Nod32cc.exe Pack file

Discussion in 'NOD32 version 1 Forum' started by Antarctica, May 4, 2003.

Thread Status:
Not open for further replies.
  1. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,618
    Location:
    Canada
    Hello,
    When I scan my P.C. with TrojanHunter it gives me a report that I have a possible Trojan in C:\Windows\System32\NOD32cc.exe
    (Suspicious WWPack32 packed file in Windows system)?
    Is that a problem with my AV?
    Thank you for your help
     
  2. Tuulilapsi

    Tuulilapsi Registered Member

    Joined:
    Dec 8, 2002
    Posts:
    53
    Not so much a problem as a feature, I guess. My memory might be failing me, but I seem to recall NOD installing its control center (NOD32cc.exe) in that location. It's a packed executable, and a default Windows installation doesn't leave any packed executables in the System folder. Many malware programs do hide themselves in the System folder to look 'valid', and since trojans in particular are often packed with an exe packer, it's a good idea to warn about packed files in the System folder - which TrojanHunter does. The NOD file is of course legit and not a trojan, though I don't see why NOD needs to leave packed files in the System folder.
     
  3. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,618
    Location:
    Canada
    Thank you Tuulilapsi for the information. So we will wait to see if some one from Eset can give us the information why NOD would live a packed file in the System Foldero_O
     
  4. doktor

    doktor Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    2
    Imho, nod32cc.exe should be more likely in C:\Program Files\ESET\....
    If you take a closer look on amon.exe, nod32.exe or nod32cc.exe, all are packed by wwpack32... just send the file to eset support to get answer if the file is okay. If they reply you it is okay, the the problem is with Trojan Hunter

    Myne nod32cc.exe is 235008 byset long...
     
  5. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Just for info and comparison purposes, I also have nod32cc.exe in C:\WINDOWS\system32. 232KB.
     
  6. Tuulilapsi

    Tuulilapsi Registered Member

    Joined:
    Dec 8, 2002
    Posts:
    53
    Thank you, Sig. :)

    This is not a problem with TrojanHunter - TrojanHunter is doing what it is supposed to do by reporting any packed executables in the System folder. TH isn't saying the file is a trojan, TH is saying the file is suspicious because it is a packed exe file in a folder that does not normally contain packed exe files unless third-party programs have added such files there (a legitimate application like NOD could do it and apparently does, and most trojans do it).

    I personally think it's a bad idea for legit programs to leave packed files in the System folder unless it is absolutely necessary. (And when exactly is it ever necessary?)
     
  7. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hi Antarctica,

    >When I scan my P.C. with TrojanHunter it gives me a report that I have a possible Trojan in C:\Windows\System32\NOD32cc.exe
    (Suspicious WWPack32 packed file in Windows system)?
    Is that a problem with my AV?

    Yes, we used this packer for the current version of NOD32, but not in the v2 anymore. Anyway, it is not dangerous. You will get rid of that in the v2. :)

    Cheers,

    jan
     
  8. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,618
    Location:
    Canada
    Thanks jan :) :)
     
Thread Status:
Not open for further replies.