason why the service and AMON cannot run without the CC and still provide full protection. Even then, once the service is stopped there's absolutely no valid technical reason why a restart of the service cannot be performed. Try asking just about all the other A/V vendors.
     
  8. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    That is not true on mine. I can "Quit" the Control Center.
    nod32krn is still running. I can then restart the Control Center and Amon is still running as normal with the file scanned count still increasing. Also, double checking the Amon scan count it was increasing while I had the CC off.

    I can post screen captures if you would like.

    I am running WinXP Pro.
     
  9. linx05

    linx05 Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    30
    If you read my post correctly, it says nod32.exe. It isn't AMON or IMON its the other one. I found a bug and reported it, there is no reason to make fun of it. Never the less, it should be fixed.
     
  10. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    OK, thanks, then I will stand corrected. Maybe this was fixed in 2.000.9??
     
  11. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    I don't know if it was 2.000.9? I hadn't tried it
    prior to reading your post in this thread.
     
  12. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Yes, it's true. If you close the NOD32 Control Center, AMON is still providing protection. As the warning states, doing so "will disable virus warning". That's virus warning, not virus interception.

    Try it yourself; download the EICAR test file. With the NOD32 Control Center loaded, try opening the EICAR.COM file in Notepad. You get an alert. Now close the NOD32 Control Center (without disabling AMON). You still can't open EICAR.COM in Notepad (the file is locked by AMON).

    The reason that you can't restart AMON on some systems has to do with the AMON filter driver, not the NOD32 service. (This is what I've seen on WinXP in any event.) Check it yourself by stopping AMON, then going into Device Manager, doing a View > Show hidden devices, and double click the AMON entry under "Non-Plug and Play Drivers". Go to the Driver tab, and the Status will most likely say "Stopping".
     
  13. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    I can stop and then restart Amon on my
    WinXP Pro box? Works fine after restarting.
     
  14. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    It varies by system, I guess. I can disable and re-enable AMON, but if I click "Stop", I can't start it until rebooting. I'm not the only one, but consider yourself lucky if you can stop and restart AMON without rebooting.
     
  15. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    I may have misunderstood your post?

    If I go to the NOD Control Panel, click on
    Amon then the Stop button. That will stop it.
    Then if I go back to the Control Panel I can click
    on Start and that will restart it.

    If I go to the Device Manager/Amon/Driver I can click on Stop but I get an error message. It show "stopping" but Amon is still running. If I then go to the NOD Control Panel/Amon and click Stop then Start and go back to
    Device Manager/Amon/Driver, Amon shows "Started".

    If I use the Task Manager and "End Process" on
    nod32krn then I have to reboot to start it again.
     
  16. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    What I'm saying is that on my system, and some other systems, if I go into NOD32's Control Panel, click AMON, and then click the Stop button, I absolutely cannot start AMON back up without rebooting. The AMON driver is stuck in the "stopping" state, as shown in Device Manager. If I try to start AMON using the NOD32 Control Panel, I get the error "Unable to load resident protection". And I cannot do anything within Device Manager. For reasons that remain a mystery to me, the AMON driver never goes to the "stopped" state in the first place, so it cannot be started again.

    I have no idea why it works on your system, and not others, and Eset apparently doesn't, either. Like I said, just be glad this bug doesn't affect you.
     
  17. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    >Quote from: Steve Moss on Today at 02:19:45pm
    Quote from: nameless on Today at 11:48:00am
    You should disable AMON before installing Windows updates, for one thing. But exiting the NOD32 Control Center doesn't disable AMON anyway; it just prevents AMON from alerting you to malware it comes across.
    No, that's not true. If you *disable* AMON then what you say is true. However, if you quit the control centre - by pressing the Quit button - as dvk01 says - it disables NOD32 protection in toto. Further to that, there's no way to get it back without rebooting (on any version of Windows).

    Now IMO that really is a nasty bug. Eset have confused quitting the control centre with quitting NOD32 as a whole and they make some excuse about it being a problem with restarting the nod32krn service. AMON, the CC, and the nod32krn service should all be independent: there's absolutely no valid technical reason why the service and AMON cannot run without the CC and still provide full protection. Even then, once the service is stopped there's absolutely no valid technical reason why a r>estart of the service cannot be performed. Try asking just about all the other A/V vendors.

    >Yes, it's true. If you close the NOD32 Control Center, AMON is still providing protection. As the warning states, doing so "will disable virus warning". That's virus warning, not virus interception.


    This is new behavior. I'm glad you pointed this out as that was a bad bug in the past. The eicar test demonstrates perfectly how this now works. Very good!
     
Thread Status:
Not open for further replies.