Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

7-zip solution to NOD32 detecting Nsane FiX

SoftChip

By SoftChip
in Software Chat

Recommended Posts

SoftChip

SoftChip

Posted
Posted

Hi all!

Here is how I bypass Nod32 detecting Nsane "fix" as virus:

- I create an self-extracting 7zip archive, encrypted, filenames encrypted, of the fix (the .reg file).

- I exclude this file from AMON. (It's encrypted, and the filenames are encrypted, so Nod32 cannot see what is inside anyway)

- I ask Nod32 to run/extract this file every 24 hours. (run <arcfile.exe> -p<password> -y). This will reinstall the file detected as a virus by Nod32's on-demand scan.

Since I already installed this "fix", Nod32 is already configured to run this file. The fix fails only when Nod32's on-demand scanner scans the system and removes the "fix" files. By reinstalling this file every 24h, I ensure that the updates never stop for long.

Nod is happy, the system is safe, and even if the fix is detected as a virus, it is quickly reinstalled.

Now, this will fail if Eset blocks every 7-zip encrypted archive ;-)

Good Nodding!

Softchip

Link to comment
Share on other sites
  • Replies 3
  • Views 1.2k
  • Created
  • Last Reply
irefay

irefay

Posted
Posted
Hi all!

Here is how I bypass Nod32 detecting Nsane "fix" as virus:

- I create an self-extracting 7zip archive, encrypted, filenames encrypted, of the fix (the .reg file).

- I exclude this file from AMON. (It's encrypted, and the filenames are encrypted, so Nod32 cannot see what is inside anyway)

- I ask Nod32 to run/extract this file every 24 hours. (run <arcfile.exe> -p<password> -y). This will reinstall the file detected as a virus by Nod32's on-demand scan.

Since I already installed this "fix", Nod32 is already configured to run this file. The fix fails only when Nod32's on-demand scanner scans the system and removes the "fix" files. By reinstalling this file every 24h, I ensure that the updates never stop for long.

Nod is happy, the system is safe, and even if the fix is detected as a virus, it is quickly reinstalled.

Now, this will fail if Eset blocks every 7-zip encrypted archive ;-)

Good Nodding!

Softchip

Hmm... you may have something there... Testing in progress

Link to comment
Share on other sites
SoftChip

SoftChip

Posted
  • Author
Posted
Why not just add the reg file to the AMON exclude list? Works for me :rolleyes:.

Well, I configured NOD to do a full scan every week, and the exclude list is ignored by the on-demand scan... I have many files configured in that list, but my weekly scan sees them anyway...

And sadly, NOD stops at every one of them, and asks me what to do... I liked Norton's list of all bad files at the end, asking you what to do, but I don't like it's resource hogging...

SoftChip

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...