Suggestions always welcome.
 
  
 

Home

 
  
 

NOD32 FAQ Table of Contents

  1. I need additional help with NOD32. How do I get help?
  2. NOD32 will not update, what should I do (and Symantec's Norton Antivirus removal instructions)?
  3. How long are the updates and upgrades free?
  4. My e-mail address has changed. Does NOD32-AV need to know about it?
  5. I have paid. What is next?
  6. I had the trial version installed before. Do I have to uninstall it first?
  7. What will I get with the download?
  8. What version of NOD32 should I download?
  9. How do I install the NOD32 antivirus system?
  10. What needs to be configured during the installation and how?
  11. What needs to be done after installation?
  12. How do I know the NOD32 system works on my computer properly?
  13. How does the NOD32 antivirus system work?
  14. How can I find out whether my NOD32 is up to date?
  15. How do I uninstall the NOD32 antivirus system?
  16. Will NOD32 Control Center automatically dial an update server?
  17. Can NOD32 be updated without access to the Internet?
  18. Error connecting to server.
  19. I have a problem with updating from the mirror on a Windows NT/2000/2003/XP machine. What to do?
  20. (121) NOD32MOD_WINNT_ENGLISH_INET
  21. After installing NOD32 internet access is broken.
  22. My NOD32 is password protected and the password does not work.  How can I unlock it?
  23. I uninstalled an antivirus and installed NOD32.  The system does not function properly (or update).
  24. Why is NOD32 faster than my previous antivirus?
  25. NOD32 shows many files with "error opening - (File locked) [4]" what does this mean?
  26. NOD32 specific error codes and their meaning
  27. How do I test IMON in NOD32 to ensure it is working properly?
  28. I just installed NOD32 and I am infected with Virtumonde.O and I can not remove it.  What do I do?
  29. Definitions of Virus, Worm, Trojan, Adware, Spyware and Riskware.
  30. McAfee Removal Instructions for Desktop Products.
  31. NOD32 was installed and there is an infected dll and it can not be removed.  What can I do?
  32. My Email account (e.g. gmail) uses port 995 (SSL) will IMON work?
  33. Can I keep Norton System Works 2003 and use NOD32?
  34. How can AMON be configured to not prompt every time a virus is detected?
  35. How can IMON be prevented from displaying a message when viruses are found?
  36. How can NOD32's On-Demand Scanner be prevented from prompting each time a virus is found?
  37. Why does NOD32 hang on installation?
  38. Error occurred while scanning active boot sector of the 1. physical disk. Error reading sector.
  39. Outlook does not shut down properly.
  40. What is the latest regarding NOD32 v2.7?

I need additional help with NOD32. How do I get help?

Support is free as long as a valid license is held through purchasing from computersecurityassociates.com. One can use either support @ computersecurityassociates.com, the telephone numbers provided here, or with an instant messenger program (i.e. GAIM, Trillian, Yahoo! messenger, MSN messenger, ICQ, etc.) using nod32av @ hotmail.com, nod32av @ yahoo.com or 2052440 for ICQ.

 

There is also a support request form here.

Back to Top

NOD32 will not update, what should I do?

First, one must ensure that the Username and Password that was sent by NOD32-AV is used (not ones made up by the person installing). 
Then one must ensure that they are being copied exactly as given. These are case sensitive - we suggest using cut and paste to ensure 
exact transcription. 
 
This can generally happen for the below reasons.



1. Try copying and pasting the provided username/password into the NOD32 Control Center - Update-Setup boxes and retry updating.



2. Username and password have expired.

Fix: Obtain a renewal license from the purchasing page.



3. Corrupt registry entry.

Fix: Blank the current username and password and perform a manual update.  Copy and paste back in the current username/password and perform a 
manual update.



4. Previous antivirus program never fully removed due to an incomplete uninstall.

	A. For Symantec's Norton Antivirus versions 2003/2004/2005/2006/2007 follow the instructions here.



5. Security software such as Norton Password Manager are enabled (disable and perform an update).



6. When #4 is used, it is also a good practice to run winsockxpfix to ensure internet connectivity is not lost after removal.



This will repair the TCP/IP stack which is used to communicate on the internet.
Ensure IMON is re-enabled, since this utility will disable its functionality (if run when NOD32 is already installed).
 
7. *** Ensure all programs are downloaded and placed in a location that is easy to find before proceeding.
 
8. Software Firewall is blocking NOD32KRN from inbound/outbound internet communication.  Enable the NOD32KRN access to the internet.
 
9. A transparent proxy may be enabled at your ISP (Internet Service Provider) which may cache older update files.  Please check with your ISP to see if this scenario is applicable.
Back to Top

How long are the updates and upgrades free?

