Problem scanning...

Discussion in 'NOD32 version 2 Forum' started by Valla, Aug 19, 2006.

Thread Status:
Not open for further replies.
  1. Valla

    Valla Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    16
    Hi!

    May i ask whether the trial version of Nod32 2.51.30 is the full pro version. I like it alot and am seriously considering buying it...

    I have a problem whilst scanning though. I've only had it for about 2 days, so today i performed my first scan. I performed an in-depth analysis, during this process the scanner reported quite a few errors as they were locked. Also, after finding loads of SpyBots and what have you (stuff that AVG never found) in Volume Information System. I've tried healing them but it comes up with the same notice; that the file is locked leading to an error whilst healing.

    Any ideas as to what is causing the problems?
     
  2. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    to start with you should turn off system restore warning this will get rid of all the current restore points. then do a scan and clean scan again with blackspear
    settings located here https://www.wilderssecurity.com/showthread.php?t=37509
    then update. for best results do the scan in safe mode
     
  3. Valla

    Valla Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    16
    Whenever i try updating, i get a message saying that the program is up to date...
     
  4. ASpace

    ASpace Guest

    As stated many times by moderators , NOD32 trial versions has lower priority to update servers so sometimes you need to press Update Now bottom some times untill you get updates

    If you have followed Blackspear's tutorial lodore gave you , you should be set to Update automatically

    The latest signature is 1.1715

     
  5. Valla

    Valla Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    16
    OK. So following Blackspear's directions should solve my problems??
     
  6. ASpace

    ASpace Guest

    Blackspear's tutorial only tells people how to use NOD32 , how to setup it for maximum protection and automatic work

    It also includes and explains the benefits of using the default option "Choose automaticlly" the update server

    If I now press the button , I am also up-to-date (because I am really up-to-date) Please , goto NOD32's Control Center -> NOD32 System Tools -> Information and compare the info I posted about the update

    Then , go through BS's tutorial . You can also post a screenshot so we see :thumb:

    :D :D :D
     

    Attached Files:

  7. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Just to add a cautionary note, casually removing restore points to eliminate messages related to files flagged by an AV scan by any vendor's product should be approached very gingerly and only by those who already have a backup plan in place. Getting rid of all current restore points does mean (naturally) there will be no restore points in existence to step back to in the event of system problems. In addition, assuming you want the capability to go back to a restore point, make sure you reenable system restore after disabling it so that new restore points will be created moving forward.

    In general, it should be recognized that, for many people, having a complement of system restore points - even potentially infected ones - is preferable to having no capability to restore a system to some known working state. This can be achieved through the native system restore, one of the immediate system backup approaches, or a classical backup imaging philosophy.

    Blue
     
  8. quser

    quser Registered Member

    Joined:
    Aug 17, 2006
    Posts:
    21
    Valla, I'm new with NOD32 as well. And I'm learning. As far as I understand 'Locked files' should not be considered as threats. They appear on the lists to tell you that NOD couldn't check these files, because they are protected by a password or some other measure, included in the program mentioned.
    Consider this reaction partly in my own interest. If I'm wrong, it will not take long for someone to correct me. Anyway, I wouldn't offer restore points, because I guess that after doing so, you will find the same 'locked files' in a next scan. I'm curious to see what's in the next post.:shifty:
     
  9. Valla

    Valla Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    16
    OK, i get that locked files will be there, but what i dont get, is why Nod32 cant delete infected files. There are many SpyBots and Trojan Downloaders that NOD has detected, but not informed me, just added to the Threat Log, and quarantined a minimal number of them.

    And btw, when an infected file is quarantined, is it disabled, or in anyway attempted to be healed??
     
  10. quser

    quser Registered Member

    Joined:
    Aug 17, 2006
    Posts:
    21
    No answer from me, but I share your interest:
    1. Button says: 'Copy' to Quarantine, not 'Move' to Quarantine, so I guess a copy should be followed by a Delete.
    2. About this Delete. NOD32 detected an infected mail (HTML/Phising.gen trojan). I deleted, but the mail did not disappear. So I deleted myself and ran a scan. No malware detected. Second time I received an infected mail (same type) I first made a copy to my experiments-partition and scanned this particular file. NOD32 didn't see the file as infected. I deleted the file myself.
    Maybe this is not identical to your experience, but as said, I share your interest.
     
  11. Valla

    Valla Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    16
    Yeah i see what you mean... It is a weird one...

    Like i said, i visisted a dodgy website and downloaded a patch for my Fifa 2006 game so that it has all my local Cypriot and Greek teams. I was on the site for about 10-15 minutes and in that time Nod32 detected and added about 15 different objects to the Threat Log. Like quser said, i dont know how you can from the Threat Log delete these viruses or files without having to look for them manually...

