Shouldn't I have seen a "popup notify me when it detects a virus?

Discussion in 'NOD32 version 2 Forum' started by Supersnake, Jul 28, 2006.

Thread Status:
Not open for further replies.
  1. Supersnake

    Supersnake Registered Member

    Joined:
    Jul 12, 2003
    Posts:
    121
    NOD32 just completed a scheduled weekly scan and the following appeared in the scan log results:

    C:\Documents and Settings\Jack\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\3E6D4898-492F-4EE2-B0AF-E08FC5\40116856-EEE3-4C9F-ABDA-6E74AC - probably a variant of Win32/TrojanDownloader.Zlob.XB trojan

    Shouldn't IMON and/or AMON have notified me via a popup window when it first detected this trojan which would be at a time when it first entered my computer? Maybe I am overlooking something in thinking that I should have been notified by NOD32 when that virus entered my computer prior to my having to perform that weekly scan. I havent' seen that "red" alert window popup and it is pretty obvious when it does.


    EDIT: Hmmm, one moment please. Will have to check my settings to see if a "notification window" is checked off. I installed Blackspear's Extra Settings and I don't know if that includes the notification window.
    Thanks,
    Supersnake
     
    Last edited: Jul 28, 2006
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    considering the file location, id say counterspy dealt with the malware first and put it in quarantine.

    when u do an-demand scan, nod32 is detecting the quarantined malware.

    just open up counterspy and clear out the quarantine. u can also just tell nod32 to delete the file, i dont kow how counterspy would react tho.
     
  3. Supersnake

    Supersnake Registered Member

    Joined:
    Jul 12, 2003
    Posts:
    121
    Thanks WSFuser, :thumb: you were more observant than I was. That's exactly what happened. I had CounterSpy scheduled to perform a scan 15 minutes prior to the NOD32 scan and evidently CounterSpy did quarantine it. And yes, like you suggested I just now commanded NOD32 to delete the quarantined item.

    Now I am a bit confused because I didn't see CounterSpy or NOD32 alert me proactively when the virus first infiltrated my computer. Am I correct in expecting NOD32 to still notify me when the virus infiltrated my computer whether I have CounterSpy or not?

    I do have Blackspear's Extra Settings which calls for:

    AMON setup: If an infiltration is detected “Clean automatically” and “Move newly created files to Quarantine".

    IMON setup: Select action to be performed if alert is generated (e.g. threat found): If an alert is generated then “Clean” and “Copy to Quarantine” . If cleaning cannot be performed then “Delete” and “Copy to Quarantine”.
     
    Last edited: Jul 28, 2006
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    No, that would require a "Prompt for Action" setting, which would in turn notify you. The Tutorial is designed for least user interaction as possible, so NOD32 sits in the background and does its job.

    Cheers :D
     
  5. Supersnake

    Supersnake Registered Member

    Joined:
    Jul 12, 2003
    Posts:
    121
    Point well made Blackspear. Is there a way then to have that automatic cleaning/quarantining take place and have NOD32 alert the end user that it just performed that action? This will be of great use to us because it will tip us off to where we were on the web or what we were doing at the moment that NOD32 detected the virus. :shifty:
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Not that I know of. You are asking for a auto-clean action with a bubble notification. I'm pretty sure NOD32 doesn't do this currently. I'd need someone that has a virus collection to test this.


    You could do the web side of things by simply changing the option as per the following screenshot.

    Cheers :D
     

    Attached Files:

    • This.gif
      This.gif
      File size:
      21.1 KB
      Views:
      294
  7. Supersnake

    Supersnake Registered Member

    Joined:
    Jul 12, 2003
    Posts:
    121
    Good suggestion. If I change that IMON option as you illustrated and the virus is detected does it have the potential to do some damage in the interim time between when the bubble appears and when I take the corrective action? i.e., using that option will the virus be held inert until I command NOD32 to clean or quarantine it?
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    It won't be a bubble warning it will be a Window warning that you can not miss. And no, it is stopped until you determine the action, which is usually "terminate".

    Cheers :D
     
  9. Supersnake

    Supersnake Registered Member

    Joined:
    Jul 12, 2003
    Posts:
    121
    Good to know that. Will use that option then.
    Cheers :) ,
    Supersnake
     
  10. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Now, how would NOD32, upon detecting malware quarantined by CounterSpy, know that it had been quarantined? It's not like NOD32 and CounterSpy are designed to work together that way. To NOD32, that file is just another file.

    BTW, pretty lame that CounterSpy didn't encrypt that file, to prevent inadvertent activation, or needless detections.
     
    Last edited: Jul 29, 2006
Thread Status:
Not open for further replies.