If you use a commercial version of NOD32, updates of the virus signature database and program components are free for the duration of your subscription.
Even after your subscription runs out, you can still use NOD32, but will not receive further updates which is crucial for maintaining detection 
capabilities of any antivirus program. 



If you are evaluating NOD32 with a trial version, you will be able to update the virus signature database (not program components) during the 30-day 
trial period. The only limitation of the trial version is that it does not support incremental updates. Therefore updates are always about 2 MB in size. 
Back to Top

My e-mail address has changed. Does NOD32-AV need to know about it?

It is not crucial to notify NOD32-AV about the change of your email address, however, a valid email address would help us look up your license in

case you lose your username and password.
Back to Top

I have paid. What is next?

Within 24 hours (normally a few minutes) you should receive a message from NOD32-AV with your Username and Password. Using them, you will be able to download the particular 
version of NOD32 you purchased from our downloads page.



Should you not receive an email message with your username and password, please contact .


Please, always enclose the confirmation email with the invoice number you should have received after the purchase.



Some E-mail providers have spam blockers (e.g. gmail, hotmail, yahoo, aol, verizon) and perceive the NOD32 license as such (because it is so popular J ).  
An alternate method will be provided if this is the case and it can not be retrieved.
Back to Top

I had the trial version installed before. Do I have to uninstall it first?

No, it is not necessary to uninstall the trial version before installing the commercial one. Just use the Full Version button in the NOD32 Control Center (Update-Update).
Enter in your username/password from the licensing e-mail and you will be automatically upgraded.
Back to Top

What will I get with the download?

You will download an executable file to your desktop (or other directory that you specify) - that file must be "extracted", by simply
double clicking on it, to install NOD32.
Back to Top

What version of NOD32 should I download?

Please find out the type and version of your operating system first. Then search for the appropriate NOD32 version on our

Downloads page and download it. Do not forget to update NOD32 to the latest version 
after installation by clicking on the Update button in the NOD32 Control Center.
Back to Top

How do I install the NOD32 antivirus system?

The NOD32 installers available on our website are indeed self-extracting archives. After you download the particular installer and save it to disk, 
run it from that location. The files will be extracted (by default, to C:\Program Files\Eset\Install directory) and the setup program will be 
launched automatically.
Back to Top

What needs to be configured during the installation and how?

NOD32 offers you 3 types of installation, each one offering you a different level of customization: Typical, Medium and Expert.



For most users it is sufficient to install NOD32 in Typical installation mode. In this mode, the installer will only prompt to enter your 
username and password which will later be used for updating (or you can choose to set these parameters later). 
Also, you can specify if you want AMON (the on-access scanner) to run automatically at startup. 
This option SHOULD BE ENABLED unless you have another resident protection currently running.



In contrast, Medium and Expert installation levels provide more detailed configuration options. For more information on installing NOD32, please 
read the setup tutorial here.
 
A customized installer is also available for CSA clients that automatically configures NOD32 optimized.  E-mail nod32 @ computersecurityassociates.com for more information.
Back to Top

What needs to be done after installation?

After NOD32 has been installed, it is highly recommended that you immediately update the virus signature database to the most current version in 
order to get maximum protection capabilities. It is also highly recommended to read through the setup tutorial
here.
Back to Top

How do I know the NOD32 system works on my computer properly?

The most crucial module, which should be running all the time, is the on-access scanner AMON. Having it running is indicated by a white-green icon 
in the lower-right corner of your screen (hide inactive icons may be turned on which may deter NOD32 from showing - please turn this option off).
Back to Top

How does the NOD32 antivirus system work?

Basically the system functions in two ways:

First, the conventional "identification by signature or file name" which is common to all current antivirus programs.

Second, by using heuristics (standard or advanced) to check other file characteristics which may be indicative of malware.

Back to Top

How can I find out whether my NOD32 is up to date?

The version number of the currently installed virus signature database appears in the status window of all NOD32 modules as well as among 
NOD32 System information. If your NOD32 is out-dated, a pop-up notification window will appear at NOD32's startup. 
To ensure one has the most current version installed, visit our website www.computersecurityassociates.com and compare the version number provided by your NOD32 with 
that listed on the website.



Alternatively, you can connect to the Internet and press the Update now button manually. NOD32 will subsequently be updated to the most current 
version, or you will get a message that your NOD32 is up to date (when not running in silent mode). 
Back to Top

How do I uninstall the NOD32 antivirus system?

NOD32 can be uninstalled directly from the Start menu - Programs (All programs) - Eset - Uninstall, or 
through Start - Settings - Control panel - Add / Remove programs.
Back to Top

Will NOD32 Control Center automatically dial an update server?

