NOD32 Missed MyDoom

[Colin Steadman]

Until tonight I didn't have a scanner installed. I used to have
McAfee VirusScan online, but the licence expired and I removed it from
my system because it was the most annoying piece of software I have
ever had the displease of using!

Anyway since its been some months since I used that annoying software
I thought I'd better check my system and tried free Online scan that
Mcafee provide. It detected MyDoom hidden in a file called
documents.zip in the Documents and Settings folder.... Oh dear.

So not wanting to use Mcafee's very obtrusive Online scanner I opted
to try NOD32 which had previously been a recommendation in this
newsgroup when I had previously complained about VirusScan Onlines
pestering ways. However when I ran it, it did not detect the virus.
So, I found the Scanning Targets option and told it exactly where the
infected file was. Bingo, it found it this time. However it did not
clean it. So just out of interest I unzipped the infected file and
ran it. To NODs credit it did pop-up a warning. However when I ran
the scanner again it dected 14 infected files. So I used the Clean
button. The end report now says I have 1 infected file...

number of files scanned: 13010
number of viruses found: 1
time of termination: 23:40:26 total scanning time: 248 sec (00:04:08)

Its quick but I'm not convinced that its doing its job properley, why
is this file still infected if I've asked for it to be cleaned? Could
anyone offer any advice as to how it should be setup. There are over
100,000 files on my PC, but I cant see any options that would allow me
to scan all those files.


TIA
Colin

 

[Carl Farrington]

Until tonight I didn't have a scanner installed. I used to have
McAfee VirusScan online, but the licence expired and I removed it from
my system because it was the most annoying piece of software I have
ever had the displease of using!

Anyway since its been some months since I used that annoying software
I thought I'd better check my system and tried free Online scan that
Mcafee provide. It detected MyDoom hidden in a file called
documents.zip in the Documents and Settings folder.... Oh dear.

So not wanting to use Mcafee's very obtrusive Online scanner I opted
to try NOD32 which had previously been a recommendation in this
newsgroup when I had previously complained about VirusScan Onlines
pestering ways. However when I ran it, it did not detect the virus.
So, I found the Scanning Targets option and told it exactly where the
infected file was. Bingo, it found it this time. However it did not
clean it. So just out of interest I unzipped the infected file and
ran it. To NODs credit it did pop-up a warning. However when I ran
the scanner again it dected 14 infected files. So I used the Clean
button. The end report now says I have 1 infected file...

number of files scanned: 13010
number of viruses found: 1
time of termination: 23:40:26 total scanning time: 248 sec (00:04:08)

Its quick but I'm not convinced that its doing its job properley, why
is this file still infected if I've asked for it to be cleaned? Could
anyone offer any advice as to how it should be setup. There are over
100,000 files on my PC, but I cant see any options that would allow me
to scan all those files.


TIA
Colin

IMO version 2 isn't as good as version 1 was. Except the POP3 filter is
better. The options for AMON Actions are crap - you can no longer set
"clean, then delete if uncleanable". The only way you can clear uncleanable
viruses is by setting it to pop up the alert window.

 

[FromTheRafters]

Until tonight I didn't have a scanner installed.

Uh huh.

I used to have
McAfee VirusScan online, but the licence expired and I removed it from
my system because it was the most annoying piece of software I have
ever had the displease of using!

Uh huh.

Anyway since its been some months since I used that annoying software
I thought I'd better check my system and tried free Online scan that
Mcafee provide. It detected MyDoom hidden in a file called
documents.zip in the Documents and Settings folder.... Oh dear.

Uh huh. No worries.

So not wanting to use Mcafee's very obtrusive Online scanner I opted
to try NOD32 which had previously been a recommendation in this
newsgroup when I had previously complained about VirusScan Onlines
pestering ways.
Okay.

However when I ran it, it did not detect the virus.

There are many configuration options aren't there?
Scan all files? Scan wihtin archives?

So, I found the Scanning Targets option and told it exactly where the
infected file was. Bingo, it found it this time.

Oh, so there's hope.

However it did not clean it.

