Problem for AMON...

The AMON module detection that the virus files is after, but can't
Prohibit it run.
You can try to run a virus under the normal of AMON, the AMON can
detection and hint you act, but the virus has already is run..

 

You can try

 

Thus the NOD32 can't guarantee the safety of the calculator enough

 

Are you talking about a Trojan being loaded into memory and AMON's inability to stop this?

Cheers

 

Perhaps you set AMON not to scan files upon creation / execution. It works here fine and we wouldn't have certainly released NOD with such a bug.

 

Can you try rephrasing your question please...

Cheers

 

Because I tried

 

My Amon setup..

You can try to close the AMON first, then the decompression a Trojan, then be in use the AMON, run the trojan under the AMON environment, the AMON will hint the action, but the Trojan has already been run and established the file of DLL

 

I use this file to test, Please delete the file extension .txt




It is not according to wilders policy to post a link to a possible virus or trojan or other malware So I have removed the attached file to prevent someone from becoming unknowingly infected--bigc

 

Embower, what version of Nod32 are you using?

Also, what is your native language? Someone may be able to help you better speaking your dialect...

Cheers

 

It say above the pic ... NOD 2.12.1

 

No, that's Ronjor's

 

Chinese...I am very sorry, my English is badly....

 

I know that the AMON can detection it...

But, you try not to do any action, hide the dialog, then run it,the AMON will hint you act, it was still run,and establish other files in your computer, the AMON did not obstruct it completely

 

That's ok, you are doing very well, I can't speak Chinese

Can you send an email to support@nod32.com and place a link to this thread.

Can you also send the file in question "Zipped" to sample@nod32.com and place a link to this thread. If you do not hear from them within 48 hours, please advise us here...

Let us know how you go…

Cheers

 

Embower,

I tried a few things on my PC and I think I now understand what you are saying.

If I take an archived set of files which contain a few infected or malware files in the set, the following happens when it is extracted:

1. AMON immediately flags the first infected extracted file as it appears and requests action
2. As that dialog waits for a response, the remaining files are extracted and placed on the disk, this includes infected files.

Let's just say that there were 6 infected files in the archive. At this point, you have a dialog box requesting action on the first infected file with no immediate indication that the other files have been flagged or locked.

If you delete (or perform whatever selected action is desired) on the first file, you will get a succession of dialog boxes for all the remaining files. Execution of any of these files will be prohibited and a dialog box will be queued up for a response requesting action. If you perform a simple operation, like a file rename, it will occur. However, that new file will now appear in the dialog box queue as the last member of the queue. If you try a more active operation, such as a file move or copy, you will obtain a denied access message box from the OS and the operation will not occur.

Before anyone becomes overly concerned at the transient existence of these files with NOD32, the same behavior is observed with AV's such as KAV at standard settings.

As far as I can see, the files are resident on the disk, but basically locked from activity and are waiting for user input. Does this answer you question Embower?

Blue

 

The circumstance that I say is:The AMON run normally, then run a virus file.The AMON can discover and hint the action, but can't Prohibit access it run

 

Thank you very much

I have already done according to your designation

 

My pleasure...

Let us know how you go...

Cheers