Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version)

Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

> I'd just like to see it made as "Idiot Proof" as possible, with the options to tweek if you want

Funny you should say that ... when I asked a Microsoft guy many years ago why MSDOS was so clunky, his reply was that if you want to sell a lot of software you have to make it as idiot-proof as possible.

(You didn't wotk for Microsoft back in the 1980s, did you ?)

 

Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

I came here an hour ago and decided to respond to Phil's post about his test. I finished my response which is below and checked the thread before posting and I see a lot more responses during the time I was trying to explain better what happened to me. As a beta tester, I know to write things down. But this was a PUBLIC beta and I expected only a few small problems so I didn't take notes. I have tested AOL, from the first build, for two years so I do know the protocol for beta testing in the stages up to the public beta or final build before Gold Master. Anyhow, below is what I did as far as I can remember.


>I sent myself a virus with IMON disabled so it would be left in the sent folder. I then did a sys scan with AMON. AMON popped up a warning:

>AMON has detected (name of virus) in object Sent Items.dbx (it gave the full path to the email, including who from, who to and name of virus again)
The popup stated AMON could not clean this object and the ONLY option was to leave.

>I clicked leave and under that popup was another popup stating essentially the same thing -- AMON can not clean this object. The only option was to "Leave".

So, twice it gave the full path C:\*\My Docs\*\Sent Items.dbx\email info (named virus)

Under that was the THIRD popup stating:

AMON has found (name of virus) in (path) Sent Items.dbx

The options then were: Leave, Quarantine, or DELETE

>Please notice it has already said TWO times the *only* thing it can do with the EMAIL itself is to LEAVE it. It has now come up to the file "Sent Items.dbx", which is the ENTIRE sent items file. Now, let's guess exactly what happens if YOU tell it to delete that file.


I don't think your test duplicated what happened to me. I did an on demand scan, from within the NOD Control Center ..not from the desktop shortcut, using the scan button. The scanner never stopped on the virus in the sent folder or on the one in the deleted items folder. I never got a popup about them. The scan took 23 minutes and then the summary showed 16 viruses. I knew I didn't have 16 viruses. I could not look at any logs using the beta version. I had only that summary. I ran the on demand scanner many times and everytime it behaved in this fashion. Note that I'm talking about running it from within the NOD control center. It never stopped on any virus and would only display a brief summary at the end saying how many viruses were found..no details and would not let me look at any logs. If I tried to look at the logs that froze NOD32 and and I had to use c/a/d which closed down NOD32. I could scroll back through every single file to find the red highlighted ones, but that was difficult and I would miss some. Plus, of course, once I closed that session then it was saved to the logs which I could not later access and just trying to access them caused NOD32 to freeze leading to c/a/d which closed NOD down completely.

So, instead, when I decided to try and clean or delete the viruses, I ran the on demand scanner again (from within the control center) and I chose to do the scan from the "clean" button rather than from the "scan" button. When I did that, the scanner stopped first on the yaha.N virus and announced in a popup box that it had found this virus in the deleted items.dbx box and then, under that, gave the name of the email, the sender, recipient, name of the virus and the location which was the deleted items box in OE. I was stunned. I thought I had deleted it off my system when IMON first caught it and put in quarantine and then I deleted it. I immediately went to the deleted items box and sure enough it was there unopened. I went back to the scanner's alert box where I was given the option to leave it or delete it. I did not get any popup boxes under the first box!

The path was very explict giving the exact name of the email "What Does NOD32 call this Sucker", the sender, recipient, and the name of the virus in the attachment and the location of the email in the deleted items box. Since the path given was explict for that ONE email ...not the the deleted items box, I chose to hit the button "delete".

The scanner then continued until it stopped next on the email with the virus in the sent items box. Again, ONE popup box only. The box said there was an email found in the sent items box infected with the magistr virus. It went on to give the same explict path for the infected piece of mail as it had with the infected email earlier. It gave the title of the email "Nod32 Not Detecting One Virus", the sender's name, the recipient's name, and the two viruses (that NOD was detecting) in the attachment and the location of the email as being in the sent items folder. Again Amon said it could not be cleaned but could be deleted. So, I deleted it.

I have no idea why I didn't see any popup boxes under the first one. It must have had something to do with the fact that I first ran the scan using the scan button and then was forced to run it again using the clean button.

The on demand scanner behaved differently if I called it from the desktop short cut than if I called it from within the NOD control center. From the desktop short cut it would report that it found 10 viruses. Run from the NOD control center, it would report it found 16 viruses. This was running the scans back to back. Of course, I could not look at the logs, so I do not know what it flagged because I was running it in scan mode where it would not stop on anything it found.

 

Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

> This is getting a little insane...

Soon you'll all be as nutty as I am.

> NOD32 was generally regarded as an experienced computer users AV. At least that's what I percieved it as when I first heard of it.

Hmmm ... dunno by whom ... we have many thousands of home users who have few (if any) computer skills.

> A piece of software like that means that one has to read the documentation throughly, and then learn it well.

I guess most people are like me ... read the manual when all else fails. (I've been using the complicated Dreamweaver Ultradev for over a year, and the manual has never been out of the box.)

> Although I never had Mele20's dilemna, I just delete infected emails upon sight. I don't care what they look like (although once when I saw an infected email I was able to see who sent it).. and then on the other hand, I think Mele20 said she had somewhere on the neighborhood of 2000 emails saved! That's a hard pill to swallow...

