I am a long time nod32 user with fairly strong pc skills and some network admin experience. Having cleaned spyware from a number of client, family and friends pc's I am all too familiar with the mess spyware can create. What I am not used to is having spyware unintentionally infect one of my personal machines.

Last night a full scan with Spyware Doctor indicated that Spyware Quake had infected my machine. The machine infected is running winxp sp2 with nod32 v2.5 and Outpost Pro v3.5 (spyware plugin active), all updated and current. I was not using any other real-time protection programs.

I would have expected nod32 to catch this problem up front as it has never let me down before and it is reported to have recognized earlier versions of this infection. Wondering if my expectations are too high? Also wondering just how effective the outpost spyware plugin is too, although I just recently began using outpost. I am now wondering if it might be best to leave spyware doctor running real-time, something I had avoided due to resource usage and lack of perceived need.

Anyone have any experience with spyware quake and these applications? Cleanup went smoothly, but now I am just a bit more paranoid then before.

The question is whether you perform a full system scan with all settings maxed out on a regular basis. If the app got to the disk a long time ago when there was no signature for it and hasn't been accessed since then, there was no chance NOD32 could catch it. To my best knowledge, Spyware Quake's executables are detected.

If the file is still in Spyware Doctor's quarantine I would restore it and then put it in a password protected archive (make sure to include the password in the email) and send it to samples [at] eset.com. They usually like it when you include a link to your Wilder's thread as well. If this particular piece of spyware should be detected by NOD32 they'll make sure the defs are added.

-Cov

{QUOTE-> The question is whether you perform a full system scan with all settings maxed out on a regular basis. If the app got to the disk a long time ago when there was no signature for it and hasn't been accessed since then, there was no chance NOD32 could catch it. To my best knowledge, Spyware Quake's executables are detected. <-QUOTE}

I am fairly certain that this happened within the last three days as SD had shown me as clean at that point in time. I also ran a full nod32 scan the night before finding the infection and got a clean bill of health. Not sure if it was missed or just hadn't hit my machine yet. By the way, I did not experience any pop-ups or strange browser behaviour so the infection might have been less then a couple of hours old.

To be honest, I am usually very lazy about running full scans of anything as nod32 has done such an excellent job of protecting me. This week I have been in a "security mood" as I was experimenting with jetico, comodo and outpost.

I will check SD's quarantine tonight and see about sending to ESET - thanks for the tip.

Hi supergravy, welcome to Wilders.

Could you please check your settings against those found HERE (http://www.wilderssecurity.com/showthread.php?t=37509) this tutorial includes setting up an automated weekly scan.

After having a run through the tutorial please run a further scan by clicking on the NOD32 Control Centre> NOD32> Run NOD32> Scan and Clean.

Let us know how you go...

Cheers ;D

Here's a proof that NOD32 actually detects it:

Hi Blackspear - I have been using the tutorial settings all along! I am a first time poster but very long time lurker. Thank you for the excellent tutorial by the way. I did not have the scheduled scan going though and have now changed this to your recommendation.

And don't get me wrong, I do believe that nod32 can and should catch this. Just that somehow it didn't in my case...:( I will unquarantine it tonight and do some experimenting.

{QUOTE-> Hi Blackspear - I have been using the tutorial settings all along! <-QUOTE}Good to see.


{QUOTE-> I am a first time poster but very long time lurker. <-QUOTE}I started out the same ;D


{QUOTE-> Thank you for the excellent tutorial by the way. <-QUOTE}My Pleasure.


{QUOTE-> I did not have the scheduled scan going though and have now changed this to your recommendation. <-QUOTE}Excellent, it is a really important part of the tutorial.


{QUOTE-> And don't get me wrong, I do believe that nod32 can and should catch this. Just that somehow it didn't in my case...:( I will unquarantine it tonight and do some experimenting. <-QUOTE}Look forward to the results.

Cheers ;D

Just had a thought on this issue...

Does anyone know if a problem such as Spyware Quake could be delivered through java? I have created an exception in nod32 for javaw.exe so that I am able to use a java based proxy tunnel program (your-freedom-net) and other java based apps that crash out without this exception. Maybe this slipped through via this route sometime after my last nod32 scan?

AMON should have then caught the file on creation though once it made it to your HDD.

-Cov

{QUOTE-> Just had a thought on this issue...

Does anyone know if a problem such as Spyware Quake could be delivered through java? I have created an exception in nod32 for javaw.exe so that I am able to use a java based proxy tunnel program (your-freedom-net) and other java based apps that crash out without this exception. Maybe this slipped through via this route sometime after my last nod32 scan? <-QUOTE}


JAVA RE is an application which is famous with its vulnerabilities and thus it was (is) is easily manipulated by Smithraud family . SpywareQuake is part of this malware family .

Make sure your JAVA version is the latest by :

Going to Control Panel-> Add/Remove programs and remove 'JAVA RE' entries
Goto C:\Program files and manually delete the folder JAVA
Goto www.java.com -> Download section and download and install the latest version of the software