Problem scanning...

Hi!

May i ask whether the trial version of Nod32 2.51.30 is the full pro version. I like it alot and am seriously considering buying it...

I have a problem whilst scanning though. I've only had it for about 2 days, so today i performed my first scan. I performed an in-depth analysis, during this process the scanner reported quite a few errors as they were locked. Also, after finding loads of SpyBots and what have you (stuff that AVG never found) in Volume Information System. I've tried healing them but it comes up with the same notice; that the file is locked leading to an error whilst healing.

Any ideas as to what is causing the problems?

 

to start with you should turn off system restore warning this will get rid of all the current restore points. then do a scan and clean scan again with blackspear
settings located here https://www.wilderssecurity.com/showthread.php?t=37509
then update. for best results do the scan in safe mode

 

Whenever i try updating, i get a message saying that the program is up to date...

 

As stated many times by moderators , NOD32 trial versions has lower priority to update servers so sometimes you need to press Update Now bottom some times untill you get updates

If you have followed Blackspear's tutorial lodore gave you , you should be set to Update automatically

The latest signature is 1.1715

 

OK. So following Blackspear's directions should solve my problems??

 

Blackspear's tutorial only tells people how to use NOD32 , how to setup it for maximum protection and automatic work

It also includes and explains the benefits of using the default option "Choose automaticlly" the update server

If I now press the button , I am also up-to-date (because I am really up-to-date) Please , goto NOD32's Control Center -> NOD32 System Tools -> Information and compare the info I posted about the update

Then , go through BS's tutorial . You can also post a screenshot so we see

 

Just to add a cautionary note, casually removing restore points to eliminate messages related to files flagged by an AV scan by any vendor's product should be approached very gingerly and only by those who already have a backup plan in place. Getting rid of all current restore points does mean (naturally) there will be no restore points in existence to step back to in the event of system problems. In addition, assuming you want the capability to go back to a restore point, make sure you reenable system restore after disabling it so that new restore points will be created moving forward.

In general, it should be recognized that, for many people, having a complement of system restore points - even potentially infected ones - is preferable to having no capability to restore a system to some known working state. This can be achieved through the native system restore, one of the immediate system backup approaches, or a classical backup imaging philosophy.

Blue

 

Valla, I'm new with NOD32 as well. And I'm learning. As far as I understand 'Locked files' should not be considered as threats. They appear on the lists to tell you that NOD couldn't check these files, because they are protected by a password or some other measure, included in the program mentioned.
Consider this reaction partly in my own interest. If I'm wrong, it will not take long for someone to correct me. Anyway, I wouldn't offer restore points, because I guess that after doing so, you will find the same 'locked files' in a next scan. I'm curious to see what's in the next post.

 

OK, i get that locked files will be there, but what i dont get, is why Nod32 cant delete infected files. There are many SpyBots and Trojan Downloaders that NOD has detected, but not informed me, just added to the Threat Log, and quarantined a minimal number of them.

And btw, when an infected file is quarantined, is it disabled, or in anyway attempted to be healed??

 

No answer from me, but I share your interest:
1. Button says: 'Copy' to Quarantine, not 'Move' to Quarantine, so I guess a copy should be followed by a Delete.
2. About this Delete. NOD32 detected an infected mail (HTML/Phising.gen trojan). I deleted, but the mail did not disappear. So I deleted myself and ran a scan. No malware detected. Second time I received an infected mail (same type) I first made a copy to my experiments-partition and scanned this particular file. NOD32 didn't see the file as infected. I deleted the file myself.
Maybe this is not identical to your experience, but as said, I share your interest.

 

Yeah i see what you mean... It is a weird one...

Like i said, i visisted a dodgy website and downloaded a patch for my Fifa 2006 game so that it has all my local Cypriot and Greek teams. I was on the site for about 10-15 minutes and in that time Nod32 detected and added about 15 different objects to the Threat Log. Like quser said, i dont know how you can from the Threat Log delete these viruses or files without having to look for them manually...

Also, on the scanner, it doesnt find all these SpyBots and downloaders, but they are in the Threat Log. They havent been deleted or healed in the Threat Log, just added there, so i dont see why Nod32 shouldnt find them in the Scan of Local Disks.

 

OK, lets see if I can clarify this for you.

If you have NOD32 set up exactly and I mean exactly as per the Tutorial, then the following scenario will happen upon an infection.

1. If you attempt to install an infected file AMON will spring into action, attempt to clean it, if not it will "move" the file to quarantine.

 

2. If you are on the Internet and you come across an infected website or one that attempts to download to your computer then IMON will spring into action and "Deny download of infected file".

 

3. With other files being downloaded IMON will spring into action and attempt to "Clean" and "Copy to Quarantine" or if it can not, then it will "Delete" and "Copy to Quarantine".

 

Upon first detection of an infected file being either moved or copied to Quarantine a Quarantine folder called "Infected" is created in C Drive> Program Files> Eset

Within this folder you will see encrypted copies of infected files, it is done this way that in the unlikely event of a False Positive a file can be restored.

 

Well my settings ARE exactly like the one's in yours Blackspear, yet in the Threat Log, there are viruses, and no action is being taken. Only two them have been moved into quarantine, the rest are in the Threat Log... How can i delete files that are in the Threat Log??

 

they are in system volume inf also ?

 

Sometimes if the exact same threat is found over and over then the quarantine will just note how many times it has been added rather than just listing each time individually. For example in this picture one of the threats has been found and quarantined 4 times. Could this be what has happened?

Cheers

 

No, you guys dont understand... There are infected objects listed in the Threat Log. Next to them there are details of what they are and where they came from. Next to that there is an action column, which tells me what action has been taken. Out of the 23 objects there only 3 have the notice in the action column that says 'quarantined-deleted'. I'm not asking for settings and updates, im asking how can you delete infected files from the Threat Log?

 

Hope this helps . Find it and right click it for the Content menu

 

By the way , the are not infected there . This threath log only shows infected files found and action taken (statistic)


Also , you can change just one thing in BS settings only if you want so that AMON informs you about every infected file found.
AMON -> Setup -> Actions -> check Prohibit access & Show an alert...

From all your posts I still can't understand if you managed to clean all the infected stuff (sorry )so you may wish to post a screenshot of the Threat log and NOD32 Scanner log

Regards!

 

Thanks for your patience, Blackspear. I will certainly follow your tutorial when I install NOD32 permanently. In the mean time I like to see how things work and I want to see the alerts and the measures I can take (the options are there, aren't they). In doing so (prohibit access & show alert window with action options) the questions posted in number 10 of this thread arose. Didn't understand why I could not delete and why the isolated file was not seen as infected. (The eicar test gives no delete option in the window.) Thought this experience was related to Valla's, but that's obviously not the case.

 

Ok, how can i get a screenshot? I know how to post images, i just dont know how to take screenshots...

 

Ok . I just want to see what was disinfected and what couldn't (maybe) and things like that .

Find what you want to have a screenshot from (e.g. the NOD32 scanner log,like what I posted above) , make sure we will see everything from the log so you enlarge it and then press the Print Screen button (PrtSc) button from your keyboard . It is near the NumLock , Delete ....etc... Then , please open Paint (Start-Programs-Accessories-Paint) .Click on Edit -> Paste and you'll see what you got a screenshot from . Then if you wish you can modify it
When you are ready File-> Save as and save it as an PNG image (recommended to save space) and use the options of the forum to post it

 

Well here is my threat log...