NOD32 Found a Virus in NERO 7 This Morning

Hey guys, I was just going to post and see if anyone has heard of anything about Nero recently, or anything about there programs having viruses..

I've had the same Nero 7 now on 3 different computers. I got it FREE Nero 7 Premium a while back. (I don't remember why) but it is NOT illegal, it is not hacked with a keygen or something like that, that a free AV program would find as a false positive. It's just a normal Nero 7 Premium.

I've ran the same NOD32 on this computer for over a year now, with the same Nero 7 and never had a problem. but this morning I woke up to an Error, and a Virus Warning. Threat Detected in my Nero folders. something about cad/0060H795.cad or something like that.

It gave me the option to clean, and or delete. I cleaned it. But this is the first attack my current BIG RIG has ever had. So I just want to look into it to be safe.

Any info, or suggestions, or thoughs would be appreciated.

Thanks!

It happened with me too when i ran a NOD 32 virus scan, it caught nero setup.exe as a virus. I confirmed it with NOD32 forums and many users said that its just a false posiive.

when was that???

I've had both on this system forever. It's just weird that NOW it decided to show something and report a threat.. idk. but I deleted it anyways. lol

It was about a month ago when i removed norton and installed nod32. because of this false positive, i removed nod32 and now i m happy with avast pro.

The only experience I have had is whenever I install Nero 8 (and I recall Nero 9 does it aswell), when the installation starts and the files from Nero.exe are being extracted as you know Nero displays as percentage number as the files are extracted.

Now when that percentage reaches 98-99%, in my case, NOD32 will display a window asking me if I want to clean or delete an infiltration relating to the ASK Toolbar that Nero gives you the option to install straight after the file extraction is complete.

Personally, I don't like and never install those optional toolbars, so at this point NOD32 has placed this file into quarantine and logs, you should uncheck the ASK Toolbar option and carry on with a normal Nero installation.

Please note however, after Nero installation is complete and it asks you to restart the PC, do this, but when your system restarts, DO NOT open Nero until you go to Windows/Microsoft Updates first and check for updates and it will advise you to install the Security Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB954430).

Update type: Important

A security issue has been identified in Microsoft XML Core Services (MSXML) that could allow an attacker to compromise your Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer. Once you have installed this item, it cannot be removed.

More information:
http://go.microsoft.com/fwlink/?LinkId=128803

I should also point out that I deleted this file from NOD32 Quarantine and Log Files and immediately ran a full In-depth System scan with NOD and my system was totally clean so I cannot tell you why NOD or any other AntiVirus program recognises this ASK Toolbar thingy majig as a threat.

Regards, Neil

awesome my smiley.. that is exactly where the file was located.. something about ASKtoolbar. something. your right.

I've never had a problem with this before. and I've installed it more than a few times. why NOD32 decided NOW to do something about it was weird. I did not Quarantine, or Clean. I deleted it.

do I need that Windows update you linked to though?

Yes Xguntherc ... I said Yes Xguntherc ... get that bloom'in update my friend!!!

PS: View your Windows Update history, you might already have it.

Regards, Neil

yup.. I already had that installed on 11/11/08.. the Core service pack 2.

Thanks for input though.. know anything else on the Nero thing?

Yeah its true, inside the setup.exe file, NOD32 detects Ask toolbar as virus.

Cory

Please explain what you mean by do I know anything else on the Nero thing?

By the way, another program that gives you the option to install that ASK Toolbar is AusLogics Registry Defrag program, so it's best to just uncheck it.

This is what Nero's website says about the ASK Toolbar:

1) What Is The ASK toolbar?

The Ask Toolbar is a tremendously powerful and totally customizable toolbar that installs directly onto your Web browser. Its design allows you to:

• Search the Web with Ask.com directly from your browser
• Block annoying pop-ups automatically
• Save pages and searches, and access them from anywhere
• Get Direct Answers to many popular searches like dictionary lookups and stock quotes

2) Where Is The ASK Toolbar Offered?

We are currently making this offer as an optional download with the Nero packages, at the user's choice and discretion.

3) Why Is The ASK Toolbar Being Distributed From The Nero Website?

Nero is offering the Ask Toolbar for download from its website as an added bonus to Nero customers. What better way to enhance the digital lifestyle than with a handy toolbar featuring great links and editing tools?

4) Do I Have To Install The ASK Toolbar In Order To Use My Nero Applications?

No, the Ask Toolbar installation is not required for the operation of any Nero application.

5) IS THE ASK TOOLBAR SPYWARE?

No! The Ask Toolbar does not collect any personal information and is completely "spyware"-free and "adware"-free. The Ask Toolbar was specifically designed to provide a great user experience free of any type of direct marketing, data collection, or other similar activities. In fact, the Ask Toolbar further improves your web experience by removing adware such as pop-ups.

Refer to the following link for more useless information on the ASK Toolbar from Nero:

Nero - Support - FAQ - Frequently Asked Questions

Hope This Helps Cory.

Regards, Neil

Thanks for taking the extra steps there to post all of that.. Rep+ to you.

I just don't understand why it's never threw a threat warning on it before.. but today decided to. maybe an update made it find it.

anyways I just uninstalled NOD 32 4.0 anyways. I recently upgraded from 3.0 security suite to 4.0 and I don't like it.. it takes up MUCH more system resources (No bueno) and it also has problems while I'm browsing the net. I get these 20 second temporary time outs and stuff that only started happening on 4.0

I'm hoping they go away now I'm back to 3.0

Yeah Corey I'd be interested to see if it makes any difference for you.

Are you absolutely sure it's NOD32 4 that's slowing it down?

I've used Smart Security 4 and currently I'm using NOD32 4 and Comodo PFW, so I'd be interested to hear how you get on.

What's all that rep stuff mean anyway. What happened to the days where you just helped someone because it made you feel good and the thought of getting something back in return didn't even enter your head.

Oh well, it's a different world we live in now I guess.