Preliminary questions about NOD32.

When the paddock is bare, it's bare I hardly get anything, however when I do it's a doozy

Cheers

 

Thanks for your reassurance.

I hope you're right!

Terry.

 

Here's an interesting conundrum: given that, after I run a scan (either a quick one or a deep one), I am advised by the NOD32 program that there are no infected files, why have I recently begun to get the following pop-up:

"NOD32 - Submission of suspicious files. Some of the suspicious files suitable for analysis have not been approved for sending. To open a confirmation window, click on this message."

I have, of course, duly clicked on the message and the "suspicious files suitable for analysis" have been dispatched for analysis.

Questions:
1. In NOD32-speak, is there a difference between "infected" files and "suspicious" files - as, apparently, I never have any of the former, but, clearly DO harbor some of the latter!;
2. Is there something I have not configured properly in NOD32 so that the "suspicious" files do not AUTOMATICALLY go for analysis? Should they in fact do so without my having to be prompted?

As ever, thanks in advance - hope you guys can assist!

Terry.

 

In addition to the above:

Panda Active Scan Pro found & disinfected the following which NOD32 appears to have missed:

Spyware:Cookie/Searchportal Disinfected C:\Documents and Settings\Terry Sleeper\Cookies\terry_sleeper@searchportal.information[1].txt

Spyware:Cookie/Overture Disinfected C:\Documents and Settings\Terry Sleeper\Cookies\terry_sleeper@perf.overture[1].txt
Spyware:Cookie/Yadro Disinfected C:\Documents and Settings\Terry Sleeper\Cookies\terry_sleeper@yadro[2].txt

Terry.

 

Hello Terry.

Those are cookies, their removal is the job of dedicated AS. They contain information about the user, i.e. your login status on Wilders. Quite harmless, as pointed out here:

If you are concerned about them, you may want to keep an additional on-demand anti-spyware scanner. More on cookies...

Cheers.

 

Thanks for that speedy response. I had my homepage hijacked 12 months back & I've never really gotten over it!

Presumably, though, the cookies picked up by the Panda program are not the same as the "suspicious" / "infected" files detected by NOD32? For if the latter were harmless cookies only, why would they be frog-marched off to the NOD32 lab for analysis? It is that which is puzzling me.

Terry.

 

Hello again Terry.

In "NOD32 System Setup" -> "ThreatSense.Net" tab -> "Advanced settings" button do you have something like this:



Change that according to your needs.
"Suspicious" files are the files flagged by NOD's heuristics. They are not necessarily bad. By submitting them for analysis, users constantly help improvement of heuristics. "Infected" files are flagged by signatures, and they ARE bad.

NOD does not detect cookies. It was not the cookies that were sent to ESET, if I understood your question correctly...

Regards.

 

Thank you so much for your fast reply.

I have re-set the "Advanced Settings" tab so that "suspicious" files are sent off automatically to the lab. Great!

Thanks also for clarifying what is the distinction between "suspicious" and "infected" files. That has put my mind at rest.

I am much obliged.

Terry.

 

Well, it had to happen - NOD32 finally hit on a "nasty", namely:-

C:\Documents and Settings\Peter Else\Application Data\Sun\Java\Deployment\cache\6.0\41\529ea6e9-559abaa8 »ZIP »OP.class - Java/TrojanDownloader.OpenStream.AB trojan

Trouble is, I don't know how to get rid - only being offered option to "leave".

Obviously, I have something configured incorrectly. Can anyone out there assist?

Terry.

 

Because of the fact it is an archive , you'll need to confirm the deletion of the whole ZIP (let's say it so).

Configure your NOD32 in the way shown here
https://www.wilderssecurity.com/showthread.php?p=450664#post450664

and then perform full scan . Also , make sure to after than uninstall any old versions of your Sun Java software and update to the latest version 6 Update2

 

These are cache files used by Java. To clear these threats out follow the directions on the link below.

http://www.java.com/en/download/help/5000020300.xml

 

Thanks to both you guys - that appears to have fixed it.

. . . though after installing the Java update should I have BOTH these displaying in my programs list?:

JAVA(TM) SE Development Kit 6 update 6 (size 342.00MB)

JAVA(TM) 6 Update 2 (size 168.00MB)

Is this duplication? Should I delete one of them?

Terry.

 

No , they are not duplications , AFAIK . You are welcome !

 

Dear Friends,

I've just downloaded the new 3.0.563.0 version of NOD32 as recommended by ESET in an e-mail.

Without blinding me with science, can anyone explain, in just a few bullet-points, what the improvements in the new version are?

Thanks in advance.

Terry.

 

Hi !

Read this post:
https://www.wilderssecurity.com/showpost.php?p=1111316&postcount=2

 

HTB:

Thanks for the speedy response!

I have simply downloaded the new version as recommended - I have NOT changed / altered any of my settings. It took me a long time to set-up NOD32 in the first place, &, though it was well worth it & I am happy with the product, I wouldn't want to have to go through THAT again!

I take it that, having downloaded the new version, my settings will have been saved? Please say "YES"!

T.

 

Not all - some -> your license , your ThreatSense.NET and your status of Potentially unwanted applications . Everything else is by default .

I would like to underline that the default settings in v3 are very good and approproriate for most people .

 

HTB:

Thanks again for your fast response.

Over & Out.

T.

 

You are welcome , T !