I was detection-testing another AV program a few months ago when I read "Welcome to Microsoft Outlook, first time user!" or something similar in my Inbox. This was the only email left on the hard drive ... the rest had been terminally deleted. Fortunately this was on a test machine. I would have been aggro if it had taken out 2000 emails which I wanted to keep.

> NOD32 will never be able to punch through the consumer market the way they are going. I tried to explain and demonstrate to the IT in our office organization about NOD32, and she just shook her head in 10 minutes, giving me the impression everyone else will find it hard to use..

That's a problem we (and all other software producers) will increasingly have to face in the 21st Century. Computer users have become a race of mouseclickers, and programs which can't accomplish their tasks with the use of zero brainpower are virtually unsaleable.

> I think the nod website turned her off more than anything. She likes the McAfee website because of all the percieved info it has.

We're keeping our fingers crossed for the future in this regard.

> When I told her about VB's scores, she rolled her eyes and said "so what?

You see a lot of that in security forums. "PoopScan was only 0.5% behind NOD32 in detection."

0.5% of 70,000+ viruses is a lot of viruses!

> The beta version looks nice, but if it has all the same problems it has now after public release, I'm afraid I too may have to jump ship.

I doubt that it will. The whole idea of a public beta is to get bug reports/wish lists/etc from the public, then improve the product.

Having said that, I personally think we made a mistake by putting the beta online in Slovakia prematurely. (I didn't even know it was available for download until my daughter read me an email from Paul Wilders about a week later)

> The beta IMON continually crashed and closed Outlook Express when infected email (klez) was coming in...

Hmmmm .... I probably receive more emailed viruses than any ten readers of this forum combined, and I didn't experience a single OE crash while I was using the beta. (I'm back to using the release version on this machine ... I wanted to check out "the release version trashes all your email too", and I haven't had time to re-install the beta.)

> I've got the patience to wait and see..

I think it will be worth the wait.

 

Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

lmao, nope, just have retail experience, dealing with the average computer user through my shop is enough to turn anyone batty

Try dealing with a deaf lip reader (lovelly guy) who can't copy and paste, who has a japanese wife who can only speak very very broken english (it's easier to deal with her ).

Then try getting him on the phone...

Mr X "there's a problem with my computer".

Tech "You need to bring it in"

Mr X "Huh"

Tech "You need to bring it in"

Mr X "What did you say about my sister?"

Tech "You need to bring it in"

Mr X "Huh"

Mr X "How about I bring it in?"

Tech "Good Idea"

Mr X "Huh".....

You get the picture, and he wants to learn, he craves to learn

Retailers must have a screw loose to get into the game

I think Nod is absolutely fantastic, and Eset are on their way to making it even better. Persistance is a virtue or to put it another way:

"Illegitimis non carborundum."

Latin, "Don't let the bastards grind you down."

U.S. General Joseph W. "Vinegar Joe" Stilwell (1883-1946)

Cheers

 

Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

Hi guys
Just a comment.
This have certainly been one of the more entertaining topics on this board
Poor Sylvia, if she only knew what a debate she started here.
But anyway, a good discussion is alway a good thing.
Regards
Ole

 

Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

Mele,

I have just finished another series of tests over the last hour or so and I have NOT been able to reproduce what you saw. <shrug> While I don't doubt what you say, I could NOT get the same on my sys. Oh, to be sure, I did get to a point where I could delete the entire file, but the NOD32 beta let me know *precisely* what I was about to do. Since we are dealing with the beta here, I am going to start a new thread in the beta forum with my test results if you are interested -- complete with nekkid pictures.

Phil

 

Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

Yuck! I am kicking myself for not taking notes! I believe what I related is what happened. But there is the possibility that my memory is not accurate. That, of course, is why I should have taken notes... to make matters worse, I didn't even discover the sent item disaster when it happened. I was in and out and on the phone that day, whereas, usually my attention is not interrupted much at all when on the computer. Oh well...I always like to see nekked pictures!

 

Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

Like I said before, I have a friend who had the same experience as you Mele, he is a MS Beta tester, so he also know's what he is doing

 

Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

Hi

I am sorry to have to learn about a problem with e-mails because of the misfortune of others.

I have both NOD and KAV4pro.
I put a couple of eicar infected e-mails in the deleted folder of OE6.
I ran KAV and it alerted to the virus in the e-mails.
I selected quarantine and it moved the infected e-mails along with all the rest of the contents of the deleted items folder.
Now the deleted items folder is empty.

This is from Kaspersky on its handling of OE E-mail.

“ Most of e-mail applications (e.g. Outlook Express) keep all e-mail messages together with all attachments in one file. If one of these e-mails contains a virus - Antiviral Monitor locks acceess to infected files. If in the Monitor settings you enable option to check e-mail databases - antiviral Monitor locks access to whole e-mail database.”

So the DBX folder is actually one continous file.

Deleting one E-mail is the same as deleting all.

I have been involved with computers and there programs for a long time and there is always something you thought you knew how it functions but find you are wrong.

Regards

 

Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

Hi all,

Please look at this thread.

Here is what I posted at the end of that thread:

sorry, I returned here with a "small" delay caused by too much work with the Beta.

Thank you, Phil for the nice explanation of the .dbx deletion problem. We are sorry that the problem occurred although the user has confirmed the deletion of the .dbx file full of e-mails by herself. Anyway, we admit that the message announcing it was not easily readable. That's why we decided we'll make it safer - the deletion of the e-mail storage files will be disabled in the next beta. This can avoid similar cases in the future.

rgds,

jan