VERY STRANGE RESULTS ... NOD32 Ver 3.0

Discussion in 'ESET NOD32 Antivirus' started by sawgood, Jun 4, 2008.

Thread Status:
Not open for further replies.
  1. sawgood

    sawgood Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    9
    So, I've been using a PC since 1988 ... everyday ... and I've been using NOD32 for many years now too (since about 2003 or so I'd say). I've been a paying customer for a long time ...

    I've used NOD32 without 'worry' or problems ... until yesterday afternoon.

    I copied over a few anti-spyware programs and a copy of the NOD32 trial ver. to a PEN drive (USB) from my PC ... I took the PEN drive to another PC which was in real BAD shape (the user reported having some virus and TONS of spyware). He was correct ... his PC was really bad off ...

    Long story short is ... I brought the PEN drive back to my PC after finishing the work on his PC, and right after plugging it in to my PC ... NOD32 gave off loads of 'alarm messages' saying official virus' were 'found' on the PEN drive (I do not recall what they were).

    I simply reformatted the PEN drive and 'moved' on.

    This morning, when I started up my PC, and I noticed not only that NOD32 was 'missing' from the system tray, but it was not even INSTALLED anymore on my computer (super strange). I was not listed under START ... PROGRAMS ... it was NOT listed under the Win XP control panel (add/remove programs) ... it was GONE.

    I did not look to see if I still had an ESET directory under c:\program files ...

    I was really worried about this ... how could this BE? Where did NOD32 go to (how after all these years did it simply disappear)? It was not installed, running, or even working on my PC (after simply finding a virus the night before).

    So, I used the 30-day trial to reinstall the s/w engine. It 'found' my settings (so I guess something was installed still), and it is 'running again'.

    I don't know if my faith in this program is still 100%. I mean I have suggested this s/w time and time again to others, but now I do not know if I could do that.

    I know these facts ...

    #1: NOD32 as always been on my PC (since ver 2.x)
    #2: I've been a paying customer for a long time ...
    #3: I upgraded to 3.0 when my subscription ran out last year
    #4: It has been running fine each day ... every day ... all day
    #5: I have never had a virus ...

    THEN ...

    #6: I copy some files to a USB pen drive and take the pen drive to another PC known to have issues with virus and spyware ....

    #7: I bring the pen drive back to my PC to use it again, and NOD32 goes OFF with some virus alerts ...

    #8 I re-format the PEN drive and reboot my PC

    #9: NOD32 is GONE from my system ...

    #10: I had to use the original 30-day trial software to put it back on my PC.

    TELL ME SOMETHING ...

    Maybe, I'll try AVG?

    Shawn
     
  2. PaulB2005

    PaulB2005 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    525
    Well, perhaps NOD32 missed one virus and that damaged the NOD installation.

    No anti virus is 100% (certainly not AVG anyway but go ahead an switch if you wish...)

    I think i'd be concentrating on the fact it protected you for 5 years without problem.... I've seen various other AVs fail to protect after having been on a PC for less than 6 months...
     
  3. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    Sounds like the autorun.ini on the usb key got modified to run a silent uninstall of the Nod32 package and since you were most likely running XP with administrative credentials and didn't place a password on your Nod32 install/config, nothing was there to inhibit it.
     
  4. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    477
    Smacky, may I ask about "... placing a password on the NOD32 install/config" -- do you mean the setup parameter that's in User Interface > Settings protection, or is there some other place where a password can be applied?
     
  5. PaulB2005

    PaulB2005 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    525
    Yes, that's the one.
     
  6. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    477
    Thanks for the confirmation, Paul.

    I'm appalled (and embarrassed) to admit that I read the description "prevent ... unauthorized modification by users" and it never occurred to me that this could also mean stealth modification by a virus or other "evil means" as opposed to just inadvertent changes by a human user on the computer. Cripes! it makes me wonder what other NOD32 settings I've misunderstood....
     
  7. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    You're understood right...as they wrote!

    Btw...if virus can uninstall AV then this obviously isn't your fault...this is EAV fault! I assume that EAV should have some kind of self protection or I'm wrong?!
    EAV should protect user from viruses...or maybe user should protect EAV from viruses?!:cautious:
     
  8. sawgood

    sawgood Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    9
    Thanks to everyone who chipped in with a reply to this thread.

    I have since added a password to my NOD32 engine. I looked, and I saw two 'trojans' which were captured by NOD32 around the same time the uninstall of the software happened. I have submitted them to Eset.

    I think I'm ok and back in business now. I have scanned my system with no results of problems.
     
  9. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hi!

    ESET receives thousands files for analysis every day and this quantity isn't possible check step-by-step. Analysts have to look on things like quantity of one threat, expansion, harmfulness,... Every antivirus misses samples in this time. Because of quantity threats developers have to look on proactive detection, but their handicap is that virus writers have got time for test and improving their "program".

    Compress undetected files to password protected archive (password: "infected"), to subject copy link to this thread and send it directly to samples[at]eset.sk.
     
Thread Status:
Not open for further replies.