Virus found, options greyed out

I've been using the trial version of NOD32 v.2 for over a week now and I have a question for the veteran NOD32 users here. NOD32 reports that there are several infiltrations in a few Outlook Express database files I have stored as back-ups(not currently in use by OE). The only option given to me by NOD is to "Leave" the infiltration; all other options are greyed out. Is this normal or is there something wrong here?

 

Hi Defiant,
This is radicalb21. I'll try and help you the best I can so here goes first could you please post a screenshot of your system information from the NOD32 Control Center. Second could you also post screenshots of the SetUp tab as well as the Action tab of Nod32v2. Also please post screenshots of the infiltration (virus found) message box. Please also include copys of your event logs and virus logs.

 

Options greyed out.
edited to obscure personal info

 

Setup tab

 

actions tab

 

Time   Module   Event   User
11/3/2003 12:07:58 PM   NOD32   An infiltration has been detected. See the on-demand scanner Log for details.   SONYVAIO\Rob
11/3/2003 11:07:46 AM   NOD32   An infiltration has been detected. See the on-demand scanner Log for details.   SONYVAIO\Rob
11/3/2003 9:34:17 AM   Kernel   The virus signature database has been updated successfully to version 1.549 (20031103).   
11/3/2003 8:34:23 AM   Update   Update attempt terminated with error (Server connection failure)   
11/3/2003 7:01:35 AM   NOD32   An infiltration has been detected. See the on-demand scanner Log for details.   NT AUTHORITY\SYSTEM
11/1/2003 19:30:51 PM   NOD32   An infiltration has been detected. See the on-demand scanner Log for details.   NT AUTHORITY\SYSTEM
10/31/2003 13:32:42 PM   Kernel   The virus signature database has been updated successfully to version 1.548 (20031031).   
10/30/2003 11:32:15 AM   Kernel   The virus signature database has been updated successfully to version 1.547 (20031030).   
10/29/2003 12:31:24 PM   Kernel   The virus signature database has been updated successfully to version 1.546 (20031029).   
10/28/2003 12:33:30 PM   Kernel   The virus signature database has been updated successfully to version 1.545 (2003102.   
10/28/2003 12:33:13 PM   Update   Error connecting to server www.nod32.com.   
10/28/2003 12:33:10 PM   Update   Error connecting to server www.eset.sk.   
10/27/2003 12:51:28 PM   Kernel   The virus signature database has been updated successfully to version 1.544 (20031027).   
10/27/2003 9:51:03 AM   Update   Error connecting to server www.eset.sk.   
10/25/2003 22:33:27 PM   Update   Error connecting to server www.nod32.com.   
10/25/2003 11:12:56 AM   Update   Error connecting to server www.esetsoftware.com.   
10/24/2003 12:31:55 PM   Kernel   The virus signature database has been updated successfully to version 1.543 (20031024).   
10/24/2003 11:32:25 AM   Update   Update attempt terminated with error (Server connection failure)   
10/24/2003 10:32:14 AM   Kernel   The virus signature database has been updated successfully to version 1.542 (20031024).   
10/24/2003 8:32:05 AM   Kernel   The virus signature database has been updated successfully to version 1.542 (20031024).   
10/24/2003 8:31:52 AM   Update   Error connecting to server www.eset.sk.   
10/24/2003 2:20:42 AM   Kernel   The virus signature database has been updated successfully to version 1.541 (20031023).   

 

log screenshot

 

I noticed from your screenshots that you have multiple infiltrations in your OE .dbx database. Please post the information from your virus log or tell us what viruses have been detected. Once you tell us what they are I hope to be able to tell you what to do and if not I'll point you in the right direction to get a solution to your problem. Also if could send the quarantined files to samples@nod32.com .

 

It's a little lengthy but here is goes:

