First of all, i wish to all of you a happy new year !
Thanks to Paul for allowing us to use this very useful board, and thanks to all the guys I can't remember for helping us when a problem occurs.
:)

I'm a proud user of NOD32 and I have experienced something very funny for those who are telling that this AV performs badly for trojans.
I was using AVP as my primary AV (and NOD as a backup) and I discovered I got a trojan for a long time but even up to date, neither AVP nor McAfee were able to detect it !
Only NOD32 discovered a Spy.Wolfmp.A Trojan.
I submited the sample to WebImmune (McAfee online AV) and I received a message telling me this trojan will be added to the bases later...

But my main argument is not here, as you can imagine:
do you really think that the most common user needs "an absolut laboratory champion" ?
I don't think so.
I think many people are trying to impose a climate of panic, see medias and Sobig or Blaster...
And as most people are ignoramus, they say "whaou ! 99% of detection is better than 85%, I'll stick to this AV".
But it's not the REAL world.
but I was myself in this case and I discovered than those lab tests are great but they are not well interpretated: in this case, I discovered that Eset has chosen to include not all the Zoo viruses/trojans but only those you can encounter one day: what's I call the REAL world (or ITW).
That why I decided to use NOD as my (only) AV.
my morality could be:
don't panic, don't be paranoiac, don't think that a 99% detection rate will protect you better: it's only lab results.
May be a reason why NOD32 performs average at AV.gr but is rated first for the VB.

Thank you.
Nick
PS: apologies if my english is not perfect. :-\

I have been looking For the trojan wolfmp.a I would like to know what it does. I have looked at the esset virus data base also at sophos, symantec, mcafee, f-prot,and kaspersky and I can't find it. Could you please post what the trojan does if you get infected, I would appreciate it very much. Thank You

I'm agree with you, moreover ESET was enhanced the Advanced Heuristic, now is able to detect proactively Trojans. Some days ago, I found 3 trojans in a legal program and NOD32 detect those clickers and downloadern trojan proactively via AH.
ESET is now starting to add not only In-the-wild viruses, I send several samples to ESET (including old viruses) and they add it very quickly :D

{QUOTE-> quoting: bigc73542 link=board=24;threadid=18836;start=0#msg115801 date=1073182794]
I have been looking For the trojan wolfmp.a I would like to know what it does. I have looked at the esset virus data base also at sophos, symantec, mcafee, f-prot,and kaspersky and I can't find it. Could you please post what the trojan does if you get infected, I would appreciate it very much. Thank You

<-QUOTE}

Hi !
I'm sorry but I wasn't able to find what this trojan does: i don't want to infect myself to know ! ???
And Eset databases does not contain any info about this trojan...
http://nick.vallet.free.fr/samples/NOD32.jpg

try scanning this file with kav using extended bases( updates_ext or updates_x) it could be detected with them

{QUOTE-> quoting: illukka link=board=24;threadid=18836;start=0#msg115876 date=1073207371]
try scanning this file with kav using extended bases( updates_ext or updates_x) it could be detected with them
<-QUOTE}

Sorry, my AVP licenced expired...
May be someone else can do the test...
for the sample:
----link removed----

Note to the Webmaster/administrator:
can I post a sample here ?

PM me the link or send the file illukka@dslr.net

it is detected as TrojanSpy.Win32.Wolfmp(thanks for the sample)

usually when kav says trojan spy it means a keylogger... so this has been running on your pc?

I've been running AVP 3.0.124 (up to date), scanned on december, 26.
VirusScan 4.51 SP1 (12/24/2003) wasn't able to detect it too and NAI sent me a extra.dat to detect the trojan...
"This is a trojan [...]it has its own SMTP engine, so we have attached an EXTRA.Dat for detection as Uploader-L trojan"


EDIT:
IMHO, KAV has recently added this trojan, and McAfee will do it in a short time...but I can't verify for KAV.

Check the database, only one entry.
Entry is from latest cumulative, which is out for months.

So KAV is able to detect this one for months now, if not longer.

Unless you have got some specially crypted sample, you are talking nonsense.
(You can mail the sample to me, so I can check if that's the case, submitvirus@yahoo.com )

If you want, I can ask someone to give me the exact date that detection was added.