No, at the time an update is to be performed it's crucial to have a connection to the Internet already established.
Back to Top

Can NOD32 be updated without access to the Internet?

Yes - typically one computer in the network is set up as the update server - that computer is linked to the Internet and is updated from the 
NOD32 servers. 
Other computers in the network go to this update server for updates. For more information, please read the Guide for network administrators.
Back to Top

Error connecting to server.

NOD32 was not able to connect to an update server. Please check the following:

 

1. Ensure an Internet connection is already established before you perform update.

 

2. Ensure a correct server is selected from the pull-down menu in the Update setup (if you update NOD32 from the Internet, it should be 
    set to Choose automatically). 
    If you update NOD32 from a local network and encounter this error, please contact your network administrator for the exact path to the mirror .



3. If you are using a firewall, ensure the NOD32krn service is permitted access to the Internet.



4. If you are using a proxy server, ensure the connection parameters are set properly in the advanced Update setup - 
   LAN setup (if the proxy server requires authentication, make sure a correct login name and password are specified).



5. If you are not using a proxy server, ensure the use of proxy server is disabled.
 
6. There are more than 1 (one) NOD32 update servers.  From time to time a server may become overloaded with requests or have maintenance performed.  
    When that happens, the server will error out and proceed to the next update server.  Generally this is not cause for alarm unless it is happening for all servers in the list.


Should the problem persist, please contact nod32 [@] computersecurityassociates.com.
Back to Top

I have a problem with updating from the mirror on a Windows NT/2000/2003/XP machine. What to do?

There are three possibilities as how to accomplish the update in a network environment:



Updating via HTTP

Updating via Windows shares using the system account

Updating via Windows shares as the currently logged in user



For more information on updating NOD32 in a corporate network environment, please read the Guide for network administrators found on the downloads page.
Back to Top

(121) NOD32MOD_WINNT_ENGLISH_INET

Means IMON could not install.  Removal of some programs also removes critical windows files.  Run "sfc /scannow" from the Run prompt.
Ensure any security programs are disabled.
Have the original Windows installation CD on hand (may be prompted to insert depending upon the installation method of Windows).
Back to Top

After installing NOD32 internet access is broken.

This can occur for many reasons.  Typically another software program has written to the TCP/IP stack and has either not fully removed itself and broken 
the entries with non-existent files and/or settings.  Running the tool found here should repair the TCP/IP stack allowing internet access to function
.
Back to Top

 


My NOD32 is password protected and the password does not work.  How can I unlock it?

Run the utility found here.  Copy the code into an e-mail and send to nod32 @ computersecurityassociates.com.  An unlock code will be sent (only for nod32-av (CSA) clients).
Ensure to include your username and original e-mail address.
Back to Top

I uninstalled an antivirus and installed NOD32.  The system does not function properly (or update).

When an antivirus is uninstalled from a computer, many times (depending on the configuration used) critical windows system files will be removed.
Have the Windows installation CD ready and type "sfc /scannow" (without the quotes) from the Start/Run line.  If after running, the system asks to reboot, 
critical windows files (and/or settings) have been replaced (or re-installed) to their stable versions.
Back to Top

Why is NOD32 faster than my previous antivirus?

NOD32's core is written in assembly (the closest to binary, which is the language of a computer) making it the fastest antivirus in the world.  More on assembly here.
Other higher level programs (Antivirus in general) must run through more CPU cycles to be decoded (interpreted) and used by a system.  NOD32 allows a
system to run as fast as it can (using less resources - CPU cycles/Memory) while being protected from threats.
Back to Top

NOD32 shows many files with "error opening - (File locked) [4]" what does this mean?

NOD32 passes information from the Operating System regarding which files can not be accessed for scanning.  Typically these files are in use by
the Operating System itself and can not be scanned.  Files may also be encrypted (or password protected), not allowing access (i.e. Adaware, 
SpyBot S&D and other security programs).
 
This is normal for any On Demand scanning antivirus program.  Why do you need to see it?  If NOD32 was downloaded to an infected system, some files may be
inaccessible (infected, or the infection itself) through normal windows.  This will help in the troubleshooting process if needed.  Well-trained eyes can diagnose
the issue to help recover the system to a non-infected state.
 
Rebooting into safe mode and running a Scan & Clean will generally eliminate the threat.
Always disable System Restore when attempting to clean an already infected system.  This will eliminate the ability of System Restore to put the infected file(s)
back during the boot process after a Scan & Clean has been performed and a reboot is necessary.
 
Here are some examples of Operating System files (or encrypted/password protected) that are in use and can not be accessed for scanning.
 
