NOD32 V4 and Nero applications

Discussion in 'ESET NOD32 Antivirus v4 Beta Forum' started by netwiz2007, Feb 28, 2009.

Thread Status:
Not open for further replies.
  1. netwiz2007

    netwiz2007 Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    4
    Why would NOD32 identify the following apps/setup programs as a threat
    "win32/toolbar.AskBar potentially unwanted application"

    Nero_BackItUp-4.0.38.0c_update
    nero_photoshow_deluxe_5_setup

    I know I can probably exclude them from being checked but I would wonder why NOD32 would identify these legitimate files as a threat

    Thanks
     
  2. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,737
    Location:
    New York City
  3. netwiz2007

    netwiz2007 Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    4
    Yes I read those threads but they seem inconclusive. So basically if I wanted to spread a virus/Trojan I need to just name my file as one of those two files, knowing that 90% of users that have NOD32 installed have them in the exclude list. I do not know but I would think there must be some type of signature that NOD32 to look for to verify that it is a legitimate application.

    Anyway I have put the excludes in and it no longer detects them as unwanted programs, so you virus/Trojan writers sssshh but here is an opening.
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,854
    Isn't Nero bundling ask crap with their products now? I'm not sure, Nero became a bloated piece of crap a long time ago.

    EDIT: Turns out it's NOT an FP. If you really do want to install it then you will need to turn off PUA or temporarily disable your AV.
     
    Last edited: Feb 28, 2009
  5. GAN

    GAN Registered Member

    Joined:
    Mar 3, 2007
    Posts:
    355
    It's because you told nod32 to do so. If you enable "potentially unwanted applications" (the setting shouldn't need any further explanation) then nod32 will warn you against "potentially unwanted applications" like toolbars. For a lot of people all those toolbars you find included with almost anything these days is a perfect example of a "unwanted application". The setting says "potentially" which means it's not necessarily "unwanted" for everyone.
     
  6. netwiz2007

    netwiz2007 Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    4
    Fair enough, so I am just a little concerned then why I would not just get a warning, instead NOD32 puts the files in quarantine.
    But I wonder what is the best setting then, I wonder how everyone else has this setup, do you uncheck the option "Potentially unwanted applications" and check the "potentially unsafe applications" or is it better the other way around. I suppose the answer is it depends, but I wonder what most advanced users set it as?
     
  7. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,854
    No I have it on, but I have all cleaning slider methods on default, and I also use v4 which treats PUA's differently, that way I get an orange popup asking me what to do, and I can ignore it.
    But in your case you might need to exclude the nero directory, as it may keep warning you if it installs a detected PUA.

    But seriously, why not use different apps? ImgBurn, FormatFactory, etc. are great lightweight apps, and free.
     
  8. Dracula87

    Dracula87 Registered Member

    Joined:
    Nov 14, 2008
    Posts:
    43
    Location:
    Ukraine
    Nero has a toolbar of some kind (I guess), so just exclude the setup file.

    D'know guys... Using Ashampoo Burning Studio :)
     
  9. pondlife152

    pondlife152 Registered Member

    Joined:
    Apr 23, 2008
    Posts:
    105
    Location:
    UK
    Yes, Nero has the Ask Toolbar setup (for Internet Explorer) built in to its own setup file. When installing Nero, you are asked whether you want it or not.

    Personally, I'm happy NOD flags this up. I'm sick of seeing some toolbar or other lurking in the setup files for these apps. If it isn't Ask, it's Google or MSN.
     
Thread Status:
Not open for further replies.