question about virus detection

Discussion in 'NOD32 version 2 Forum' started by peuj, Apr 14, 2005.

Thread Status:
Not open for further replies.
  1. peuj

    peuj Registered Member

    Joined:
    Apr 14, 2005
    Posts:
    16
    Hi,

    I'm trying NOD32 and I have some questions about the scan :

    I have configured NOD32 following this link Extra settings for Nod32
    After my scan I have this result :

    Scanning Log
    NOD32 version 1.1062 (20050414) NT
    Checking CRC of the NOD32.EXE file: status OK
    Operating memory is OK.
    date: 14.4.2005 time: 23:08:20
    ..........................................
    .........................................
    C:\Documents and Settings\Peuj\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-275f9aa3-63f31d45.zip »ZIP »Dummy.class - Java/ClassLoader.Dummy.D trojan
    C:\Documents and Settings\Peuj\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-43d9c9cd-694bf2a2.zip »ZIP »Dummy.class - Java/Exploit.Bytverify.I trojan
    C:\Documents and Settings\Peuj\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6d3f9713-5d627279.zip »ZIP »Dummy.class - Java/ClassLoader.Dummy.D trojan
    C:\Documents and Settings\Peuj\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-79baf131-62d06402.zip »ZIP »Dummy.class - Java/ClassLoader.Dummy.D trojan
    C:\Documents and Settings\Peuj\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv462.jar-3991947d-66752ce8.zip »ZIP »Dummy.class - Java/Dummy trojan
    C:\Documents and Settings\Peuj\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv539.jar-69bbea68-64da4708.zip »ZIP »Dummy.class - Java/Dummy trojan
    .........................................
    .........................................
    number of scanned files: 108815
    number of viruses found: 6
    number of active viruses: 6
    time of completion: 23:18:26 total scanning time: 606 sec (00:10:06)

    I don't know if they are true virus/trojans but my "problem" is that I was not asked to clean or delete them. On my first scan I just have box which only allow e to keep the "infected" files and on the second scan nothing.

    I have used TrojanHunter but it found nothing.

    Did I do something wrong ?

    Thanks in advance.
     
  2. resa05

    resa05 Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    115
    I had a similar problem with another program. A Cox Technition (cable provider for my area) told me that trial version software such as what your trying may tell you that you have such problems on your computer, just trying to make you buy their product, then once you do buy the product and do a scan, nothing will even come up. If your happy with the virus protection you have then good for you, however I'm useing AVG FREE Edition and I haven't had any problems so far.
    Theresa
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Resa05, please do NOT infer illegal activity by Eset, when ther is not a grain of evidence in any manner or form that they do such a thing. What you are saying is totally untrue. No reputable company would do such a thing, it would be commercial suicide.

    There is NO difference in detection between the trial version and the commercial version of Nod32. The sole difference is the way in which the updates are handled, period.

    Blackspear.
     
  4. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Peuj, welcome to Wilders.

    My 1st question to you is, did you run a "Clean" or did you run a "Scan" ?

    Clean, scans your system and removes viruses according to your settings.

    Scan, simply scans your system and advises you of the results, no actions are performed.

    Hope this helps...

    Cheers :D
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You may need to go to the Actions tab and set Delete for archives, then click on the Clean button (well, it will actually be called Scan & Clean in the next beta).
     
  7. peuj

    peuj Registered Member

    Joined:
    Apr 14, 2005
    Posts:
    16
    Hi,

    Thanks for the quick answer.

    My fault about "no asking box" I do a scan.

    But if I do a clean I have the message box as you can see in the attached image. I can just leave the infected file.....

    I don't yet look at the link given by Stan999.

    Thanks
     

    Attached Files:

  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    A very nice change Marcos, and a good improvement for those new to Nod32.

    Cheers :D
     
  9. peuj

    peuj Registered Member

    Joined:
    Apr 14, 2005
    Posts:
    16
    Thanks, I will try that, for the moment the action for the archives is set to "prompted for an action". I should have the possibilty to clean it in the prompt no ?

    Edit :
    OK I just try with the option "clean if a virus is found" and "prompt if it's an uncleanable virus" for all the type and I still have the same message to keep the file.

    and thanks to Stan999 I will clean the cache if I don't find the solution with Nod32.
     
    Last edited: Apr 14, 2005
  10. Dakhor

    Dakhor Registered Member

    Joined:
    Jan 4, 2005
    Posts:
    75

    What exactly does this "active viruses" mean anyway?

    /DaK/
     
  11. Happy Bytes

    Happy Bytes Guest

    REMAINING
     
  12. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Try booting into safe mode and run a "Clean". This should fix it.

    Cheers :D
     
  13. peuj

    peuj Registered Member

    Joined:
    Apr 14, 2005
    Posts:
    16
    ok thanks I will try in safe mode and give you the result later.
     
  14. peuj

    peuj Registered Member

    Joined:
    Apr 14, 2005
    Posts:
    16
    Hi,

    I just try in safe mode and I still can't clean or delete infected files but only leave the infected file.....


    any other ideas ??

    thanks
     
  15. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,781
    Location:
    Texas
    Did you clean your cache? Set your cache to zero in control panel.
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It sounds like the virus was detected in an archive. Try setting the action for archives to Delete as shown below:
     

    Attached Files:

  17. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    I agree with Marcos. These Java viruses are located inside .jar files, which can be thought of as .zip files containing Java code. ".jar" = "Java archive". NOD32 is not able to *clean* individual pieces from .zip files, but at can delete the entire .zip file, using the setting the Marcos suggests.

    Now, as to why "delete the entire .zip file" does not show up as an option when you are prompted for an action... I cannot answer that.
     
  18. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    That's because of security reasons to prevent common users from deleting whole archives accidentally. Adjusting the aforementioned settings requires a bit higher level of technical education so we count on with that this change is performed only by advanced users who are aware of potential risk.
     
  19. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Ahhh, that does make sense. So if a normal user is not able to delete the entire archive, at least AMON should prevent the virus itself from running. Gotcha. ;)
     
  20. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    In the following screen shot, there is a DROP DOWN menu at arrow number 2, in it you will find archives. Just choose an action for each of the file types found in the Drop Down Menu.

    Hope this helps...

    Cheers :D
     

    Attached Files:

  21. peuj

    peuj Registered Member

    Joined:
    Apr 14, 2005
    Posts:
    16
    no because I want to understand why I cannot use NOD32 but I know the solution :D

    I have already set all objects type like this. clean + quarantine else delete + quarantine.
    .... but I still cannot be able to delete the file.

    Maybe I can send a log or configuration file to gie an idea ?

    Thanks
     
  22. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    And you have clicked on the arrow that is next to "Files", this then has a drop down menu, as per screenshot, and when you click on each of the displayed file types, you then have to place settings into every single file type, including archives.

    I'm at work so you won't get a pretty screenshot this time ;) :D

    Cheers :D
     

    Attached Files:

    • More.GIF
      More.GIF
      File size:
      40.7 KB
      Views:
      110
  23. peuj

    peuj Registered Member

    Joined:
    Apr 14, 2005
    Posts:
    16
    Yes I have configured all type of objects like you write.
     
  24. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please send the archive in question to support@eset.com with a link to this thread.
     
  25. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hi, alot of java infections can be cleaned by emptying the java cache;

    Go to start > Control panel > Classic view > Java > General > Delete files > Tick all 3 and delete.

    If you have an uncleanable infection always submit a sample to Eset first.
     
Thread Status:
Not open for further replies.