Installation guide

NOD32 Installation Guide

Dealing with alerts and virus incidents

Basic rules to follow if a virus is detected:

Trojans can only be deleted as they do not infect other les and

contain only their own code

Worms in email attachments should be deleted as they contain

only the viral code

If the IMON’s HTTP scanner detects a virus, choose to terminate

the connection to prevent it from saving to the disk.

If you are unsure whether it is safe to delete the particular le without any

side effect on your system’s functionality, we suggest you tick the ‘Copy to

quarantine’ checkbox before you choose to delete it. Please bear in mind

that many viruses copy themselves to system folders such as WINDOWS

or WINDOWS\system32 to confuse the user. Should you have any

concerns about deleting the le and were unable to nd any description of

it, either on our website or on the web, please send the suspicious le to

samples@eset.com for analysis.

Note:

Occasionally, you may get a virus alert where the name of the infection is

“unknown” or “probable...”. This is because one of the NOD32 modules

has detected virus-like characteristics in a le but doesn’t have a matching

signature to verify the virus name. This is most common with very new

infections which have not yet been identied.

NOD32 has an impressive record of catching still-unknown, new viruses

and worms because of the sensitivity and power of these “characteristic”

scanning techniques, also known as heuristics. Since these are very often

as-yet-unknown malware (bad software), we are very interested in receiving

samples of these les for analysis.

•