    Also, on the scanner, it doesnt find all these SpyBots and downloaders, but they are in the Threat Log. They havent been deleted or healed in the Threat Log, just added there, so i dont see why Nod32 shouldnt find them in the Scan of Local Disks.
     
  12. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    OK, lets see if I can clarify this for you.

    If you have NOD32 set up exactly and I mean exactly as per the Tutorial, then the following scenario will happen upon an infection.

    1. If you attempt to install an infected file AMON will spring into action, attempt to clean it, if not it will "move" the file to quarantine.
     

    Attached Files:

    • AMON.gif
      AMON.gif
      File size:
      16.8 KB
      Views:
      180
    Last edited: Aug 20, 2006
  13. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    2. If you are on the Internet and you come across an infected website or one that attempts to download to your computer then IMON will spring into action and "Deny download of infected file".
     

    Attached Files:

    • 02.gif
      02.gif
      File size:
      23.1 KB
      Views:
      181
  14. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    3. With other files being downloaded IMON will spring into action and attempt to "Clean" and "Copy to Quarantine" or if it can not, then it will "Delete" and "Copy to Quarantine".
     

    Attached Files:

    • 03.gif
      03.gif
      File size:
      17.5 KB
      Views:
      179
  15. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Upon first detection of an infected file being either moved or copied to Quarantine a Quarantine folder called "Infected" is created in C Drive> Program Files> Eset

    Within this folder you will see encrypted copies of infected files, it is done this way that in the unlikely event of a False Positive a file can be restored.
     

    Attached Files:

    • 04.gif
      04.gif
      File size:
      17.3 KB
      Views:
      608
  16. Valla

    Valla Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    16
    Well my settings ARE exactly like the one's in yours Blackspear, yet in the Threat Log, there are viruses, and no action is being taken. Only two them have been moved into quarantine, the rest are in the Threat Log... How can i delete files that are in the Threat Log??
     
  17. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    they are in system volume inf also ?
     
  18. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Sometimes if the exact same threat is found over and over then the quarantine will just note how many times it has been added rather than just listing each time individually. For example in this picture one of the threats has been found and quarantined 4 times. Could this be what has happened?

    Cheers :)
     

    Attached Files:

  19. Valla

    Valla Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    16
    No, you guys dont understand... There are infected objects listed in the Threat Log. Next to them there are details of what they are and where they came from. Next to that there is an action column, which tells me what action has been taken. Out of the 23 objects there only 3 have the notice in the action column that says 'quarantined-deleted'. I'm not asking for settings and updates, im asking how can you delete infected files from the Threat Log?
     
  20. ASpace

    ASpace Guest

    Hope this helps . Find it and right click it for the Content menu
     

    Attached Files:

  21. ASpace

    ASpace Guest

    By the way , the are not infected there . This threath log only shows infected files found and action taken (statistic)


    Also , you can change just one thing in BS settings only if you want so that AMON informs you about every infected file found.
    AMON -> Setup -> Actions -> check Prohibit access & Show an alert...

    From all your posts I still can't understand if you managed to clean all the infected stuff (sorry:) )so you may wish to post a screenshot of the Threat log and NOD32 Scanner log

    :D :D :D Regards!
     

    Attached Files:

    Last edited by a moderator: Aug 20, 2006
  22. quser

    quser Registered Member

    Joined:
    Aug 17, 2006
    Posts:
    21
    Thanks for your patience, Blackspear. I will certainly follow your tutorial when I install NOD32 permanently. In the mean time I like to see how things work and I want to see the alerts and the measures I can take (the options are there, aren't they). In doing so (prohibit access & show alert window with action options) the questions posted in number 10 of this thread arose. Didn't understand why I could not delete and why the isolated file was not seen as infected. (The eicar test gives no delete option in the window.) Thought this experience was related to Valla's, but that's obviously not the case.
     
  23. Valla

    Valla Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    16
    Ok, how can i get a screenshot? I know how to post images, i just dont know how to take screenshots...
     
  24. ASpace

    ASpace Guest

    Ok . I just want to see what was disinfected and what couldn't (maybe) and things like that .

    Find what you want to have a screenshot from (e.g. the NOD32 scanner log,like what I posted above) , make sure we will see everything from the log so you enlarge it and then press the Print Screen button (PrtSc) button from your keyboard . It is near the NumLock , Delete ....etc... Then , please open Paint (Start-Programs-Accessories-Paint) .Click on Edit -> Paste and you'll see what you got a screenshot from . Then if you wish you can modify it
    When you are ready File-> Save as and save it as an PNG image (recommended to save space) and use the options of the forum to post it :D
     
  25. Valla

    Valla Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    16
    Well here is my threat log...
     

    Attached Files:

Thread Status:
Not open for further replies.