C:\Documents and Settings\username\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Documents and Settings\username\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\default - error opening (File locked) [4]
C:\WINDOWS\system32\config\DEFAULT.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\SECURITY - error opening (File locked) [4]
C:\WINDOWS\system32\config\SECURITY.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\system - error opening (File locked) [4]
C:\WINDOWS\system32\config\SYSTEM.ALT - error opening (File locked) [4]
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask »ZIP »glyph7.bmp - error - password-protected file
Back to Top

NOD32 specific error codes and their meaning.

Error and Meaning

101 administration rights required

102 no configuration file specified

103 lack of memory

104 old version of the Operating System

105 cannot create a temporary folder to extract the installation files

106 error extracting files

107 internal program error

108 attempting to overinstall with an older component

109 internal program error

110 internal program error

111 cannot create a file on the disk

112 internal program error

113 internal program error

114 SETUP.XML corrupt or missing

115 the current version not compatible with the old version (you need to uninstall the old version)

116 error writing to the operating system registry

117 upgrade required

118 attempting to overinstall with a different language version (uninstall the previous version first)

119 corrupt uninstall file

120 registering service error

121 component installation error

122 cannot install a certain component to the computer

123 attempting to install the trial version again error

124 wrong Operating System, the installer is intended for the Windows NT/2000/XP/2003 Operating System

125 wrong Operating System, the installer is intended for the Windows 95/98/ME Operating System
Back to Top

How do I test IMON in NOD32 to ensure it is working properly?

Try any of these downloads.  If IMON is functioning properly, these files should be blocked from getting to the hard disk drive (typically C:).
 
These are not live viruses, but test viruses that can not cause any harm even if run.
 
Test 1
Test 2
Test 3
Test 4
 
Back to Top

I just installed NOD32 and I am infected with Virtumonde.O and I can not remove it.  What do I do?

Virtumonde.O has the same characteristics as the Agent.CS Trojan.
 
Eset has a cleaner developed by Paolo Monti of Italy to remove.  Which is much easier than the difficult removal instructions found on the internet.
 
Download the file here.
 
Extract the zip file to a directory on your hard drive.
 
Run the utility (AGCSCLEAN.exe).  The cleaner will not find the Agent.CS and will ask for the location of the .dll file.  NOD32 will have a window showing the location.
 
Browse to the file and select it.  A reboot must occur after running the utility.  **This utility only works on Windows 2000 and above.
 
The warning should now be gone.  Registry entries created by Virtumonde.O are also removed.
 
Thank you Paolo!
Back to Top

Definitions of Virus, Worm, Trojan, Adware, Spyware and Riskware.

Virus - A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.

 

Worm - A program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the computer's resources and possibly shutting the system down.
 
Trojan - A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.
 
The term comes from the Greek story of the Trojan War, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.

 

Adware - A form of spyware that collects information about the user in order to display advertisements in the Web browser based on the information it collects from the user's browsing patterns.

 

Spyware - Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.

Spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else. A common way to become a victim of spyware is to download certain peer-to-peer file swapping products that are available today.

Aside from the questions of ethics and privacy, spyware steals from the user by using the computer's memory resources and also by eating bandwidth as it sends information back to the spyware's home base via the user's Internet connection. Because spyware is using memory and system resources, the applications running in the background can lead to system crashes or general system instability.

Because spyware exists as independent executable programs, they have the ability to monitor keystrokes, scan files on the hard drive, snoop other applications, such as chat programs or word processors, install other spyware programs, read cookies, change the default home page on the Web browser, consistently relaying this information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party.

Licensing agreements that accompany software downloads sometimes warn the user that a spyware program will be installed along with the requested software, but the licensing agreements may not always be read completely because the notice of a spyware installation is often couched in obtuse, hard-to-read legal disclaimers.

 

Riskware - Possibly a legitimate program used for nefarious purposes.  mIRC is well known for being used in such a manner to allow unscrupulous people to access a computer for their own purposes (e.g. uploading and downloading files for use by others in an mIRC channel).

 

Back to Top

 


NOD32 was installed and there is an infected dll and it can not be removed.  What can I do?

Download the file located here and extract to a directory of choice.  Run the undll.exe file extracted to the directory of choice.  It may be necessary to turn off AMON's detection of the file for the cleaning process to complete.
Back to Top

My email account uses port 995 (SSL) will IMON work?

Currently there is not an antivirus program that can natively scan SSL (Secure Socket Layer) connections (they are encrypted).  However, a program named STunnel could allow
the intervention necessary to scan before entering your inbox.  We do not support its usage, but you are welcome to test it yourself.  Even without the scanning of SSL mail, AMON,
the resident scanner will still intercept infiltrations when executed.
Back to Top

Can I keep Norton System Works and use NOD32?

