Virus found, options greyed out

Discussion in 'NOD32 version 2 Forum' started by defiant, Nov 3, 2003.

Thread Status:
Not open for further replies.
  1. defiant

    defiant Registered Member

    Joined:
    Nov 3, 2003
    Posts:
    10
    I've been using the trial version of NOD32 v.2 for over a week now and I have a question for the veteran NOD32 users here. NOD32 reports that there are several infiltrations in a few Outlook Express database files I have stored as back-ups(not currently in use by OE). The only option given to me by NOD is to "Leave" the infiltration; all other options are greyed out. Is this normal or is there something wrong here?
     
  2. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    Hi Defiant,
    This is radicalb21. I'll try and help you the best I can so here goes first could you please post a screenshot of your system information from the NOD32 Control Center. Second could you also post screenshots of the SetUp tab as well as the Action tab of Nod32v2. Also please post screenshots of the infiltration (virus found) message box. Please also include copys of your event logs and virus logs.
     
  3. defiant

    defiant Registered Member

    Joined:
    Nov 3, 2003
    Posts:
    10
    Options greyed out.
    edited to obscure personal info
     

    Attached Files:

    • nod1.jpg
      nod1.jpg
      File size:
      91.7 KB
      Views:
      977
  4. defiant

    defiant Registered Member

    Joined:
    Nov 3, 2003
    Posts:
    10
    Setup tab
     

    Attached Files:

    • nod2.jpg
      nod2.jpg
      File size:
      58.2 KB
      Views:
      977
  5. defiant

    defiant Registered Member

    Joined:
    Nov 3, 2003
    Posts:
    10
    actions tab
     

    Attached Files:

    • nod3.jpg
      nod3.jpg
      File size:
      56.7 KB
      Views:
      977
  6. defiant

    defiant Registered Member

    Joined:
    Nov 3, 2003
    Posts:
    10
    Time   Module   Event   User
    11/3/2003 12:07:58 PM   NOD32   An infiltration has been detected. See the on-demand scanner Log for details.   SONYVAIO\Rob
    11/3/2003 11:07:46 AM   NOD32   An infiltration has been detected. See the on-demand scanner Log for details.   SONYVAIO\Rob
    11/3/2003 9:34:17 AM   Kernel   The virus signature database has been updated successfully to version 1.549 (20031103).   
    11/3/2003 8:34:23 AM   Update   Update attempt terminated with error (Server connection failure)   
    11/3/2003 7:01:35 AM   NOD32   An infiltration has been detected. See the on-demand scanner Log for details.   NT AUTHORITY\SYSTEM
    11/1/2003 19:30:51 PM   NOD32   An infiltration has been detected. See the on-demand scanner Log for details.   NT AUTHORITY\SYSTEM
    10/31/2003 13:32:42 PM   Kernel   The virus signature database has been updated successfully to version 1.548 (20031031).   
    10/30/2003 11:32:15 AM   Kernel   The virus signature database has been updated successfully to version 1.547 (20031030).   
    10/29/2003 12:31:24 PM   Kernel   The virus signature database has been updated successfully to version 1.546 (20031029).   
    10/28/2003 12:33:30 PM   Kernel   The virus signature database has been updated successfully to version 1.545 (2003102:cool:.   
    10/28/2003 12:33:13 PM   Update   Error connecting to server www.nod32.com.   
    10/28/2003 12:33:10 PM   Update   Error connecting to server www.eset.sk.   
    10/27/2003 12:51:28 PM   Kernel   The virus signature database has been updated successfully to version 1.544 (20031027).   
    10/27/2003 9:51:03 AM   Update   Error connecting to server www.eset.sk.   
    10/25/2003 22:33:27 PM   Update   Error connecting to server www.nod32.com.   
    10/25/2003 11:12:56 AM   Update   Error connecting to server www.esetsoftware.com.   
    10/24/2003 12:31:55 PM   Kernel   The virus signature database has been updated successfully to version 1.543 (20031024).   
    10/24/2003 11:32:25 AM   Update   Update attempt terminated with error (Server connection failure)   
    10/24/2003 10:32:14 AM   Kernel   The virus signature database has been updated successfully to version 1.542 (20031024).   
    10/24/2003 8:32:05 AM   Kernel   The virus signature database has been updated successfully to version 1.542 (20031024).   
    10/24/2003 8:31:52 AM   Update   Error connecting to server www.eset.sk.   
    10/24/2003 2:20:42 AM   Kernel   The virus signature database has been updated successfully to version 1.541 (20031023).   
     
