On demand scanning not working.

Discussion in 'NOD32 version 2 Forum' started by E-Buzz, May 28, 2005.

Thread Status:
Not open for further replies.
  1. E-Buzz

    E-Buzz Registered Member

    Joined:
    May 28, 2005
    Posts:
    109
    I just uninstalled the 2.12? NOD32 engine and installed the 2.50.19 one, and now the on demand scanning is not working.

    I cant even access the setup of it, it just flashes the scanning screen and terminates with no action whatsoever taken. The log files shows that no scanning has taken place and theres only a row of question marks in the info.

    This goes for both using the context menu entry and when invoking the on demand scanning from the Control panel. I´ve uninstalled and reinstalled with no luck. This problem never occured using the old version on exact the same computer setup and hardware. I have followed Blackspears excellent setup instructions exactly.

    NOD32 antivirus system information
    Virus signature database version: 1.1112 (20050527)
    Dated: 27 may 2005
    Virus signature database build: 5655

    Information on other scanner support parts
    Advanced heuristics module version: 1.014 (20050527)
    Advanced heuristics module build: 1080
    Internet filter version: 1.002 (2004070:cool:
    Internet filter build: 1013
    Archive support module version: 1.030 (20050419)
    Archive support module build version: 1117

    Information about installed components
    NOD32 For Windows NT/2000/XP/2003 - Base
    Version: 2.50.19
    NOD32 For Windows NT/2000/XP/2003 - Internet support
    Version: 2.50.19
    NOD32 for Windows NT/2000/XP/2003 - Standard component
    Version: 2.50.19

    Operating system information
    Platform: Windows XP
    Version: 5.1.2600 Service Pack 2
    Version of common control components: 5.82.2900
    RAM: 512 MB
    Processor: Intel(R) Pentium(R) 4 CPU 2.60GHz (2598 MHz)
     
  2. FoxesHunter

    FoxesHunter Registered Member

    Joined:
    Feb 19, 2005
    Posts:
    52
    I have the same problem, when NOD32 has to scan my PC, I see "0" scanned files.
    Why?
     
  3. E-Buzz

    E-Buzz Registered Member

    Joined:
    May 28, 2005
    Posts:
    109
    Damn, i just did a more extensive search and saw that this subject already has a thread. Sorry about that, very sloppy of me.

    Moderators can lock this thread.
     
  4. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Hi E-Buzz,
    If you do not have the same card as the other issue then your issue may be entirely different, however I would be interested to hear if you have already tried some of the suggestions posted in the other similar thread, or what happens if you do go ahead and try some of the suggestions that relate to your setup without the extra hardware.

    And Welcome to Wilders :)
     
  5. E-Buzz

    E-Buzz Registered Member

    Joined:
    May 28, 2005
    Posts:
    109
    Thank you for your warm welcome :)

    Actually im an old user with a forgotten login/password so im not a 100% freshman :D

    Yes, i have tried some of the specified suggestions but with no luck. The only thing that comes to mind is that i have an encrypted bootsector with a pre boot login (Securstar Drivecrypt PlusPack) but that has never been any problems with the older versions of NOD32.

    As i said in earlier post, i am not able to access the setup of On demand scanning because the screen just pops up and vanishes after a few seconds. I cant turn boot sector scanning off.
     
  6. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Nice, very secure package as I understand it. If you run the following either from Start-->Run or from a CMD prompt does an on demand window open with no scanning, permitting you to alter your profile settings?
    Code:
    "C:\Program Files\Eset\nod32.exe" /subdir- /selfcheck- /quit- /arch- /pack- /heur- /pattern- /scanboot- /scanfile- /scanmbr- /scanmem- /sfx-
    In reality you probably only need a couple of these switches but I think I've listed them all. :)
     
  7. E-Buzz

    E-Buzz Registered Member

    Joined:
    May 28, 2005
    Posts:
    109
    Yes, that command line invoked the setup screen and i was able to do some changes but........after shutting the setup sceen down and trying to start an on demand scanning its all the same as before. Running the command line options again shows that my changes in setup has been changed again, back to the way it was before.

