Problems w/ scanning from context menu??

Discussion in 'NOD32 version 2 Forum' started by radicalb21, Jun 15, 2003.

Thread Status:
Not open for further replies.
  1. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    o_O My name is Mark. My username is <removed>... This is a problem with the final release version of NOD32 v2.

    Here is my system file information:

    NOD32 Antivirus System information
    Virus signature database version: 1.438 (20030615)
    Dated: Sunday, June 15, 2003
    Virus signature database build: 3731

    Information on other scanner support parts
    Extended heuristic module version: 1.002 (20030606)
    Extended heuristic module build: 1030
    Archive support module version: 1.001 (20030526)
    Archive support module build version: 1032

    Information on installed components
    NOD32 For Windows NT/2000/XP - base
    Version: 2.000.2
    NOD32 For Windows NT/2000/XP - Internet support
    Version: 2.000.2
    NOD32 for Windows NT/2000/XP - standard component
    Version: 2.000.2

    Operating system information
    Platform: Windows XP
    Version: 5.1.2600 Service Pack 1
    Version of common control components: 5.82.2800
    RAM: 512 MB
    Processor: Intel(R) Pentium(R) 4 Mobile CPU 1.50GHz (1495 MHz)

    I have enclosed pictures in a .jpeg format so you can better understand my problem as well as see it for yourself. When I right click on the eicar.zip files and choose NOD32 Antivirus System. When the eicar.zip file is scanned the virus is detected. When I click the clean button I am presented with three options: leave button, putting a checkmark in quarantine, and quit scanning there is also a details button. There are button options shown in the box but they are shaded or grayed out for whatever reason I don’t know. This wasn’t a problem w/ NOD32v2b5. In that version I didn’t have this problem as described above. I have also tried the admin version of NOD32 v2 and still encounter the same problem as described above. Any and all help would be appreciated. If possible could you give step-by-step instructions on how to correct this problem? My email address is <removed>.

    Thanks,
    Mark

    If anyone has any idea on how to fix this problem please email me. If you need to see the pictures I was talking about drop me an email or im...

    - Removed personal information and reformatted post - LWM
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Hi Mark,

    Just to let you know, I have removed your personal information (full name and email address) from your posting here. However, that information is still available to the Eset Moderators, if they need to contact you directly. ;)

    If possible, could you add a post or two here and attach to them any pictures you think best show this problem?

    As a member of the Wilders Security Forums, you can now attach one picture to each reply you post here in this thread. Please see the FAQ link (below) for an explanation of how to attach a single picture to each post you wish to make...

    "FAQ: Screen Shots and Image Posting"

    I hope we can help you with this problem,
    LowWaterMark
     
  3. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    Here is the first of five .jpeg files showing the problem.
     

    Attached Files:

  4. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    Here is the 2 of 5 .jpeg files showing the problem.
     

    Attached Files:

  5. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    Here is 3 of 5 .jpeg files showing the problem.
     

    Attached Files:

  6. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    Here is 4 of 5 .jpeg files showing the problem.
     

    Attached Files:

  7. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    Here is 5 of 5 .jpeg files showing the problem.
     

    Attached Files:

  8. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    Any and all help would be appreciated in helping bring this problem to a close. Thanks for the help in advance.
     
  9. bones

    bones Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    14
    In the first pic, in the setup, you need to select the "clean" option in the "if virus is found" column. That will enable the clean options to be chosen when needed.

    bones

    EDIT: Also check in Amon setup, security tab, for the supported actions to be shown when virus is found.
     
  10. Madsen DK

    Madsen DK Registered Member

    Joined:
    Nov 23, 2002
    Posts:
    324
    Location:
    Denmark
    bones, are you sure.?
    The notify/offer action option should still offer the other actions if possible.
    I understand , that the notify/offer action option are for those that likes userinvolvement, and dont want automatical cleaning.
    Am i missing something??
    Regards
    Ole o_O
     
  11. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Pic 1 corresponds to my set up (in NOD v.1). When notify/offer action is clicked, the right hand section is greyed out. If I click on "clean" then the right hand section offers options for what to do with uncleanable stuff. (As is noted right below the top of the panel: "Actions are only taken in cleaning mode.")
     
  12. Madsen DK

    Madsen DK Registered Member

    Joined:
    Nov 23, 2002
    Posts:
    324
    Location:
    Denmark
    Sig, your right.
    Thanks :)
     
  13. NewNOD

    NewNOD Guest

    Madsen DK,

    Bones and SIG are only correct about one thing...that selecting the Clean option from the setup panels of the scanners does make the options on the right side of the dialogue box available (it "ungrays" them). But, your (Madsen DK's) first ascertion that this shouldn't make any difference to someone wanting to be prompted for action is correct; a prompt for action should allow the user to take any and all available actions...clean, delete, quarantine, rename, leave. If you try SIG's or Bones' recommendation, you will find that it does not make any difference to the issue at hand. The intention of that capability was to offer all action prompts under all conditions, or to offer all other action prompts if cleaning (without a prompt) couldn't be accomplished. It was not intended to dissallow certain actions to those who choose to be prompted - and it doesn't.