It is possible.  Follow the guidelines here.  After removing and before installing NOD32, run the winsockxpfix program.
Back to Top

How can AMON be configured to not prompt every time a virus is detected?

If you do not wish to see alerts from the Activity Monitor (AMON) each time a computer virus or other threat is found, you can configure it to automatically clean infected files or move them to the

Quarantine folder, in case a file cannot be cleaned.

Here is how to configure AMON to do this, step-by-step:

  • Open the NOD32 Control Center window by clicking on the white and green NOD32 icon System Tray Icon - AMON is enabled in the System Tray (next to time in the lower right hand corner of the screen).
  • Click on AMON under Threat Protection Modules. The AMON - File System Monitor window will appear.
  • In the AMON - File System Monitor window, click on the Setup button, The AMON Setup window will appear.
  • In the AMON Setup window, go to the Options tab and enable (check) the Move to Quarantine option.
  • In the AMON Setup window, go to the Actions tab and make sure Clean automatically is selected and enable (check) the Move newly created files to Quarantine option.

AMON has now been configured to automatically clean files of computer viruses and other threats without prompting the user for an action to take.

NOTE: The actual operation performed by AMON when the Clean automatically option is selected will vary based on the type of threat found. For example, NOD32 will attempt to

disinfect "classic" parasitic file-infecting and boot sector viruses by removing the viral code from the infected object and re-writing the cleaned (disinfected) object back to the disk.

On the other hand, most forms of "modern" spyware, Trojan horses, worms and other malicious programs are entirely self-contained and contain no beneficial program for NOD32 to disinfect.

When AMON detects this type of threat, it will clean the file by removing it from the system.

Back to Top

How can IMON be prevented from displaying a message when viruses are found?

If you do not wish to see alerts from the Internet Monitor (IMON) each time a computer virus or other threat is found in your mail client or web browser, you can configure IMON to automatically clean virus-infected files,

move them to the Quarantine folder or delete them.

Here is how to configure IMON to do this, step-by-step:

    Email Account (POP3)
  • Open the NOD32 Control Center window by clicking on the white and green NOD32 icon System Tray Icon in the System Tray (next to time in the lower right hand corner of the screen).
  • Click on IMON under Threat Protection Modules. The IMON - Internet Monitor window will appear.
  • In the IMON - Internet Monitor window, click on the Setup button. The IMON Setup window will appear.
  • In the IMON Setup window, go to the Miscellaneous tab and click on the Setup button near the bottom of the window. The Scanner Setup window will appear.
  • In the Scanner Setup window, select the Actions tab. For each type of object checked by IMON (Archives, Email, Files, Runtime Packers and Self-Extracting Archives) change the action performed from "Prompt for an action" to a different one, such as "Clean" or "Delete."
    Web Browser (HTTP)
  • Open the NOD32 Control Center window by clicking on the white and green NOD32 icon System Tray Icon in the System Tray.
  • Click on IMON under Threat Protection Modules. The IMON - Internet Monitor window will appear.
  • In the IMON - Internet Monitor window, click on the Setup button. The IMON Setup window will appear.
  • In the IMON Setup window, click on the HTTP tab.
  • In the Actions section, about half-way down the window, select Automatically deny download of file.
    NOTE: If IMON does not appear to work correctly with your web browser, try clicking on the Client Compatibility button and changing the setting for your particular web browser from "Higher Compatibility" to "Higher Efficiency."

Back to Top


How can NOD32's On-Demand Scanner be prevented from prompting each time a virus is found?

If you do not wish to see alerts from the NOD32's On-Demand Scanner each time a computer virus or other threat is found, you can configure it to automatically clean infected files and system areas,

or move files to the Quarantine folder or delete them.

Here is how to configure NOD32's On-Demand Scanner to do this, step-by-step:

  • Open the NOD32 Control Center window by clicking on the white and green NOD32 icon System Tray Icon in the System Tray (next to time in the lower right hand corner of the screen).
  • Click on NOD32 under Threat Protection Modules.  Click Run NOD32.
  • In the NOD32 On-Demand (Manual) Scanner window click on the Actions tab.
  • On the Actions tab, select each type of object checked by NOD32's On-Demand Scanner (Archives, Boot Sectors, Email, Email Folders, Files, Runtime Packers and Self-Extracting Archives) and change the action performed for each object from "Prompt for an action" to a different one, such as "Clean" or "Delete."

Once you are finished making changes, click on the Scan & Clean to perform a scan for viruses. You should no longer be prompted to perform an action when an infection is found.