    The log file when starting with the command line looks like this:

    Scanning Log
    NOD32 version 1.1112 (20050527) NT
    Command line: /subdir- /selfcheck- /quit- /arch- /pack- /heur- /pattern- /scanboot- /scanfile- /scanmbr- /scanmem- /sfx-
    CRC check of NOD32.EXE file: Disabled
    C:\Program Files\Eset\nod32.exe - is OK
    Scanning memory: Not performed (option disabled)
    Scanning MBR and boot sectors: Not performed (option disabled)

    Seems strange....................invoking an on demand scanning of C: and D: from setup screen gives the following log file:

    Scan performed at: 2005-05-28 13:28:29
    Date: 28.5.2005 Time: 13:29:14
    Scanned disks, folders and files: C:; D:
    C:\AUTOEXEC.BAT - is OK
    C:\boot.ini - is OK
    C:\CONFIG.SYS - is OK
    C:\IO.SYS - is OK
    C:\itouch_config_crash_info.txt - is OK
    C:\itouch_crash_info.txt - is OK
    C:\MSDOS.SYS - is OK
    C:\NTDETECT.COM - is OK
    C:\ntldr - is OK
    C:\pagefile.sys - error opening (File locked) [4]
    Number of scanned files: 9
    Number of threats found: 0
    Time of completion: 13:29:14 Total scanning time: 0 sec (00:00:00)

    Notes:
    [4] File cannot be opened. It may be in use by another application or operating system.

    I am very puzzled here, nothing seems to be correct.
     
  8. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    A little progress :)

    Now if you will please try the same command line but leave out alternately /scanboot-and /scanmbr- and see if it will still stay open with either or both of these not used
     
  9. E-Buzz

    E-Buzz Registered Member

    Joined:
    May 28, 2005
    Posts:
    109
    Did that, still doesnt make it work any better. Log:

    Scanning Log
    NOD32 version 1.1112 (20050527) NT
    Command line: /subdir- /selfcheck- /quit- /arch- /pack- /heur- /pattern- /scanfile- /scanmem- /sfx-
    CRC check of NOD32.EXE file: Disabled
    Scanning memory: Not performed (option disabled)

    Actually i dont really know what NOD32 is doing here, i see no visible signs of any on demand scanning invoking it from the On demand scanner setup page?...... No scanning is taking place whatsoever.

    EDIT: I forgot to mention that i didnt enable the ThreatSense thingamagig from the setup, im kinda allergic when it comes to all the different software packages that wants to call home all time, whether needed or not.
     
  10. E-Buzz

    E-Buzz Registered Member

    Joined:
    May 28, 2005
    Posts:
    109
    Now i have uninstalled and reinstalled for the third time, and still exact the same problem.

    Considering the fact that im obviously not alone having this problem this might escalate to a real bug problem in the new NOD32, what do you say Eset dudes?
     
  11. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Don't worry too much that the log is not looking as you have been used to at this point. What I'm trying to help you do is identify exactly which one of the functions is responsible for the bomb out. We're launching the on-demand scan with everything disabled for testing purposes - it's not going to scan very effectively but if we can determine exactly what of these switches are required then we can determine in which area of NOD's scanning the problem is on your system.
    Either enable ThreatSense.Net or not. I think it's a great feature, but if you don't want to use it then do as you prefer.
    With this command line NOD32 is being asked not to scan just so we can get the window open and test what switches must be included for it to stay open.
    Can you please clarify - did NOD32 stay open with only the switches you last posted or did it self close?
    -If it stayed open the please try without different switches alternately until you can identify which switches are required for it to remain open, and then scan.
    -If it closed then what happens if you start it with only the /scanboot- or /scanmbr- switches and none of the others?