Scanning Log
NOD32 version 1.549 (20031103) NT
Command line: E:\suzanne's backup\mail backup
Checking CRC of the NOD32.EXE file: status OK
Operating memory is OK.
Error occured while scanning MBR sector of the 3. physical disk. Error reading sector.
date: 3.11.2003 time: 12:06:55
Scanned disks, directories and files: E:\suzanne's backup\mail backup\
E:\suzanne's backup\mail backup\Ebay Listings.dbx > DBX > from: listingconfirm@ebay.com to: ***** with subject eBay Listing Confirmation - Item 1045299345: Put-I dated Fri, 07 Dec 2001 15:33:51 PST > MIME > part001.htm - error occured while reading archive
E:\suzanne's backup\mail backup\Ebay Listings.dbx > DBX > from: listingconfirm@ebay.com to: ******* with subject eBay Listing Confirmation - Item 1045302004: Put I dated Fri, 07 Dec 2001 15:42:30 PST > MIME > part001.htm - error occured while reading archive
E:\suzanne's backup\mail backup\Ebay Listings.dbx > DBX > from: listingconfirm@ebay.com to: ******* with subject eBay Listing Confirmation - Item 1045311460: Put I dated Fri, 07 Dec 2001 16:04:44 PST > MIME > part001.htm - error occured while reading archive
E:\suzanne's backup\mail backup\Inbox.dbx > DBX > from: CDwyer <*****> to: ****** with subject ACCESSKEY dated Thu, 19 Dec 2002 07:04:47 -0500 (EST) > MIME > class.bat - Win32/Klez.J worm
E:\suzanne's backup\mail backup\Inbox.dbx > DBX > from: Mail Delivery Subsystem <MAILER-DAEMON@aol.com> to: <******> with subject Returned mail: Host unknown (Name server: home.com dated Fri, 20 Dec 2002 12:27:41 -0500 (EST) > MIME > Ymo.scr - Win32/Klez.J worm
E:\suzanne's backup\mail backup\Inbox.dbx > DBX > from: Mail Delivery Subsystem <mailer-daemon@comcast.net> to: <******> with subject Returned mail: delivery problems encountered dated 26 Aug 2003 1:43:42 +0000 > MIME > wicked_scr.scr - Win32/Sobig.F worm
E:\suzanne's backup\mail backup\Sent Items.dbx > DBX > from: "****" <******> to: "Robert B." <*****> with subject Fw: A IE 6.0 patch dated Fri, 4 Apr 2003 22:10:12 -0500 > MIME > traditional[1].scr - Win32/Klez.J worm
E:\suzanne's backup\mail backup\Spam.dbx > DBX > from: chinadave <*****> to: ****** with subject Cbc, cbf dated Sun, 27 Apr 2003 21:38:29 -0500 (CDT) > MIME > eBayISAPI[23].exe - Win32/Klez.J worm
E:\suzanne's backup\mail backup\Spam.dbx > DBX > from: Res <******> to: ****** with subject Cbc, cbf dated 2 Jun 2003 21:03:16 +0100 > MIME > eBayISAPI[25].exe - Win32/Klez.J worm
E:\suzanne's backup\mail backup\Spam.dbx > DBX > from: LindisfarnePrints <******> to: *****with subject Re:japanese lass' sexy pictures dated 2 Jun 2003 21:41:17 +0100 > MIME > team.bat - Win32/Klez.J worm
E:\suzanne's backup\mail backup\Spam.dbx > DBX > from: niceoldbooks <******> to: ****** with subject Introduction on ADSL dated 2 Jun 2003 22:01:43 +0100 > MIME > nowrap.pif - Win32/Klez.J worm
E:\suzanne's backup\mail backup\Spam.dbx > DBX > from: stwinefridesschool <******> to: ******with subject A excite game dated 2 Jun 2003 22:43:31 +0100 > MIME > setup.exe - Win32/Klez.J worm
E:\suzanne's backup\mail backup\Spam.dbx > DBX > from: LindisfarnePrints <*******> to: ******* with subject Background dated 3 Jun 2003 19:42:19 +0100 > MIME > your.bat - Win32/Klez.J worm
E:\suzanne's backup\mail backup\Spam.dbx > DBX > from: Girlracerfirmin <*********> to: ****** with subject A IE 6.0 patch dated 3 Jun 2003 21:30:15 +0100 > MIME > Sab.scr - Win32/Klez.J worm
E:\suzanne's backup\mail backup\Spam.dbx > DBX > from: Nacchall <*******> to: ******* with subject W32.Klez.E removal tools dated 3 Jun 2003 20:48:28 +0100 > MIME > setup.exe - Win32/Klez.J worm
number of files scanned: 5237
number of viruses found: 12
time of termination: 12:08:38 total scanning time: 103 sec (00:01:43)
date: 3.11.2003 time: 12:10:48

edited to obscure personal info.

 

Because the viruses are within an OE file, they are stored as a "DBX" file, if Nod was to remove the infected email it would also remove the entire contents of that file (i.e the entire "InBox" folder). So Nod does NOT do this, it advises you exactly where the infected file is, and from there you can delete it.

So, you have 2 options available, first is to back up your current emails OUTSIDE of OE and into for example My Documents\Emails\Inbox (you will have to create these folders) My Documents\Emails\Sent Items etc etc. Then point the Maintenence\Storage Folder in OE to your old OE Backup, and from there delete the infected files.

2nd option is to extract emails from the backup DBX files using an external extracting program and then delete the entire backup DBX files.

OE should be considered like your mail box at home, you don't keep your mail in it, you transfer any wanted mail into your home, this should also be done with each mail that arrives in OE. Keep it outside of OE or delete it. This way your DBX files in OE are always empty and clean (so long as you empty your deleted items folder of OE).

Cheers

 

Since there's no description of the DBX files format provided from Microsoft, it is not possible to modify particular email messages within an Outlook Express DBX file. What you can do in such a case, is to identify a particular message according to its sender or date of receipt, look it up in your OE and delete it manually.

 

So NOD is functioning normally and the options greyed out are just not available in this situation?

 

Exactly as you told.

 

Thanks for the assistance everyone.