After the Scan & Clean has been performed and a prompt to save settings is initiated, click Yes.

 

Back to Top

 


Why does NOD32 hang on installation?

The most common problem is that Norton Password Manager is enabled.  Disable Norton Password manager and the installation should proceed normally.

 

Back to Top


Error occurred while scanning active boot sector of the 1. physical disk. Error reading sector.

A card reader is attached to the machine with no card inserted (included would be a Zip drive).

System scan is performed using the account of a limited user.

A special boot manager or similar program that alters boot sectors is installed.

 

Back to Top


Outlook does not shutdown properly.

Delete the extend.dat file located here: %userprofile%\Local Settings\Application Data\Microsoft\Outlook

 

Open Outlook.

Click on Tools then Options.
Click on the "Other" tab at the top

Click on the "Advanced Options" radio button

Look through the "Add-In Manager" and "COM Add-Ins" for remnants of other antivirus or removed programs and remove.

 

Back to Top


What is the latest regarding NOD32 v2.7?

The following are FAQs as they relate to the latest release of ESET's NOD32.

  1. What are the new features in ESET’s NOD32 v2.7?

    Support for Windows Vista
    ESET was one of the first Anti-virus vendors to offer comprehensive 64-bit support to both home and enterprise users in June 2005. ESET is also one of the first to offer full Windows Vista compatibility with Version 2.7. Despite the highly publicized disagreements between some security vendors and Microsoft, ESET has found little difficulty in preparing a product for Vista.  ESET core developers worked closely with Microsoft HQ in Redmond to ensure that NOD32 would be compliant with the new security measures in Vista and fully compatible with the platform when it is released.

    Anti-Stealth Technology (Rootkit removal)
    Rootkits are now frequently used to hide malicious processes and files.  The Anti-Stealth technology in ESET NOD32 v2.7 helps the on-demand and startup scanners to see the “real world” instead of false one presented an active rootkit. NOD32’s ThreatSense can then use signatures and heuristics to detect and remove these threats. It is transparent to users, and it is turned on by default.

    New Categorizations of Malware objects
    NOD32 v2.7 takes new steps to control Adware and Spyware, in the form of an overhaul of our malware classification system to provide more granular threat assessments: The renamed Potentially Unsafe Applications and a new classification, Potentionally Unwanted Applications, added to identify low-risk threats. There is an arguable distinction between Adware and Spyware, one that can pose tricky legalities for anti-malware companies.  By redefining “Grayware” to more generally account for this distinction, NOD32 provides greater granularity of control to customers while more accurately defining this increasingly foggy area.

     
  2. What is the cost for upgrading from the current version of NOD32 to v2.7?

    NOD32 v2.7 is being offered free of charge to all of existing customers with a valid NOD32 license. NOD32 v2.7 can be downloaded from our web site and reinstalled over your current version, It will also be delivered automatically as a program component update in about three to four weeks, in mid-December, 2006. 

     
  3. How does NOD32 v2.7 compare to other Vista compliant solutions in the market?


     
    Vendor

    Compliance

    Status (sources of information publicly available on the Web)
    Avast

    1

    Available on all antivirus editions
    CA

    0

    CA Anti-Virus 2007 in Beta
    ESET

    1

    Now available in NOD32 v2.7
    F-Secure

    0

    F-Secure antivirus for Windows Vista 7.00 beta, F-Secure corporation available for Vista
    Grisoft

    1

    AVG Anti-Virus 7.5 and AVG Anti-Virus Free Edition – Vista ready
    Kaspersky

    0

    No date yet, developers working on it
    McAfee

    ½

    VirusScan Enterprise Release Candidate 8.5i
    Microsoft

    0

    Windows Live OneCare 1.5 now in Beta
    Softwin

    0

    BitDefender Internet Security 10.1 now in Beta
    Sophos

    0

    Couple weeks after Vista release (Sophos antivirus v6.5)
    Symantec

    0

    Enterprise edition-30 days after Vista release, Home users – beginning of 2007
    Trend

    0

    PC-cillin for Windows Vista still in Beta (5/23 – 12/31)

     
  4. Do I need to uninstall the current version of NOD32 v2.5 before upgrading to the new v2.7?

    No, you do not need to uninstall your previous version of NOD32. NOD32 v2.7 installs seamlessly over NOD32 v2.5. Alternatively, you can simply wait for the PCU in December.

     
  5. Is antivirus software needed for Microsoft Windows Vista?

    Microsoft Windows Vista is Microsoft's first consumer operating system built from the ground up with security in mind and also introduces a least privilege security model (called "User Account Control" under Windows Vista.)  These methods will only reduce the risk of malware under Vista compared with previous versions of Microsoft Windows, not prevent it entirely.