It is not a virus, so cleaning is not an option. That would be
like trying to clean dirt. Quarantine (preferred) or delete
the file (if that is an option).

So just out of interest I unzipped the infected file and ran it.

Not really the best idea you've ever had I hope. ;o)

To NODs credit it did pop-up a warning.

What did it say? What choices did it give you? Which
did you choose?

However when I ran the scanner again it dected 14 infected files.

Infected with what?

It appears that the worm ran and installed itself. Were the
14 "infected" files in your KaZaA folder?

So I used the Clean
button. The end report now says I have 1 infected file...
Where?

[snip]

Its quick but I'm not convinced that its doing its job properley,

I'm far from convinced that you are doing *yours* properly.

NEVER allow your AV program to intervene on your behalf ~
it is simply too risky.

why is this file still infected if I've asked for it to be cleaned?

Could be it was protected by the OS because it was "in use".

Could anyone offer any advice as to how it should be setup.

Sorry, I don't use that program so I can't help there. There are
probably some anonymous NOD32 users lurking about that
can help with that.

There are over 100,000 files on my PC,

Consider yourself lucky that they are all still there.

 

[Duane Arnold]

Its quick but I'm not convinced that its doing its job properley, why
is this file still infected if I've asked for it to be cleaned? Could
anyone offer any advice as to how it should be setup. There are over
100,000 files on my PC, but I cant see any options that would allow me
to scan all those files.


TIA
Colin

Off of the Setup tab, there is a Extention button and the screen has an All
Files checkbox. As for not cleaning a file, so far, I have just deleted one
file that was infected that NOD detected on the drive.

Duane

 

[Colin Steadman]

Uh huh.


Uh huh.


Uh huh. No worries.


There are many configuration options aren't there?
Scan all files? Scan wihtin archives?


Oh, so there's hope.


It is not a virus, so cleaning is not an option. That would be
like trying to clean dirt. Quarantine (preferred) or delete
the file (if that is an option).

Ahhh I see. I thought there would be a good explanation.

Not really the best idea you've ever had I hope. ;o)

I was in a mischievious mood, and I did make sure my internet
connection was locked down with ZoneAlarm Pro first.

What did it say? What choices did it give you? Which
did you choose?

I cant remember now. From here on in it got very confusing.

Infected with what?

It appears that the worm ran and installed itself. Were the
14 "infected" files in your KaZaA folder?

I'm not sure now I think it was the summary you get when you click a
module in the Control Centre window. I dont know the application well
enough to say for sure. It was not the on demand scanner though. My
thinking is that it found them in my delete items folder from Outlook
Express. I've had a few dodgy emails come in over time and I've
deleted them. Seems the things are still hanging around in a mail
folder. I defintely saw a couple of MiMail virus warnings that
confirm this.

But look at this log I've just uploaded to my site. It says its
deleted the same file a few times. I would have thought that after
cleaning/deleting an infected file I would be virus free??? Why is it
still being detected?

http://www.colinsteadman.com/log.txt

Where?

Ahhh, false alarm. It was another MiMail in my mail programs trash
folder. NOD32 cant clean it. Still doesn't explain why it cleaned
MyDoom serveral times.

[snip]

Its quick but I'm not convinced that its doing its job properley,

I'm far from convinced that you are doing *yours* properly.

NEVER allow your AV program to intervene on your behalf ~
it is simply too risky.

Your right, I'm probably not. But I think I've seen enough to put me
off NOD32. A program doing this job shouldn't make the user work to
hard to achieve effective protection. I think I've lost faith in it.
McAfee Online was annoying, but appart from the update hassle, it did
seem user friendly and rock solid.

Could be it was protected by the OS because it was "in use".

Maybe. But I dont think so, why would a zip file be in use?

Sorry, I don't use that program so I can't help there. There are
probably some anonymous NOD32 users lurking about that
can help with that.

Whats your choice of scanner?

Consider yourself lucky that they are all still there.

)


Colin

 

[SecurityDude]

http://www.wilderssecurity.com/index.php

try the nod32 support group here