Quarantine query

Discussion in 'NOD32 version 2 Forum' started by Suggers, Aug 6, 2006.

Thread Status:
Not open for further replies.
  1. Suggers

    Suggers Guest

    Hi,
    I got a message from nod32 (I mentioned in earlier post) saying it had copied process.exe to quarantine as a PDA (Im using blackspears settings). I downloaded a couple more times and it also said it copied to quarantine, but quarantine is empty.
    I've tried downloading the eicar test file, both with imon on to intercept and with imon off so amon intercepts, both times it says copied to quarantine but quarantine is empty.

    I've read in a few places that using Ccleaner can remove important registry entries for several different antivirus', I use ccleaner and am worried it has messed up my nod32.

    Is there any way to check if this is what has happened, and/or fix it, or should I just reinstall nod32?

    Thanks
    Suggers
     
  2. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Be carefull!
    1. If you have activated 'Potential dangerous aplications' in NOD32 it will come to false warnings.
    2. In your case it seams that your 'process.exe' is the one which is needed by Windows itself. If so, it should _NOT_ be in the %WINDOWS% directory. If so, its a trojan. The legit one IMHO can't be copied than, because external copy/delete etc. is blocked by windows itself.

    So have a look _where_ ypur process.exe is locatet.
     
  3. Suggers

    Suggers Guest

    Sorry I forgot to mention, it was process.exe downloaded in smitfraudfix tool, I dont know if this makes any difference?

    Suggers
     
  4. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    You mean http://siri.geekstogo.com/SmitfraudFix.php.
    In this case it is not a virus, trojan, etc. It is used as a Command line process utility to kill processes of Desktop Hijack malware. But i can't explain, why NOD32 is not able to copy it to the quarantine.

    Set process.exe as exluded file in NOD32.
     
  5. Suggers

    Suggers Guest

    It was in C:\Documents and settings\xxxxxxxxx\Desktop\smitfraudfix\process.exe
     
  6. Suggers

    Suggers Guest

    Yes, that's the one.
    My problem is not process.exe being deleted as I am aware that PDA detects this and can work around it - it's the fact that it says several things have been sent to quarantine, including eicar test files, but quarantine is empty.

    I have read that some registry cleaners can remove entries necessary for AV's to send files to quarantine, I was wondering if there is any way to tell if this is my case, as I use ccleaner and it may have removed something nod needs.?
     
  7. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Forgot about your original question, sorry. I realy don't know why this is happening.
     
  8. Suggers

    Suggers Guest

    It was this comment made in a different thread with someone having a similar problem of not having files sent to quarantine, that made me think this could be what's happening to me?:

    Cheers
    Suggers
     
  9. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Could be a possibility. Do you have such a folder?
     
  10. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Hi Tommy,
    This is not actually right - the detections are correctly named as 'tool', 'application' etc.
    Hi suggers,

    If you like you could try this and see if that fixes it for you. HTH.

    Cheers :)
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I use CCleaner without any issue, and have hundreds of clients also using it without issue.

    Cheers :D
     
  12. Suggers

    Suggers Guest

    I never found out what caused it, but a fresh reinstall of nod32 has solved the problem.

    Cheers for replies. :)

    Suggers
     
Thread Status:
Not open for further replies.