    Anti-virus software will still be required for Microsoft Windows Vista. For more information, please visit the “Security in Windows Vista” page on Microsoft's web site.  

     
  6. Is ESET running any special deals for the purchase of NOD32 v2.7?

    Yes, for the gaming industry we are currently running a 2-for-1 license purchase. Existing 2.5 product boxes are available at a 35% discount: 2-year business licenses can be purchased before 12/31 and you receive an extra 6-months. Purchasing a 3-year license provides you with an additional 9-months. Contact your Channel Manager.

     
  7. I have an inventory of 2.5 boxes – what do I do with it?

    ESET will supply all of the distributors of ESET NOD32 with stickers for their remaining NOD32 2.5 inventory. They indicate that there is a FREE upgrade to v2.7. Distributors interested in securing stickers should contact their Channel Sales Manager.

     
  8. Do I have to teach my users about rootkits to protect them?

    No, rootkit protection takes place seamlessly, under-the-covers.  Switched on by default, the Anti-Stealth technology finds and protects against infections automatically.  Users are notified that a new threat has been detected and are asked to confirm cleaning procedures, just like their current NOD32 protection.

    You can also educate yourself by reading this white paper
    http://www.eset.com/download/whitepapers/Whitepaper-Rootkit_Root_Of_All_Evil.pdf

     
  9. Is a new version of Remote Administrator required to manage NOD32 v2.7?

    NOD32 v2.7 can be managed by the current release of Remote Administrator (v1.0.11); however, anti-stealth technology and more granular malware classification settings cannot be managed through it.  By default, the anti-stealth technology in NOD32 is enabled.  If you use the current version of Remote Administrator to deploy or manage computers running NOD32 v2.7, anti-stealth is automatically enabled on them. See next question, below.

     
  10. When will a new version of Remote Administrator be available?

    This new version of Remote Administrator to manage NOD32 v2.7's new features is currently in beta test and will be available approximately two weeks after NOD32 v2.7 is released at the end of November.

     
  11. Are the new anti-stealth technologies in NOD32 v2.7 implemented into existing modules, as new modules or through a companion product?

    NOD32 v2.7's new anti-stealth rootkit detection technologies are integrated right into the existing program as part of ThreatSense, are enabled by default, and can be managed through the NOD32 Control Center interface.
     
  12. Do other AV solutions have Rootkit protection now?

    Many AV vendors claim to have protections against rootkits.  Most either detect that a rootkit already known to them is trying to install, or that a number of obscure processes may be hidden rootkits, without any way of removing them.  That is, they can protect against some rootkits as they’re being installed, but not against active rootkits already on the system.  Active, already installed rootkits were usually impossible to detect from inside the operating system.

    NOD32 v2.7 technology now works against Active rootkits, which was difficult before.  On-demand/on-access scanners have a real view of all processes, regardless of the stealth activity of the rootkit.  NOD32’s integrated Anti-Stealth Technology allows NOD32 to bypass rootkit hooks, seeing the real program output.  It is also transparent for users – Users don’t have to understand how it works, or learn new habits to combat the newest rootkit threats.

     
  13. Does NOD32 work with Microsoft Windows Vista?

    I’ve heard that other antivirus programs are not compatible with it.
    The key issue with Vista for most AV vendors is the enhanced restrictions of Kernel Patch Protection (sometime referred to as PatchGuard).  Kernel Patch Protection is not a new security feature in Vista – it was originally implemented in the first Windows 64 bit systems.  This is not a problem for ESET and NOD32, since these issues were addressed for the first NOD32 versions compatible with 64-bit Windows in 2005.  Other, mostly larger AV companies rely on patching the kernel directly, or “kernel hacks,” to operate.  This has ALWAYS been discouraged by Microsoft as inherently unsafe. 

    As NOD32 does not require taking over or bypassing the Windows Security Center, as do other AV products, Windows Security Center integration will pose no additional problem for v2.7.  NOD32 is compatible with the Windows Security Center in Microsoft Windows Vista. It does not take over, bypass or otherwise interfere with it as do some other anti-virus products.

    ESET has a working relationship with Microsoft, unlike some other anti-virus companies.  NOD32’s architect and core developers worked directly with Microsoft to ensure compatibility with Vista's new security model.  In fact, ESET is already in the process of applying for "Certified for Vista" compatibility. 

