Shouldn't I have seen a "popup notify me when it detects a virus?

NOD32 just completed a scheduled weekly scan and the following appeared in the scan log results:

C:\Documents and Settings\Jack\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\3E6D4898-492F-4EE2-B0AF-E08FC5\40116856-EEE3-4C9F-ABDA-6E74AC - probably a variant of Win32/TrojanDownloader.Zlob.XB trojan

Shouldn't IMON and/or AMON have notified me via a popup window when it first detected this trojan which would be at a time when it first entered my computer? Maybe I am overlooking something in thinking that I should have been notified by NOD32 when that virus entered my computer prior to my having to perform that weekly scan. I havent' seen that "red" alert window popup and it is pretty obvious when it does.


EDIT: Hmmm, one moment please. Will have to check my settings to see if a "notification window" is checked off. I installed Blackspear's Extra Settings and I don't know if that includes the notification window.
Thanks,
Supersnake

 

considering the file location, id say counterspy dealt with the malware first and put it in quarantine.

when u do an-demand scan, nod32 is detecting the quarantined malware.

just open up counterspy and clear out the quarantine. u can also just tell nod32 to delete the file, i dont kow how counterspy would react tho.

 

Thanks WSFuser, you were more observant than I was. That's exactly what happened. I had CounterSpy scheduled to perform a scan 15 minutes prior to the NOD32 scan and evidently CounterSpy did quarantine it. And yes, like you suggested I just now commanded NOD32 to delete the quarantined item.

Now I am a bit confused because I didn't see CounterSpy or NOD32 alert me proactively when the virus first infiltrated my computer. Am I correct in expecting NOD32 to still notify me when the virus infiltrated my computer whether I have CounterSpy or not?

I do have Blackspear's Extra Settings which calls for:

AMON setup: If an infiltration is detected “Clean automatically” and “Move newly created files to Quarantine".

IMON setup: Select action to be performed if alert is generated (e.g. threat found): If an alert is generated then “Clean” and “Copy to Quarantine” . If cleaning cannot be performed then “Delete” and “Copy to Quarantine”.

 

No, that would require a "Prompt for Action" setting, which would in turn notify you. The Tutorial is designed for least user interaction as possible, so NOD32 sits in the background and does its job.

Cheers

 

Point well made Blackspear. Is there a way then to have that automatic cleaning/quarantining take place and have NOD32 alert the end user that it just performed that action? This will be of great use to us because it will tip us off to where we were on the web or what we were doing at the moment that NOD32 detected the virus.

 

Not that I know of. You are asking for a auto-clean action with a bubble notification. I'm pretty sure NOD32 doesn't do this currently. I'd need someone that has a virus collection to test this.

You could do the web side of things by simply changing the option as per the following screenshot.

Cheers

 

Good suggestion. If I change that IMON option as you illustrated and the virus is detected does it have the potential to do some damage in the interim time between when the bubble appears and when I take the corrective action? i.e., using that option will the virus be held inert until I command NOD32 to clean or quarantine it?

 

It won't be a bubble warning it will be a Window warning that you can not miss. And no, it is stopped until you determine the action, which is usually "terminate".

Cheers

 

Good to know that. Will use that option then.
Cheers ,
Supersnake

 

Now, how would NOD32, upon detecting malware quarantined by CounterSpy, know that it had been quarantined? It's not like NOD32 and CounterSpy are designed to work together that way. To NOD32, that file is just another file.

BTW, pretty lame that CounterSpy didn't encrypt that file, to prevent inadvertent activation, or needless detections.