serious cleaning problem in ess and eav

Discussion in 'ESET Smart Security' started by proactivelover, Nov 16, 2007.

Thread Status:
Not open for further replies.
  1. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    when you extract any zip virus by winzip or winrar
    after 15 sec thread found window show 3 or 4 time
    when you click clean but it show again and again
    i donot get this problem in v560
    only on v563 and v566
     
  2. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    i think problem in
    version: 1021 (20071101)
    cleaner module build: 1021 (01.11.2007)
     
  3. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    now i explain it
    1.a virus in zip file
    2.extract it
    3.threat found window show i cleck clean
    4.again threat window show i click again
    5.again
     

    Attached Files:

  4. krokodil_bb

    krokodil_bb Registered Member

    Joined:
    Oct 13, 2007
    Posts:
    86
    Location:
    BB
    Also this opposite options are possible, sent to eset as bug in 563 but 566 is the same:
    smaller window - cleaned by deleting /file is deleted and moved to quarantine/
    bigger window - asking what to do, now with non existing file /if choose leave, in nod log is error because file was moved to quarantine/
    log:
    16. 11. 2007 22:19:12 Real-time file system protection file C:\VIR\ERR\BOD9\test-fsg.exe probably a variant of Win32/Genetik trojan error while NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\UTILITY\Far\Far.exe.
    566_cleaning.png
     
  5. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    krokodil_bb
    please zip this virus and then extract it
    please tell if you got same problem that i got
     
  6. krokodil_bb

    krokodil_bb Registered Member

    Joined:
    Oct 13, 2007
    Posts:
    86
    Location:
    BB
    no i haven't this problem, with my test virus- nod eav show alert only once and after cca 5seconds/ekrn.exe 100% cpu/ after file is extracted.

    Maybe your file is detected while is not completely writed on disc, then deleted, winrar detects write error and try writing again?
     
  7. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    i think you have you have choose The medium level automatically
    please choose The first level and then extract it
    then see three windows
     

    Attached Files:

    • 7.jpg
      7.jpg
      File size:
      63.1 KB
      Views:
      3
  8. krokodil_bb

    krokodil_bb Registered Member

    Joined:
    Oct 13, 2007
    Posts:
    86
    Location:
    BB
    hi, i changed cleaning level from 1 to 0. but your problem with ess can't replicate in eav30566.
    after clean nod show "error while cleaning" dialog, and this error is no more logged...
    1.clean,2.error dialog,3.retry,4.end

    566_cleaning_error.png
     
  9. krokodil_bb

    krokodil_bb Registered Member

    Joined:
    Oct 13, 2007
    Posts:
    86
    Location:
    BB
    so i tryed test your files, is it the same. error dialog is in background and if i ignore this dialog i can clicking to clean many times /20 or more /, each of alert window after "clean" generate new error dialog which is automatically closing after 120 seconds...o_O

    log:16. 11. 2007 23:32:17 Real-time file system protection file C:\TEMP\love.scr Win32/Yaha.N worm error while (unable to clean) NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: D:\WIN2K\explorer.exe.

    nod3_cleaning_error_windows.png
     
  10. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    try to delete it at first then you see threat window again and again
    i also have win2ksp4
     
  11. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    i did not got this error on v560
    on v560 when you delete it at first no more window open
    but on v563 and v566 when you delete it at first threat window came two time more
     
  12. krokodil_bb

    krokodil_bb Registered Member

    Joined:
    Oct 13, 2007
    Posts:
    86
    Location:
    BB
  13. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    i want to explain this problem from v563
    no one beleive me
     
  14. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    please any admin explain this bug
    or it's our job
     
  15. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    anyone who have cleanig problems like me can take a part in this thread
    then i send this thread to eset support they will easily fix it
    or forum admin can
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    We are investigating it. If a problem is confirmed it will be fixed with an automatic update.
     
    Last edited: Nov 17, 2007
  17. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    marcos i have 9 virus samples i sent to eset support 2 days ago but they did not response if you want samples i will send you
     
  18. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    yesterday eset have update cleaner module 1022 (20071121)
    but the bug still there
     
  19. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It was only a partial fix released yesterday. We made a fix to the real-time protection module as well, it will be available in the future installers.
     
  20. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    good job on Eset's part, thanks Marcos...
     
  21. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    thank marcos
    for future fix
     
  22. krokodil_bb

    krokodil_bb Registered Member

    Joined:
    Oct 13, 2007
    Posts:
    86
    Location:
    BB
    Code:
    yesterday eset have update cleaner module 1022 (20071121)
    
    updated ok, but can't find anything about component update in nod events log /log level diagnostics/

    - "opposite options", now bigger window is not showed, only smaller but twice
    1st "cleaned by deleting - quarantined"
    2nd "cleaned by deleting" /now without any error in log file/
    - cleaning onehalf virus internal error still not fixed
     
  23. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    this day is my lucky
    because Marcos and eset support team tell me that they will fix it in future release
     
  24. ASpace

    ASpace Guest


    Business release is coming soon , may be new better release of the HE won't be late :rolleyes:
     
  25. THE_BAD_BOY

    THE_BAD_BOY Registered Member

    Joined:
    Nov 15, 2007
    Posts:
    40
    i been sending over 20 new samples to eset and to kaspersky lab,s every week att the same time .. here its the funny part kaspersky allways respond after 30 minutes confirming they fund malicious software on all sendit files and added to the detection databases very fast ..bot Eset NEVER respond and ONLY ADDED cople of the samples send it ... yeah i think thats really BAD:mad:
     
Thread Status:
Not open for further replies.