  7. defiant

    defiant Registered Member

    Joined:
    Nov 3, 2003
    Posts:
    10
    log screenshot
     

    Attached Files:

  8. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    I noticed from your screenshots that you have multiple infiltrations in your OE .dbx database. Please post the information from your virus log or tell us what viruses have been detected. Once you tell us what they are I hope to be able to tell you what to do and if not I'll point you in the right direction to get a solution to your problem. Also if could send the quarantined files to samples@nod32.com .
     
  9. defiant

    defiant Registered Member

    Joined:
    Nov 3, 2003
    Posts:
    10
    It's a little lengthy but here is goes:

    Scanning Log
    NOD32 version 1.549 (20031103) NT
    Command line: E:\suzanne's backup\mail backup
    Checking CRC of the NOD32.EXE file: status OK
    Operating memory is OK.
    Error occured while scanning MBR sector of the 3. physical disk. Error reading sector.
    date: 3.11.2003 time: 12:06:55
    Scanned disks, directories and files: E:\suzanne's backup\mail backup\
    E:\suzanne's backup\mail backup\Ebay Listings.dbx > DBX > from: listingconfirm@ebay.com to: ***** with subject eBay Listing Confirmation - Item 1045299345: Put-I dated Fri, 07 Dec 2001 15:33:51 PST > MIME > part001.htm - error occured while reading archive
    E:\suzanne's backup\mail backup\Ebay Listings.dbx > DBX > from: listingconfirm@ebay.com to: ******* with subject eBay Listing Confirmation - Item 1045302004: Put I dated Fri, 07 Dec 2001 15:42:30 PST > MIME > part001.htm - error occured while reading archive
    E:\suzanne's backup\mail backup\Ebay Listings.dbx > DBX > from: listingconfirm@ebay.com to: ******* with subject eBay Listing Confirmation - Item 1045311460: Put I dated Fri, 07 Dec 2001 16:04:44 PST > MIME > part001.htm - error occured while reading archive
    E:\suzanne's backup\mail backup\Inbox.dbx > DBX > from: CDwyer <*****> to: ****** with subject ACCESSKEY dated Thu, 19 Dec 2002 07:04:47 -0500 (EST) > MIME > class.bat - Win32/Klez.J worm
    E:\suzanne's backup\mail backup\Inbox.dbx > DBX > from: Mail Delivery Subsystem <MAILER-DAEMON@aol.com> to: <******> with subject Returned mail: Host unknown (Name server: home.com dated Fri, 20 Dec 2002 12:27:41 -0500 (EST) > MIME > Ymo.scr - Win32/Klez.J worm
    E:\suzanne's backup\mail backup\Inbox.dbx > DBX > from: Mail Delivery Subsystem <mailer-daemon@comcast.net> to: <******> with subject Returned mail: delivery problems encountered dated 26 Aug 2003 1:43:42 +0000 > MIME > wicked_scr.scr - Win32/Sobig.F worm
    E:\suzanne's backup\mail backup\Sent Items.dbx > DBX > from: "****" <******> to: "Robert B." <*****> with subject Fw: A IE 6.0 patch dated Fri, 4 Apr 2003 22:10:12 -0500 > MIME > traditional[1].scr - Win32/Klez.J worm
    E:\suzanne's backup\mail backup\Spam.dbx > DBX > from: chinadave <*****> to: ****** with subject Cbc, cbf dated Sun, 27 Apr 2003 21:38:29 -0500 (CDT) > MIME > eBayISAPI[23].exe - Win32/Klez.J worm
    E:\suzanne's backup\mail backup\Spam.dbx > DBX > from: Res <******> to: ****** with subject Cbc, cbf dated 2 Jun 2003 21:03:16 +0100 > MIME > eBayISAPI[25].exe - Win32/Klez.J worm
    E:\suzanne's backup\mail backup\Spam.dbx > DBX > from: LindisfarnePrints <******> to: *****with subject Re:japanese lass' sexy pictures dated 2 Jun 2003 21:41:17 +0100 > MIME > team.bat - Win32/Klez.J worm
    E:\suzanne's backup\mail backup\Spam.dbx > DBX > from: niceoldbooks <******> to: ****** with subject Introduction on ADSL dated 2 Jun 2003 22:01:43 +0100 > MIME > nowrap.pif - Win32/Klez.J worm
    E:\suzanne's backup\mail backup\Spam.dbx > DBX > from: stwinefridesschool <******> to: ******with subject A excite game dated 2 Jun 2003 22:43:31 +0100 > MIME > setup.exe - Win32/Klez.J worm
    E:\suzanne's backup\mail backup\Spam.dbx > DBX > from: LindisfarnePrints <*******> to: ******* with subject Background dated 3 Jun 2003 19:42:19 +0100 > MIME > your.bat - Win32/Klez.J worm
    E:\suzanne's backup\mail backup\Spam.dbx > DBX > from: Girlracerfirmin <*********> to: ****** with subject A IE 6.0 patch dated 3 Jun 2003 21:30:15 +0100 > MIME > Sab.scr - Win32/Klez.J worm
    E:\suzanne's backup\mail backup\Spam.dbx > DBX > from: Nacchall <*******> to: ******* with subject W32.Klez.E removal tools dated 3 Jun 2003 20:48:28 +0100 > MIME > setup.exe - Win32/Klez.J worm
    number of files scanned: 5237
    number of viruses found: 12
    time of termination: 12:08:38 total scanning time: 103 sec (00:01:43)
    date: 3.11.2003 time: 12:10:48

