What's wrong with NOD32 2.50?

Discussion in 'NOD32 version 2 Forum' started by gue_st, Nov 7, 2005.

Thread Status:
Not open for further replies.
  1. gue_st

    gue_st Guest

    I have installed NOD32 trial version(2.50) on the internet computer at work, known to be regularly infected. After installation I have done a full virus scan, no viruses found.
    After 2 days I find 4 files infected with Java/ClassLoader.AA. That is strange itself, all the modules were active, so how - AMON will not detect Java infections?
    Next, after Scan&Clean, text says "The file can be deleted. It is strongly recommended that you back up any cruical data before you proceed.", but in Available actions, only "Leave" is available. So, there was no way I could find to clean infection. Panda online scanner cleaned files without any problem.

    Also, I notice that there is no option to scan first and then perform the prompted actions, as it was possible in 2.0.

    Last, what is the "official" way to exit the program? I have been wondering since 2.0 - "Quit" will just exit the user interface, but I cannot see the way to shut down NOD32 completely.

    Thanks.
     
  2. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    Hello!


    Is this Java/ClassLoader.AA in JAR file? AMON doesn't detect viruses in archives.
     
  3. gue_st

    gue_st Guest

    Thanks!

    Yes, infection was in the .zip file, so no problems with detection.

    But there is still a problem with cleaning. I remember having exactly the same problem with some previous version I tested a while ago. And the strangest thing that I cannot find how to scan first and clean after scan is finished, like in 2.0.

    Should have contacted support, but Panda deleted infected files without any warning and backup...
     
  4. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    NOD32 cannot delete archives or clean files inside archives.
     
  5. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Or to expand on what RejZoR said... suppose you have a .zip file with 4 files inside, one of which is a virus. NOD32 will find the virus inside the .zip file, but it does not delete the virus (leaving the other 3 files still inside the .zip), nor does it delete the .zip file itself. I suspect the reason for this is that the other 3 files inside the .zip may potentially be useful. This is why the only option is "Leave".

    By the way, doesn't AMON scan the files inside the .zip once you try to access the files inside?
     
  6. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    if u access those file then i suppose theyre no longer inside the archive and thus would be scanned. its just that AMON wont check inside archives during normal realtime scanning.
     
  7. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Last edited: Nov 7, 2005
  8. DonKid

    DonKid Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    566
    Location:
    S?o Paulo, Brazil
    It could be better if NOD32 could clean or delete inside packed files like KAV can.
    When I get some java infections, I don't like to have the head cut out(infections) and the rest of body (other files called garbage) remaining in my java directory.
    Kaspersky detects and delete all of them.No garbage in my directory.
    In any case I still have 2 samples of infected java called open connection.
    I have submitted them twice about one month ago, and until today, after each update I get, I check them. the last sample I've sent about 2 weeks ago, NOD32 can detect it, the other one from the last month, NOD32 can't detect it.

    Best Regards,

    DonKid.
     
    Last edited: Nov 8, 2005
  9. DonKid

    DonKid Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    566
    Location:
    S?o Paulo, Brazil
    Somebody could help me with this one?

    I unzipped the Open Connection file and NOD32 didn't alert me.
    I've sent it to Virus Total.
    There, NOD32 can detect it.
    So, I clicked over this with right mouse button and started a deep scan.
    Now NOD32 can detect it.
    I'm running Blackspear's setup and I'd like to know why when I unzipped it, NOD didn't detect it ?

    Best Regards,

    DonKid.
     

    Attached Files:

    • NOD.JPG
      NOD.JPG
      File size:
      71.9 KB
      Views:
      117
  10. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    But honestly, how many times you see malware next to perfectly clean files?
    That "clean" file is usually just a support file for malware or something. Or simply benign object that becomes useful only when it's with malware.
    And it's very annoying to search for those files and manually delete them when NOD32 could simply ask you if you want to delete entire archive (simple yes or now dialog that also warns about possibly deleting clean files inside archive). ESET secured from user stupidity while giving users the choice to clean it directly not by manually digging the files.
     
  11. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Scroll up a bit...
     
  12. DonKid

    DonKid Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    566
    Location:
    S?o Paulo, Brazil
    Well,

    I just would like to get a warning from my NOD32 when I unzip an infected file.
     
Thread Status:
Not open for further replies.