Does NOD detect this (hxxp://www.spyfalcon.com/) wonderful (::) ) bit of software?

edited to disable link - Detox

Dont know, have you tried
http://www.superantispyware.com/
Free:)

Never inlcude links to such a dame malware , please !

I don't think so but I can't be sure. These days I used NOD32 for DOS with nod32.000 and it detected many other thing but not SpyFalcon. I can't guarantee for the full NOD32 for Windows.

SpyFalcon can easily be recognied and the free SpyBot S&D + Ad-Aware can take care of SpyFalcon if you scan in Safe Mode and it is crutial to turn off System Restore when you restart and that's it ... ;-)

By the way , I also would like to know if NOD32 can detect WinFixer ,SpyFalcon and Smithfraud ... ( I know it detects Vundo , for example) ;-)

Regards!

I can confirm that NOD32 detects SpyFalcon, WinFixer and similar variants generically without update. As for the programs themselves, some exe/dlls are detected by a signature, some heuristically and some others are pending for addition.

Trojan.Fakealert (DrWeb)
Download/WinFixer (Fortinet)
a variant of Win32/Adware.WinFixer (NOD32v2)
Trojan.Fakealert (VBA32)

Thanks Marcos for the prompt reply :D

-{ Quote: "I can confirm that NOD32 detects SpyFalcon, WinFixer and similar variants generically without update. As for the programs themselves, some exe/dlls are detected by a signature, some heuristically and some others are pending for addition." }-


Do you mean that the early detection system (AMON or IMON) can detect files (signatures or heuristic-no matter) ?

:)

I've added a scan result where you can see the downloader being detected proactively using ThreatSense, without the appropriate signature.

-{ Quote: "I can confirm that NOD32 detects SpyFalcon, WinFixer and similar variants generically without update. As for the programs themselves, some exe/dlls are detected by a signature, some heuristically and some others are pending for addition.

Trojan.Fakealert (DrWeb)
Download/WinFixer (Fortinet)
a variant of Win32/Adware.WinFixer (NOD32v2)
Trojan.Fakealert (VBA32)" }-

How about once its on someones machine? Can it deal with removing the appropriate registry entries?

-{ Quote: "How about once its on someones machine? Can it deal with removing the appropriate registry entries?" }-


For such cases I use Ad-Aware SE and SpyBot S&D

NOD32 should detect the binary files necessary to run the program and delete them. I assume it would be ok to leave the reigistry as is, it shouldn't do any harm with the binaries removed. Otherwise you can use a registry cleaner or a dedicated anti-spyware program as HiTech_boy suggested.

-{ Quote: "NOD32 should detect the binary files necessary to run the program and delete them. I assume it would be ok to leave the reigistry as is, it shouldn't do any harm with the binaries removed. Otherwise you can use a registry cleaner or a dedicated anti-spyware program as HiTech_boy suggested." }-

Unfortunately it installs itself as a BHO which means it keeps coming back... :(

Off to try spybot etc!

Is it a fresh installation or NOD32 has been installed and kept up-to-date for a long time? Maybe you could drop an email to support[at]eset.com with a link to this thread and we'll try to help you without resorting to use another program.

Its a customers pc that was already infected. The main files had already been deleted but it kept coming back through the BHO and a link to a randomly named .tmp file in the win /system32 folder (I could see these in the registry).

I installed NOD on the pc but it didnt find anything unusual

Oh well, his infected computer, my job to clean it, my bank managers delight!

I have come across this one before (http://www.wilderssecurity.com/showpost.php?p=588420)

Hope this helps...

Let us know how you go.

Cheers ;D

Hi, Blackspear. When I went to the prior Geeks to Go post and clk'd the red link VundoFix.exe (http://www.atribune.org/downloads/VundoFix.exe) (from Post #2 in "is HERE (http://www.geekstogo.com/forum/index.php?showtopic=67804)" link ), IMON gave Red Alert & prevented the page from loading. I'd be interested if that happens to others or is just my quirk. I'm Win Me, NOD32 up-to-date. Thanks & FYI.
Edit: I should have included the Alert data : Infiltration: Win32/PrcView application, which is what PYKKO found 2 posts below when he tried alternate sites from Blackspear.Probably a FP.

Try this link: http://www.atribune.org/ccount/click.php?id=4 with further info here: http://www.geekstogo.com/forum/index.php?showtopic=109063&hl=vundofix

Cheers ;D

NOD32 prompts me with: Win32/PrcView application
Perhaps FP or a real threat. ???

Is this Blackspear encouraging us to download infected files??!! :o ;D :P

-{ Quote: "Is this Blackspear encouraging us to download infected files??!! :o ;D :P" }-ROFLMAO, yeah indeed, don't know why the direct link has Nod32 lighting up like that :blink: Marcos or Inspector would know.

Cheers ;D

Hi if you want to know more about how to remove any of the above go to thiis new site just started up by captain spyware.
I have just joined it because he backed me up when someone on another forum was slagging off nod32.

Anyway here is the link.

http://www.virusvault.co.uk/fusionbb/fusionbb.php?

you may have to sign up to be a member but this site deals with nothing but malware.