On-demand & In-Depth Scanning Failure???

Discussion in 'NOD32 version 2 Forum' started by Nobody003, May 25, 2007.

Thread Status:
Not open for further replies.
  1. Nobody003

    Nobody003 Registered Member

    Joined:
    May 25, 2007
    Posts:
    11
    Location:
    Western Australia
    Hi Guys,

    I recently got NOD32 2.5 . I had no anti-virus program prior to this being installed as i have only recently purchased this computer.

    I have a problem though while im attempting to do a In-depth scan or On-Demand Scan. I click scan, and i see files getting scaned, then about 4-5seconds into it, the window drops, takes me back to the nod main window.......has it scanned? i thought it would of given me a report or something to show me it has completed its such with X number of files and X number of infections...

    IN my Nod32 Scanner Log, there is a log that a scan has been created however the status of it shows up always as 'Scanning'....When i access the details of the log, it says 0 number of files scanned and 0 number of infections found..

    is their a virus on my computer that is stopping my NOD32 program from conducting its searches?

    Please help.

    Cheers
     
  2. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Try running a scan in safe mode.
     
  3. Nobody003

    Nobody003 Registered Member

    Joined:
    May 25, 2007
    Posts:
    11
    Location:
    Western Australia
    Just tried, it seemed like it went for abit longer but it just dropped out. closed the window automatically.

    1st time i did it in safe mode went for about 10-12secs, i can see the files being scanned, then it just stopped. terminated window.

    tried a second time but it terminated within like seconds.

    :(.
     
  4. Nobody003

    Nobody003 Registered Member

    Joined:
    May 25, 2007
    Posts:
    11
    Location:
    Western Australia
    i tried it in admin mode to see where it stops...looks like theres a specific folder...its a Local Settings\Microsoft\Messenger\emailaddy\share something or other, i cant quite get the full address as it gives me no warning when it closes...

    maybe i should delete this foldero_O
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Nobody003, welcome to Wilders.

    Never mind, it's too late here, and I missed the relevant part about no previous AV

    Cheers :D
     
  6. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Go into the Program files/Eset/NOD32 folder (or whatever it is called) Rename NOD32.exe to something different(balloon.exe for example) then try running the scan in safe mode again. You will have to navigate to the folder and double click on the renamed file. This is one of the advantages of NOD. This is in case some malware is terminating NOD32.exe, it won't be looking for balloon.exe Get the idea?
     
  7. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Of course when you are done don't forget to rename it back to Nod32.exe or future scans might not work.
     
  8. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    That's all right Blackspear, it is late down there. I think he just might be infected by something.
     
  9. Nobody003

    Nobody003 Registered Member

    Joined:
    May 25, 2007
    Posts:
    11
    Location:
    Western Australia
    its definitly something in my local settings, application data folder.... ill try your steps, and ill get back to you. shouldnt be more then 5min.
     
  10. Nobody003

    Nobody003 Registered Member

    Joined:
    May 25, 2007
    Posts:
    11
    Location:
    Western Australia
    Ok, i changed exe file to balloon.exe, restarted comp and went via safe mode to get into admin, executed balloon.exe, ran scan, but it stops at the same point, some local settings\application data\microsoft\messenger...
     
  11. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Sounds like some sort of buffer overflow. Is the file small enough to upload to Virus total or Jotti's online scanner?
     
  12. Nobody003

    Nobody003 Registered Member

    Joined:
    May 25, 2007
    Posts:
    11
    Location:
    Western Australia
    well its weird, i head to the folder, but theirs nothing there....ive enabled the option to show me hidden folders...i deleted all the folders contained within the local settings\applic data\microsoft\messenger\emailaddy\ but it looks like it stills searching files within that folder....
     
  13. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    try deleting the folder, if you are sure it is nothing you use.
     
  14. Nobody003

    Nobody003 Registered Member

    Joined:
    May 25, 2007
    Posts:
    11
    Location:
    Western Australia
    well i uninstalled the program windows live messenger, ill get back to you in a sec how my scan goes next time...
     
  15. Nobody003

    Nobody003 Registered Member

    Joined:
    May 25, 2007
    Posts:
    11
    Location:
    Western Australia
    well program uninstalled but folder still exists, just now going through admin safe mode to see if i can delete it.......there is absolutely nothing in this folder....but NOD32 is scanning something in it...fingers crossed i can delete the folder...
     
  16. Nobody003

    Nobody003 Registered Member

    Joined:
    May 25, 2007
    Posts:
    11
    Location:
    Western Australia
    well windows says their is 5 folders and 10 files totaling 157k/b which i cant see at all....no matter what i do...and the scan stops at this point. i tried to delete, but it doesnt do anything, hour glass comes on next to mouse but thats it....

    any suggestions....im about to update to 2.7 now
     
  17. Nobody003

    Nobody003 Registered Member

    Joined:
    May 25, 2007
    Posts:
    11
    Location:
    Western Australia
    looks likes it all solved. by updating to the 2.7 has searched the folder correctly and given it the all OK.......very odd.....sorry to disturb you guys, but at least that hurdle is over, its nearly completed its scan...

    Thanks Flyrfan
     
  18. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    No Problem, be sure to rename back to NOD32.exe when you are done.
     
  19. Nobody003

    Nobody003 Registered Member

    Joined:
    May 25, 2007
    Posts:
    11
    Location:
    Western Australia
    ok on-demand didnt pick this up, but in-depth did.....whoa...lucky i got this sorted.....what are these trojans anyway? anyone have experience in this?

    untitled1.JPG
     
  20. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi there, please take the following steps:

    1. Check your settings against those found HERE

    2. Turn OFF System Restore by doing the following (note: by doing so you will lose all restore points):

    Windows XP Instructions

    a. Right click on the “My Computer” icon on the Windows desktop.

    b. Click on “Properties”.

    c. Click on the “System Restore”.

    d. Place a tick in “Turn off System Restore on all Drives”.

    e. Click OK.

    f. Close and RESTART your system.

    g. Turn System restore back ON.

    3. Finally, run a scan by clicking on the NOD32 Control Centre> NOD32> Run NOD32> Scan and Clean.

    Let us know how you go...

    Cheers :D
     
  21. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Generally, if the scanner window closes all of a sudden during a scan and the relevant entry in the log says "Scanning" though, we suggest the following:

    - run nod32.exe with the /crashlog parameter and check crash.log for the last entry when the scanner closes. We'll need that file for analysis then.

    - also try playing around the various options in the on-demand scanner setup, such as runtime packers and archives to see if disabling them makes a difference
     
Thread Status:
Not open for further replies.