If it has not already been added:

Trojan masquerading as Microsoft Update (http://sunbeltblog.blogspot.com/2005/12/seen-in-wild-trojan-masqurading-as.html)

Scroll down and you will notice that NOD32 (among a few others) did not detect it.

Hope they've added it in the 1.1320 version. Unfortunately, I have some Trojans submitted to eset and they haven't been yet added. :( Hope they'll add them

Added to update NOD32 - v.1.894 (20041014). If you extract the archive, the exe file is detected.

Thanks for that info, Marcos. Why can't NOD32 scan inside the file without extracting it first, the way most of the other AVs in that example can?

A file inside an archive isn't a threat to anyone UNLESS it's extracted - so just how "at risk" do you think you are if a threat is rendered harmless by the archive, and your threat detection solution detects it immediately it's un-archived?

I really don't know how at risk I am, but it seems reasonable to me that a file scanner type antivirus program should be able to scan inside a self extracting installer. Whether or not it can remove the malware inside is a different matter and I can understand why that would not be possible or even desirable.

Many people disable their antivirus program before running installations to prevent interference with needed registry changes and initial configuration. I don't know if NOD32 has ever interfered with needed registry changes or initial configuration of installations, but I have been witness to some security programs doing it.

{QUOTE-> If it has not already been added:

Trojan masquerading as Microsoft Update (http://sunbeltblog.blogspot.com/2005/12/seen-in-wild-trojan-masqurading-as.html)

Scroll down and you will notice that NOD32 (among a few others) did not detect it. <-QUOTE}
I just had a Trojan masquerading as a Microsoft tool bar, wiped out every single file on my Hard Drive. I had to reformat and reinstall Windows XP, I was updating a piece of software that has a M$ tool bar to adjust it on the fly. So I was expecting a m$ tool bar, Just not a Trojan impersonating a Toolbar.

{QUOTE-> Many people disable their antivirus program before running installations to prevent interference with needed registry changes and initial configuration. <-QUOTE}I have never had to do this with Nod32 in more than 3 years, and never advise my clients to do so either...

Cheers ;D

I could understand how some REGISTRY protection systems might need to be disabled, but not a properly written AV with a properly written installer... of course, there are a lot of ways to improperly write software... ;)