    What happens now that you have a way to access to the 'On Demand Scanner' Window if you
    -Load your Control Center Profile in the 'Profile' tab
    -Disable all the switches in the On Deman Scanner 'Setup' tab 'ThreatSense Scanning Options' section
    -Disable all the switches in the On Deman Scanner 'Setup' tab 'Scan' section except 'Files'
    -Save your profile
    -Launch the On Demand Scan from the Control Centre 'Run NOD32' button

    Does this bomb out also like this?
    Enabling all but the switch(es) identified earlier and saving before launching from the Control Centre - does this work now also?
     
    Last edited: May 28, 2005
  12. Chiana

    Chiana Registered Member

    Joined:
    Oct 7, 2003
    Posts:
    90
    Location:
    Oz
    Hi E-Buzz,

    Rumpstah suggested running the following command line:
    c:\progra~1\eset\nod32.exe /local /scanmbr-

    I then disabled MBR scanning in all profiles and saved the individual profile settings and the on demand scanner is working under all profiles.

    The JuztReboot card allows for the installation of multiple operating systems and a menu is presented allowing selection of the OS you wish to boot. This is similar to the software you are running which also requires a pre-boot login as well as the option to install multiple OS.

    Seems the pre-boot login option somehow interferes with NOD scanning the MBR. Can Eset offer a solution, time will tell...:doubt:

    Regards

    Chiana
     
  13. E-Buzz

    E-Buzz Registered Member

    Joined:
    May 28, 2005
    Posts:
    109
    Hello Chiana. I cant tell whether you are correct or not, if the encrypted bootsector screws up the on demand scanning, but if it is the case its a major backdraw, definitely a bug in NOD32 and last but not least, the older 2.xx versions didnt have this "feature", they worked like a charm.
     
  14. E-Buzz

    E-Buzz Registered Member

    Joined:
    May 28, 2005
    Posts:
    109
    It did stay open

    There are four switches that keeps the window open:
    /heur-
    /pattern-
    /scanboot-
    /scanmbr-

    All others immediately closes the scan window. Scanning with "C:\Program Files\Eset\nod32.exe" /heur- switch performs a correct scanning of the harddrives.

    Both those two switches keeps the window open.

    That works fine, the window stays open and i seem to be able to use the On Demand scanning as it is supposed to work.

    Also works fine.

    Phew, tidy sunday morning task, but i think i got it the way you asked for :D
     
  15. E-Buzz

    E-Buzz Registered Member

    Joined:
    May 28, 2005
    Posts:
    109
    Using the Control Center Profile with everything enabled under "Setup/Scan" but only "Virus Signatures" enabled under "Setup/ThreatSense Scanning Options" makes the On Demans scanning window start from Control Center and it stays open! Full functionality also provided.

    I´m smelling something very fishy with the ThreatSense stuff here :eek:

    EDIT: I even nailed the problem down to the exact option. If you tick everything except "ThreatSense scanning options/Heuristics" it all works fine. The context menu scanning also works fine if you exclude the above option.
    I think this is a bit of a "back to the drawing board" for NOD32 dudes here?

    Am i good or am i worse? :D

    Thanks a lot for all the help btw, mostly NOD32 user, you really helped me a bunch!
     
    Last edited: May 29, 2005
  16. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Just so I'm really sure I understand your solution right in my own mind, in your on demand setup you've now got all of the 'Scan' options checked including 'Boot sectors' and all of the 'ThreatSense' options checked except for 'Heuristics' only is unchecked? Did I understand that right? :)
    :)
    No problem - glad to help you isolate it and get you going again - this way we all learn some more :)
     
  17. Chiana

    Chiana Registered Member

    Joined:
    Oct 7, 2003
    Posts:
    90
    Location:
    Oz
    Hi E-Buzz,

    This is an interesting turn of events. I've tried a couple of other configurations, with the following results:

    CONFIG 1
    Scan Menu - all options selected
    ThreatSense menu - deselected Virus signatures only
    Result: Scanning is successful, but am presented with the message that the MBR sector of the 1. physical disk contains probably unknown TSR.BOOT virus.

