NOD32 can't clean msn virus?

Hey guys, I work as a computer technician in my local computer shop, and I've been using nod32 for a couple of years now and its my #1 antivirus without a doubt.

I do have a worry though. I use it to clean a lot of my customer's pc's, but one thing I haven't been able to clean with NOD32(v2.7 and v.3) is the msn virus.

I have a sample of the virus, and uploaded it to virustotal here: http://www.virustotal.com/resultado.html?9c355794dc22855e644394cf5bc7e73e

If I scan the file with NOD32, it detects without any problems, but if the pc is already infected with the virus, it doesn't seem to be able to clean it Unfortunately, Rising antivirus seems to be able to do the job, but I really don't like Rising.

I've been scanning with in depth scan, is there anything I'm missing?

I can email the file to Eset no problem if needed.

Much thanks for any replies/help.

Cheers,
Kinson

 

Have you tried scanning in safe mode?

 

Hrmmm, a little embarassing to say that I haven't...I must be losing my touch

But the thing is, I've (taken it out and) scanned the hard disk(as a slave) on another pc with nod32 that is definately not infected, and it still didn't detect

 

Did you have advanced heuristics and runtime packers actually enabled?

 

Do you mean the options under:

AMON->setup->options->heuristics(checked), and ->additional options on create->runtime packers(checked).

If so, then yeah, they're enabled by default, and I don't change those settings.

I'm reading this off Nod32 v2.7 btw.

cheers,
Kinson

 

If you run a full system scan using the on-demand scanner, the files will not be deleted even after the next system restart?

 

Why will they not be deleted?

 

If the files are in use they can only be deleted after the next restart

 

Hi guys,

I've had a little bit of time today, so I took a spare PC to test this virus out:

My method:
1) infect pc with msn virus
2) install kaspersky(and update), scan(without cleaning), uninstall kaspersky
3) install nod32 v.2.7(and update), scan(without cleaning), uninstall nod32 v2.7
4) install nod32 v3(update), scan (without cleaning), uninstall nod32 v3
*all scans done in NORMAL mode, NOT safe mode
Result:

1)kaspersky picked up the msn virus
http://img137.imageshack.us/img137/9496/kasperskymediumqk4.jpg

2)Nod32 v2.7 picked it up too(yay !)
http://img137.imageshack.us/img137/3482/nod27mediumck2.jpg

3)Nod32 v3 also picked it up, but it was a little weird.
http://img137.imageshack.us/img137/5820/nod3mediumly9.jpg

V3 didn't seem to pick up the ones in the system restore folder(though, being in the sys restore, they're harmless anyways, lol). I'm just curious I suppose, I thought 2.7 and v3 might share the same engine(especially since V3 isn't available in Malaysia yet. Waiting for it to sell to customers ).

Funnily enough, of the 3 virus exe's in the system32 folder, 2 couldnt be found during the V3 scan(I thought V3 had missed it, until I went to look for it and couldn't find it from the previous path). And I specifically set v2.7 to scan without cleaning. Weird, heh.

Anyways, I'm happy that NOD32 is tops again I was a little worried when it couldn't(for reasons unknown to me) clean the msn virus(though as I said before, it picked it up easily before infection).

Any idea about why V3 didn't get the Sys restore virus?(its still there, cause I reinstalled kaspersky to double check after uninstalling V3.

Cheers,
Kinson

PS: Thanks so much for NOD32

 

Did you actually try cleaning this PC with either Kav or Nod:-you said earlier Nod detected the infection but didn't clean it,are you sure the previous uncleaned result isn't just the virus in the sys restore folder?
If Nod still cannot clean this infection your no better of now than when you 1st posted

 

When I first posted that NOD32 detected the virus, I meant the file that the virus sends to each other. I received it on my Ubuntu Linux box, so obviously it doesn't do me any harm, so I scanned it on a Windows Box with NOD32, and it detected the virus no problem.

But the problem was when the pc was ALREADY infected with the Virus NOD32 didn't seem to be able to clean this. Cause I always go through the scan logs to see what is cleaned, what virus people had etc etc.

Like I said before, in my opinion, NOD32 is the best antivirus there is, thats why I was more than a little curious why it couldn't clean pc's that were already infected with this msn virus. But as long as it does now, I suppose the issue isn't that important. I'm just wondering whether I made a mistake previously, but I honestly doubt so.

Cheers,
Kinson