    edited to obscure personal info.
     
  10. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Because the viruses are within an OE file, they are stored as a "DBX" file, if Nod was to remove the infected email it would also remove the entire contents of that file (i.e the entire "InBox" folder). So Nod does NOT do this, it advises you exactly where the infected file is, and from there you can delete it.

    So, you have 2 options available, first is to back up your current emails OUTSIDE of OE and into for example My Documents\Emails\Inbox (you will have to create these folders) My Documents\Emails\Sent Items etc etc. Then point the Maintenence\Storage Folder in OE to your old OE Backup, and from there delete the infected files.

    2nd option is to extract emails from the backup DBX files using an external extracting program and then delete the entire backup DBX files.

    OE should be considered like your mail box at home, you don't keep your mail in it, you transfer any wanted mail into your home, this should also be done with each mail that arrives in OE. Keep it outside of OE or delete it. This way your DBX files in OE are always empty and clean (so long as you empty your deleted items folder of OE).

    Cheers :D
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Since there's no description of the DBX files format provided from Microsoft, it is not possible to modify particular email messages within an Outlook Express DBX file. What you can do in such a case, is to identify a particular message according to its sender or date of receipt, look it up in your OE and delete it manually.
     
  12. defiant

    defiant Registered Member

    Joined:
    Nov 3, 2003
    Posts:
    10
    So NOD is functioning normally and the options greyed out are just not available in this situation?
     
  13. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    Exactly as you told. :cool:
     
  14. defiant

    defiant Registered Member

    Joined:
    Nov 3, 2003
    Posts:
    10
    Thanks for the assistance everyone.
     
Thread Status:
Not open for further replies.