    CONFIG 2
    Scan Menu - all options selected
    ThreatSense menu - deselected Heuristics only
    Result: Scanning is successful

    CONFIG 3
    Scan Menu - all options selected
    ThreatSense menu - deselected Advanced Heuristics only
    Result: On Demand scanning is unsuccessful

    Not sure which road to go down now. :ninja:
    Could this still be an issue with MBR, heuristics and partitioning software? o_O

    Regards

    Chiana
     
  18. E-Buzz

    E-Buzz Registered Member

    Joined:
    May 28, 2005
    Posts:
    109
    Yes Sir, that is totally correct, thats the setup i found working in all cases. Kinda strange behavior that only "Heuristics" under ThreatSense scanning is scr****g it up but thats the plain fact. "Advanced Heuristics" ticked works 100%.
     
  19. E-Buzz

    E-Buzz Registered Member

    Joined:
    May 28, 2005
    Posts:
    109
    That is also some interesting facts you are presenting. I get the exact same behavior using your CONFIG 1 profile.
     
  20. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    :)
    I think we've nearly got this totaly isolated now :)

    I am really thinking this issue really is one of two possibilities - either NOD is unable to correctly scan your MBR with some methods due to the way it's locked / encrypted or NOD is automatically trying to repair your boot loader when it finds it to be non-standard.

    What happens if you've got all options including 'Heuristics' checked but 'Boot Sectors' unchecked in the on demand scan? If this works then great. I see Marcos has suggested this elsewhere but I have not heard if anybody has tried it :)

    Otherwise, could you please check the following and post back
    -open the 'On Demand' scaner window
    -select all 'Scan' and 'Threat Sense' options in the setup tab
    -verify what actions are selected in the 'Actions' tab for 'Boot sectors'
    -If it is 'Clean' or 'Replace' then try 'Prompt' or if that is not appropriate 'No Action'
    -Can you scan with all 'Scan' and 'ThreatSense' options checked like this?

    If we can find a way to leave heuristics on then that is definately going to give you better protection :)
     
    Last edited: May 31, 2005
  21. Chiana

    Chiana Registered Member

    Joined:
    Oct 7, 2003
    Posts:
    90
    Location:
    Oz
    Hi NOD32 User,

    Scan is successful.

    If I save this configuration, the scanner will not operate, but if I select the options above and hit the scan button all is OK.

    Thanks NOD32 user, your efforts are greatly appreciated.

    Regards

    Chiana
     
  22. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    :)
    That's good to know that with your card you can have heusritics enabled this way. As Marcos suggested, this really is the way to go - It is the GUI version of what rumpstah had you try in the other thread that worked for you.

    Is it the same as that for you E-Buzz? Is it possible for you to have Heuristics enabled like this? I hope so :)
     
  23. E-Buzz

    E-Buzz Registered Member

    Joined:
    May 28, 2005
    Posts:
    109
    Scan is successful, operation is flawless.

    The scan was unsuccessful using those options, the window closes.

    EDIT:
    The "Advanced heuristics" are in effect using my profile, it works, and gives the heuristic protection on an even higher level, if i am not mistaken here?
     
  24. Chiana

    Chiana Registered Member

    Joined:
    Oct 7, 2003
    Posts:
    90
    Location:
    Oz
    Hi E-Buzz,
    Same story here.

    Regards

    Chiana
     
  25. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Thanks for posting back E-Buzz,
    :)
    I'm glad you've been able to find a way to leave Heuristics enabled :)
    Sorry it took so many steps to help you work through this, but we got there :)

    Securstar Drivecrypt PlusPack is available as a 30 day trial if ESET want to test it at some stage....hint hint :)
     
    Last edited: May 31, 2005
Thread Status:
Not open for further replies.