My testing of NOD32 gets more and more exciting. Accessing ~snip~ please do not post links to live viruses ~ Blackspear results in "probably unknown TSR.COM virus" thing. I have selected "submit for analysis" few days ago, now have updated definitions at least 5 times, but still the same, except that now "submit.." checkbox is greyed out. If I download the file and check with NOD32, it says NOT infected !?? Why? Of course, Kaspersky and Panda also cannot find infection. So, I have some serious questions. 1. What is that "submit for analysis" thing? Does it really work, and if yes, why there is nothing displayed - what will be sent and where etc. This action also cannot be found in the logs. So, if I understand correctly, my personal information got collected and that's it? 2. In the threat log speedfan427.exe file is classified as archive (which it is, without any doubt). So, IMON is supposed to check archives!! So, how could I possibly get infected with archived Java infections, if IMON was working properly? In replies to my previous post I was told that NOD does not check archives, and that info was wrong? 3. Finally, have to ask again - how to shut down NOD32? I cannot understand why one who is not stupid, would want to shut down user interface, while main service is still running. That seems plain stupid to me, plus, there certainly are cases you NEED to shut down antivirus completely.