Potential virus

Discussion in 'NOD32 version 2 Forum' started by bydand, Mar 2, 2004.

Thread Status:
Not open for further replies.
  1. bydand

    bydand Registered Member

    Joined:
    Mar 2, 2004
    Posts:
    10
    Help, please....this is my first time at this.
    I received an email, that has got past Nod32 and also Mail Defense that I use. The subject is "do not show this to anyone!" and has a file attachment called "mail.zip"

    Is this a virus that anyone knows? I have searched the net for information but cannot find anything about it
    Many thanks in advance.
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    byband,

    Looks like you failed to update NOD32 - this one is covered. Please update NOD32 as soon as possible - and keep doing so ;).

    You'll find a description as well as a free stand alone cleaning tool over here - it's a Netsky variant.

    regards.

    paul
     
  3. bydand

    bydand Registered Member

    Joined:
    Mar 2, 2004
    Posts:
    10
    Thanks for the information......my version is 1.644 and says it
    does not need updating......
    Have I done the setup wrong or something ?
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    My pleasure ;) - you do have the latest update indeed.

    That's hard to tell - could you provide info on that (screen shots if you want to)?

    regards.

    paul
     
  5. bydand

    bydand Registered Member

    Joined:
    Mar 2, 2004
    Posts:
    10
    Not sure which section to send
    How about this one
     

    Attached Files:

  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Looking good. Please forward the email to me - my addy is in my profile.

    regards.

    paul
     
  7. bydand

    bydand Registered Member

    Joined:
    Mar 2, 2004
    Posts:
    10
    Done
     
  8. dos

    dos Registered Member

    Joined:
    Oct 17, 2003
    Posts:
    43
    A few variants of Netsky have a bug in them which causes them to sometimes e-mail 0 byte .zip files, this may be why NOD32 isn't picking it up as a virus, because it possibly is nothing more than an empty file. :)
     
  9. bydand

    bydand Registered Member

    Joined:
    Mar 2, 2004
    Posts:
    10
    the zip file is 25.5kb in size......the email 36kb
     
  10. dos

    dos Registered Member

    Joined:
    Oct 17, 2003
    Posts:
    43
    Hmm in this case it may be packed with something new.
     
  11. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    ..and received - as well as detected by IMON at the spot:

    regards.

    paul
     

    Attached Files:

  12. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    ..renamed, deleted and compressed as well as removed from the email client trash box.

    Seems like there's something wrong on your side.

    [EDIT]: do you have "display warning"enabled?

    regards.

    paul
     
  13. bydand

    bydand Registered Member

    Joined:
    Mar 2, 2004
    Posts:
    10
    Think I have solved it.
    Ran a manual scan before and it did not detect it.
    THESE WERE THE SETTINGS


    changed the settings (......which I will post seperately)
    then ran the manual scan again and it was detected.
     

    Attached Files:

  14. bydand

    bydand Registered Member

    Joined:
    Mar 2, 2004
    Posts:
    10
    THESE ARE THE NEW SETTINGS UNDER WHICH IT WAS DETECTED.

    Many thanks for the assistance and help ...greatly appreciated.
     

    Attached Files:

  15. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Problem solved :cool: My pleasure.

    Overall, this is proof of the pudding all software has to be configured properly. If not, users are bound to get into trouble.

    As for NOD32: there is a help/instruction file available from the website ;)

    Take good care and regards,

    paul
     
  16. bydand

    bydand Registered Member

    Joined:
    Mar 2, 2004
    Posts:
    10
    please excuse my ignorance..cannot find a setting that says
    "display warnings" enabled.

    Here are my settings
    The only thing that seems to be similar is the silent mode = No
     

    Attached Files:

  17. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    IMON setup > scanner setup > actions > notify...

    will do the trick ;)

    regards.

    paul
     
  18. bydand

    bydand Registered Member

    Joined:
    Mar 2, 2004
    Posts:
    10
    Thanks again.....my concern here is that this was setup as a
    "default" from the original installation ....therefore I am assuming
    the settings that "NOD" thinks we should have.
    Not being very experienced one would kind of rely on Eset to
    supply a default setting to "scan the lot"...
    I know this is the Nod forum, but do these messages get back
    to Eset?
     
  19. bydand

    bydand Registered Member

    Joined:
    Mar 2, 2004
    Posts:
    10
    IMON setup > scanner setup > actions > notify...



    My setting was "Clean / Quarantine".....now changed
    to "notify / offer an action"

    Which one is better?
     
  20. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    A matter of choice really. Personally, I do prefer the "notify/offer an action" option. This way, one has a choice in case there's no cleaning option (as has been the case here) - and will be alerted; a major advantage.

    regards.

    paul
     
  21. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    My question to Eset, why not simply default the settings to the above/below screen shot, this is what we set up EVERY single installation of Nod on a clients PC, it gives the best detection, so why not default it? If someone wants to un-tick something, let them wander through the product and do so, the average user does not want to wander, they just want it to work straight out of the box, as can be seen by this post, unnecessary stress was caused to a user because these were not default settings.

    Cheers :D
     

    Attached Files:

  22. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    What about scan all files under extensions ? That should added as default also.
     
  23. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Agreed, that is also what we set up for every client...

    Cheers :D
     
Thread Status:
Not open for further replies.