options to deal with virus

Discussion in 'NOD32 version 2 Forum' started by ellison64, Jan 3, 2005.

Thread Status:
Not open for further replies.
  1. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Just wondering why when I scan a netdevil trojan in a zip archive (netdevil.zip) ,that nod detects it but doesnt offer to delete ,rename,clean , or replace the file ..only to leave it.I understand that maybe it cant clean it , but why is delete and rename greyed out and only option is to leave?I have setup to prompt me on an action by the way.
    tia
    ellison
     

    Attached Files:

  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    NOD32 scanner detected a virus, but the only available option is Leave

    This situation may occur under the following circumstances during a scan with NOD32 scanner:

    1. the virus was detected in an archive
    NOD32 is not capable of taking actions on the files within an archive. Therefore, please delete the whole archive manually if it contains only the virus, or use the appropriate unpacker such as WinZIP, WinRAR, etc. to delete the particular infected file in case the archive contains also other non-viral files.
    2. the virus was detected in an Outlook Express DBX file
    Since no program except Outlook Express is capable of intervening in DBX files, please identify and locate the particular email in Outlook Express according to the sender, date of sending, subject, etc. and delete it manually. If you use IMON, there's no chance a virus would get into the DBX file unless you don't take any action when prompted by IMON.
    3. the virus was detected in a UPX-packed exe or dll file via the NOD32 on-demand scanner
    Please send the infected file to samples@eset.com and locate and delete it from the disk manually.

    http://www.nod32.com/scriptless/support/ans/9k.htm
     
  3. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Thanks for information Ronjor.I just wondered why nod doesnt offer to delete or rename the whole zip file that netdevils in though , if it detects its presence in there.Is there any reason why it wont do this?
    tia
    ellison
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    That's because NOD would have to extract all files from the archive and recreate it again from scratch without the infected file. It's not that easy to implement such a feature, but I presume NOD32 will be capable of that some time.
     
  5. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Thanks for reply Marcos.I still cant understand why nod doesnt give the option to just delete or rename the parent file though....in this case a zip file , if it detects malware in there.I mean i can just go to the file and manually right click it and delete or rename it,so what would be hard in nod offering to do this too?(all be it with some sort of warning maybe).It just seems like common sense to me,though im assuming there must be a reason why nod wont do that at the moment.I dont really understand what you mean by nod having to extract and recreate all the files within the zip to do this.
    ellison
     
Thread Status:
Not open for further replies.