I've been using the NOD32 trial for couple of weeks and I had the trojandownloader.zlob.bfl installed on my computer a few days ago. NOD32 didn't detect it until I did a routine backup to an external drive. It also showed up with the "in-depth analysis" scan. I'm wondering if it was just one that will get through sometimes or if the default settings aren't tight enough. I deleted the trojan manually and there are no symptoms of infestation.

I tried the Spysweeper free scan and it only found harmless cookies and I installed Counterspy and scanned and it found a few cookies and a keylogger, SC-Keylog in a desktop icon. I think I will use both NOD32 and Counterspy along with the Comodo firewall. I previously used Zonelabs Antivirus and seemed well protected with no infestations I was aware of but it seemed to slow my system more with each software update and my computer was taking a long time to boot up. System Standby was no longer working properly and it interfered with an IE7 installation, really screwing things up.

Perhaps detection for that specific variant was recently added but you had the malware before ESET added the detection . The file was inactive and that's why it was caught with on-demand scan .

The default settings are ok :thumb:


By default with the on-demand settings in AMON/IMON detection for Potentally unsafe applications is disabled . The keyloggers (some commercial programs) should be there and that is one more possible reason for not detecting it

Hi

Look this thread => http://www.wilderssecurity.com/showthread.php?t=186094

{QUOTE-> Perhaps detection for that specific variant was recently added but you had the malware before ESET added the detection <-QUOTE}

Just to update , on ESET's site one can see that detection for that specific Zlob was added 5 days ago

Thanks for the responses. It looks like zlob.bfl was included in the 2562 update. I didn't receive definition updates between 2555 and 2563. I was traveling and using a slow dial-up connection. I had a series of server connection failures that prevented updates. Would the installation have been prevented if I had the update in time? Or, would NOD32 detect it after installation and notify? I still think I'll use Counterspy for redundancy. As long as NOD32 and Counterspy don't conflict, the more the merrier.

If I check "potentially unsafe applications" in the settings, I'm not at risk for losing desirable applications as long as I have the "Actions" set to notify me first, correct?

As for how I obtained this trojan, I don't really know. I was surfing some high risk sites the day before but I"m careful not to knowingly download anything from unreliable sites. It got to me anyway.

{QUOTE-> Would the installation have been prevented if I had the update in time? <-QUOTE}

If the update was on time and it contained information about that malware (or any kind of heuristic update) , then YES.


{QUOTE-> If I check "potentially unsafe applications" in the settings, I'm not at risk for losing desirable applications as long as I have the "Actions" set to notify me first, correct? <-QUOTE}

Potentially unsafe applications is detection for only commercial programs that might be exploited for malicius purpose . Such applications include remote admin tools and keyloggers . About losing "desirable applications" - NOD32 very rarely displays false positive alarms so don't worry

To conclude:

Spysweeper didn't detect either the trojandownloader.zlob.bfl or the sc-keylog that I assume the trojan installed on my computer. NOD32 detected the trojan after I had updated definitions but it offered no remedy. It didn't notify me of related registry entries either. Counterspy, which I ran after deleting the trojan manually, detected the keylogger but didn't show me registry changes. Counterspy removed the keylogger and related traces but didn't clean the registry. OH well, I guess there aren't any perfect solutions.