{QUOTE-> quoting: Nick Jr III link=board=24;threadid=18836;start=0#msg115903 date=1073216463]
I've been running AVP 3.0.124 (up to date), scanned on december, 26.
VirusScan 4.51 SP1 (12/24/2003) wasn't able to detect it too and NAI sent me a extra.dat to detect the trojan...
"This is a trojan [...]it has its own SMTP engine, so we have attached an EXTRA.Dat for detection as Uploader-L trojan"


EDIT:
IMHO, KAV has recently added this trojan, and McAfee will do it in a short time...but I can't verify for KAV.


<-QUOTE}Schouw's right... Here is KAV's detection from the sample...

Maybe their was a problem with your AVP, but mine's fine...

Schouw, welcome ;)

For the record: KAV is not under siege here; have a look at Illuka's post. Please keep that in mind, gents.

regards.

paul

Indeed, KAV detects this Trojan since June 2003. ;)



tECHNODROME

thank you very much for your help.
??? i was sure that AVP wasn't able to detect it...
my apologies if I made a mistake during the scan :-[
but it appears this sample is not detected by Norton (according to a friend who tested with his AV, McAfee (4.51, sure)...and may be Bitdefender...

I'm sorry :-[
something's wrong with my AVP.
Regards,
Nick

Your AVP version is too old so that might be a reason (although 3.xx uses the same engines as current ones).


tECHNODROME

No added unpackers needed.
So sample is detected for months.

If I had time I would check to see if avp3.0 really doesn't detect, but I have little time right now.
If anyone is really interested in this, either test it yourself or remind me on Thursday. :)

{QUOTE-> quoting: Schouw link=board=24;threadid=18836;start=15#msg116011 date=1073233804]
No added unpackers needed.
So sample is detected for months.

If I had time I would check to see if avp3.0 really doesn't detect, but I have little time right now.
If anyone is really interested in this, either test it yourself or remind me on Thursday. :)
<-QUOTE}

I think it's not neccessary for you to try with AVP 3.0, I prefer conclude to a mistake from my part.
that's why I will check myself RIGHT NOW to see if i was right or not. (reply in 30 min) :)
Nick

damn !
you were right :o
that's my fault !
http://nick.vallet.free.fr/samples/AVP3.0.jpg


the REASON:
NOD32 Monitor was runnig during the AVP scan and by detecting the trojan, AMON does not allow AVP to access the file... and BTW to detect it...
Shame on me !
All my Apologies :P

(but for VirusScan, I'm sure, NAI sent me an extra.dat)

Nick,

The only Man More Honorable than the Man Who is right, is the Man who Admits Openly and Honestly, that he was Wrong! ;)

This is a compliment... :D ;D

Feel free to use my "smart remark"... LOL ;D

quote from Sergey Bogukovsky" detection for this was added 22.06.2003"

{QUOTE-> quoting: Crooked Shot link=board=24;threadid=18836;start=15#msg116078 date=1073241019]
The only Man More Honorable than the Man Who is right, is the Man who Admits Openly and Honestly, that he was Wrong! ;) <-QUOTE}

Wise words, Shooter ;)

Nick,

It's just OK - we've all been there, and for sure will be there more often :)

regards.

paul

LOL Crooked Shot ;)
I have to agree with you

Again I want to present my apologies to people who have spent time to read me and/or helpe me. :-[

Best regards,
Nick

Edit: thanks Paul !

No need for apologies, Nick! ;)

regards.

paul

Nick thank you for your response. And no we don't want you to get infected just to find out what it does. ;)

{QUOTE-> quoting: Crooked Shot link=board=24;threadid=18836;start=15#msg116078 date=1073241019]
Nick,

The only Man More Honorable than the Man Who is right, is the Man who Admits Openly and Honestly, that he was Wrong! ;)

This is a compliment... :D ;D

Feel free to use my "smart remark"... LOL ;D
<-QUOTE}

Agreed! Kudos to you, Nick!

A lot more useful information gets passed along in discussions that are done amicably. ;)