     
  14. Does NOD32 appear in the Windows Security Center?

    After it has been installed, NOD32 will appear in the Malware Protection section of the Windows Security Center:



     
  15. Is NOD32 v2.7 faster or slower than previous versions? What about memory usage?

    There is only a negligible increase in size.  The v2.7 installation will typically consume 23/24MB of RAM and installed package size is comparable with the current versions of NOD32. Note that other competitors have recently reported smaller memory footprints, but those claims ignore the larger impact they put on page-pull memory.  And in testing based on Canon, Inc, performance test methodology, NOD32 still remains the best product for low performance impact on the system.

     
  16. In some cases, NOD32’s anti-stealth technology may not be fully compatible with your system. Listed below are messages you may receive from NOD32 when this occurs, and steps to take to troubleshoot them.

    Here is a list of new messages in NOD32 v2.7, along with troubleshooting information:

    Message: "Anti-Stealth technology is enabled.
    Reason: This message is displayed if the NOD32 On-Demand Scanner is operating using anti-stealth technologies.
    Steps to troubleshoot: None. It is normal for NOD32 to display this message.

    Message: "Anti-Stealth technology initialization failed. The Anti-Stealth technology is working in restricted mode."
    Reason: This message is displayed if the NOD32 On-Demand Scanner is started from an account with restricted privileges. In order to operate correctly, NOD32's anti-stealth technology must run with SYSTEM privileges.
    Steps to troubleshoot: Reinstall NOD32 from an Administrator account and re-run the scan.

    Message: "Anti-Stealth technology initialization failed. The Anti-Stealth technology is working in limited mode."

    Reason: This message may be displayed when the NOD32 On-Demand Scanner is run under Microsoft Windows 95, 98SE or Me. Some of the anti-stealth technologies used by NOD32 are not compatible with these operating systems and NOD32 will display a warning message when run under them.
    Steps to troubleshoot: None. These operating systems are not compatible with all of the anti-stealth technologies used by NOD32.

    NOTE: If NOD32 is run in a virtual environment or used in conjunction with security tools designed to quarantine, sandbox or otherwise virtualize access to the operating environment then warning messages may be displayed saying the Anti-Stealth technology cannot be initialized. This is normal behavior for NOD32 when used in conjunction with these types of programs.

     
  17. How does NOD32’s Anti-Stealth technology work?

    NOD32's anti-stealth technology uses a variety of techniques to bypass the changes made by rootkits to operating systems to mask their presence. API hooks, Interrupts, SysCalls and other techniques used by rootkit authors to wrest control away from the operating system are negated, allowing NOD32 to see the rootkit using its On-Demand and On-Access (AMON) scanners.

     
  18. What new command-line options are available in NOD32 v2.7?
    NOD32 v2.7 introduces two new command line options for the On-Demand Scanner, /UNWANTED and /ANTISTEALTH.

    Adding /UNWANTED to the command-line tells NOD32 to check the target being scanned for Potentially Unwanted Applications (or PUwA, for short). By default, NOD32 does not check for Potentially Unwanted Applications because they are a classification for low-risk threats.

    Adding /ANTISTEALTH+ to the command-line tells NOD32 to use Anti-Stealth technology when checking the target. By default, NOD32's On-Demand Scanner does check targets using Anti-Stealth technology. To disable it, specify /ANTISTEALTH- on the command line.

     
  19. What Rootkits does NOD32 v2.7 protect against?

    NOD32 protects against a variety of rootkits, including FU, HackerDefender, AFXRootkit, and Vanquish. A comprehensive report discussing NOD32 v2.7's ability to protect against specific rootkits will be available in a few weeks.

     
  20. What kind of a threat is a rootkit?

    A rootkit is a program (or set of programs) designed to hide itself and possibly other, companion programs from being detected on an infected computer. Originally the term was used to describe existing binary program files on UNIX-based systems which had been modified to hide the presence of unauthorized users, allowing them to re-enter the system at any time with "root" privileges (the highest level allowed on a UNIX system). Today, the term rootkit is most often used to describe discreet programs for Windows-based systems that use "stealth" techniques to mask their own presence as well as that of other software such as adware, keyloggers, remote access tools, spyware and other forms of malicious software. While this technique is not new, it has become more prevalent today.  Rootkits allow attackers to stay in control of affected computers longer, which means increased access to information from the compromised host and possibly a better revenue stream from adware and browser hijacking.

     
  21. Does NOD32 have to be specifically able to identify a rootkit to protect against it, or can they be proactively dedicated by NOD32’s heuristics?

    A combination of both, actually:  NOD32's anti-threat technology works against both known and unknown rootkits.  During its creation, the technology was successful in proactively detecting new, previously-unknown rootkits.  However, just like the other components in NOD32, the anti-threat technology will be updated as the threat landscape evolves.

Back to Top