    Here's the real problem, and this occurs whether you have your scanners set as RadiCalb21 did, i.e. "Set To Prompt For Any Action", or set as Bones and SIG suggested, i.e. "Set To Prompt Only If Unable To (Auto) Clean" (I wrote this in an earlier, very long post to which no one responded):
    _________________________________
    From Post "Command Line Switches, IMON, Archives, Download Utilities" 6/14

    3. IMON aside, all modules of NOD32 seem unable to delete archive files (at least not the EICAR zips). The virus inside is detected for both the single-level and multiple-level zip files, but no action (clean, quarantine, rename, delete) can be taken by NOD32. The viruses are simply identified and must be deleted manually by the user. Is this normal behavior, and if so, why are the options to perform these actions on archives even made available in the SETUP dialogues?
    _________________________________

    The above only relates to the archives. Either way you set up your scanners ("Prompt Always" or "Prompt If Can't Clean"), scanning of the non-zip EICAR files does give you the options of leave, rename, and delete but clean and quarantine are still disabled (grayed-out).

    Conclusion:

    With archives (at least the EICAR zips), NOD32 v2 offers no solution other than "leave" (which means you must manually delete). Is this what ESET intended? Or is there a bug? Furthermore, why is "quarantine" disabled when scanning the non-zip EICAR files with the on-demand scanner while the other options (except for "clean") are available? And since "clean" is disabled in all instances, can NOD32 "clean" anything (this is difficult to determine without having anything to test with except EICAR files)?

    I have tested this every way you can think of, and the results are the same every time.

    Thanks for reading.
     
  14. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    I tried what you all said and it didn't work. I have redone the jpeg files to show what I did.
     

    Attached Files:

  15. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    Second picture
     

    Attached Files:

  16. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    Third picture
     

    Attached Files:

  17. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    Fourth picture
     

    Attached Files:

  18. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    Fifth picture
     

    Attached Files:

  19. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    Sixth picture
     

    Attached Files:

  20. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    Any and help would be appreciated. I would really like to have some input from an eset moderator about this issue. Thanks for the help again.


    Mark
     
  21. anders

    anders Eset Staff Account

    Joined:
    Oct 25, 2002
    Posts:
    410
    Well.. it's somewhat late, and I'm tired and lazy.. so.. I only quickly checked the thread...

    However, as far as I understood, there are two issues.. why no actions are available, and why it says it can't clean it.

    First of all, per definition, many things can't be "cleaned" ("disinfected") because the file itself is not infected. Either it is overwritten by an overwriting virus, the malware consists of the whole file (eicar/backdoor/worm, etc), the file is damaged, or there is no disinfection routine for that specific virus.

    Nowadays, most of the things that are spreading are "uncleanable" because it's mostly worms, and per definition, it hasn't infected a file. In order to "clean" it, you delete the file.

    The second thing is that the NOD32 scanner doesn't clean/affect files that are located inside archives. In order to remove it, either manually open the archive, and delete the file in question, or delete the whole archive.

    Best regards,
    Anders
     
  22. Madsen DK

    Madsen DK Registered Member

    Joined:
    Nov 23, 2002
    Posts:
    324
    Location:
    Denmark
    Good info Anders. THX
    Im for sure learning something new everyday (almost) :)
    Regards
    Ole
     
  23. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hi,

    if a virus is inside a classic archive (not runtime packer) it can't be executed. If the archive (classic or runtime) is open Amon blocks the infection.

    You can use the the method Anders wrote for removing the virus.

    Thanks,

    jan
     
  24. NewNOD

    NewNOD Guest

    Yea. We all know how a virus works (or doesn't work) inside an archive. And we all know (hope) that AMON will catch the virus if the archive is unzipped.

    But doesn't it matter to anybody (and if not, shouldn't it matter) that the program interface offers options on the Actions tab of the Setup screens that allow for cleaning, renaming, quarantining, and (auto) deleting archive viruses, yet we find out through our own testing that these options are useless?

    Yea. We can manually delete files, but when the program gives the impression that it can handle the job through the options it offers but doesn't deliver, then it looks like a bug or poor implementation, not a deliberate action on the part of the programmers.

    I've noted several other inconsistencies with what the options offer or the documentation says which conflict with what the program can actually do.

    Don't get me wrong, I chose NOD32 over a lot of other AV programs I checked out (mostly for its speed and low resource use), and I gave up NAV after using it for years. But I still think that it's really poor to implement "dummy" options or to make documentation claims that turn out to really do nothing or do less than what is implied or explicitly stated.

    I just don't understand all this, "Yea. It doesn't work, but all you have to do is this to get around it." That is not helpful at all.
     
  25. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    I agree with you. Also why was this function in v2b5 and not in the final release. Anyone have any answerso_O
     
Thread Status:
Not open for further replies.