Im using A-Squared Anti-Mallware with Kaspersky & it works great. Anyone using A-Squared here. It has intrusion detection system which stops the unknown threats, detects hidden process & detects rootkits & destroy trojans;D

Hi, I've been using A2 for awhile and I like it. It used to be plagued with false-positives, but I haven't seen any lately. For the past couple weeks I have even had it set in paranoid mode. Another plus is that they are also adding a lot of definitions daily.

Although the memory usage has dropped from the last version, it needs to be improved. I don't really think I need it with my setup and habits, but I use it anyways. I haven't been infected with malware so I can't tell you if it works or not. And lastly, it has also proven very stable on my machine.

Cheers,
innerpeace

hi
i just tried as free v3 and did a scan
this is what it found in my swat 4 dir
C:\Program Files\Sierra\SWAT 4\AustereVillageTSS\CFDA Dedicated.exe detected: Trojan.Win32.AddUser.o
C:\Program Files\Sierra\SWAT 4\AustereVillageTSS\CFDA.exe
detected: Trojan.Win32.AddUser.o
C:\Program Files\Sierra\SWAT 4\SSFModv3.1\SSF Mod v3.1.exe
detected: Trojan.Win32.Agent.ho

eset didn't find anything at all do i have anything to worry about
or is it just a fp
thanks
Phil

-{ Quote: "hi
i just tried as free v3 and did a scan
this is what it found in my swat 4 dir
C:\Program Files\Sierra\SWAT 4\AustereVillageTSS\CFDA Dedicated.exe detected: Trojan.Win32.AddUser.o
C:\Program Files\Sierra\SWAT 4\AustereVillageTSS\CFDA.exe
detected: Trojan.Win32.AddUser.o
C:\Program Files\Sierra\SWAT 4\SSFModv3.1\SSF Mod v3.1.exe
detected: Trojan.Win32.Agent.ho

eset didn't find anything at all do i have anything to worry about
or is it just a fp
thanks
Phil" }-


Try uploading and scan with Virus Total (http://www.virustotal.com/) to get 30 or so second opinion's

hi
thanks this is what i got from the cfda.exe
File CFDA.exe received on 11.23.2007 02:46:37 (CET)
Current status:finished

Result: 4/32 (12.5%)

AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - Trojan.Win32.AddUser.o
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Prevx1 - - -
Rising - - Trojan.Win32.PePatch.ca
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - Trojan.MulDrop.8488
VirusBuster - - -
Webwasher-Gateway - - -

I have tried virustotal and then went to some other online scans and gotten different results- even for the same signature releases of the same product. You can get a second opinion of virustotal at these scanners (virScan is a good one too, lots of av scanners)

VirScan-
http://virscan.org/

virus.org-
http://scanner.virus.org/

jotti's-
http://virusscan.jotti.org/

viruschief-
http://www.viruschief.com/index.html

-{ Quote: "hi
i just tried as free v3 and did a scan
this is what it found in my swat 4 dir
C:\Program Files\Sierra\SWAT 4\AustereVillageTSS\CFDA Dedicated.exe detected: Trojan.Win32.AddUser.o
C:\Program Files\Sierra\SWAT 4\AustereVillageTSS\CFDA.exe
detected: Trojan.Win32.AddUser.o
C:\Program Files\Sierra\SWAT 4\SSFModv3.1\SSF Mod v3.1.exe
detected: Trojan.Win32.Agent.ho

eset didn't find anything at all do i have anything to worry about
or is it just a fp
thanks
Phil" }-
Submit the files to ESET

Found this, might help.
http://vgrep.viruspool.net/virus.cms?&id=2130212
http://vgrep.viruspool.net/virus.cms?&id=239319

-{ Quote: "hi
i just tried as free v3 and did a scan
this is what it found in my swat 4 dir
C:\Program Files\Sierra\SWAT 4\AustereVillageTSS\CFDA Dedicated.exe detected: Trojan.Win32.AddUser.o
C:\Program Files\Sierra\SWAT 4\AustereVillageTSS\CFDA.exe
detected: Trojan.Win32.AddUser.o
C:\Program Files\Sierra\SWAT 4\SSFModv3.1\SSF Mod v3.1.exe
detected: Trojan.Win32.Agent.ho

eset didn't find anything at all do i have anything to worry about
or is it just a fp
thanks
Phil" }-

Is it just me or nod32 is not as good as it was before, Kaspersky & A-Squared also DETECTED 25 trojans that nod32 missed. I cant believe that nod32 just sit there & did nothing even real time at max settings!!!!!! What a stupid & lousy antivirus!!!!. I think I wont renew my license for it next time.>:( Personally I am unhappy with Nod32. It used to be my favorite before buying kaspersky & A squared. Personally I found out that nod32 signature detection sucks one of the poorest of all antivirus, it has very few virus records in its signature database, it relies too much on heuretics which I think Kaspersky & Avira has now beaten nod32 in heuretic detection. Kaspersky & Avira siganture detection is far superior than that lousy nod32 signature database which finally shows that it totally sucks!!!
I think I am begining to see the fall of nod32 from the top!!!!!!!!:P It is now OUTCLASED even by A-Squared????
Now that SUCKS!!!! I begining to see the truth about Nod32, It is the most overrated & most hyped antivirus in the world. Maybe all about nod32 is just a lot of ********!!!!!!!!!!!!!!

GAAAHHHHH!!!!!! MALLware!!!!! SMASH SMASH!;D

-{ Quote: "Is it just me or nod32 is not as good as it was before, Kaspersky & A-Squared also DETECTED 25 trojans that nod32 missed. I cant believe that nod32 just sit there & did nothing even real time at max settings!!!!!! What a stupid & lousy antivirus!!!!. I think I wont renew my license for it next time.>:( Personally I am unhappy with Nod32. It used to be my favorite before buying kaspersky & A squared. Personally I found out that nod32 signature detection sucks one of the poorest of all antivirus, it has very few virus records in its signature database, it relies too much on heuretics which I think Kaspersky & Avira has now beaten nod32 in heuretic detection. Kaspersky & Avira siganture detection is far superior than that lousy nod32 signature database which finally shows that it totally sucks!!!
I think I am begining to see the fall of nod32 from the top!!!!!!!!:P It is now OUTCLASED even by A-Squared????
Now that SUCKS!!!! I begining to see the truth about Nod32, It is the most overrated & most hyped antivirus in the world. Maybe all about nod32 is just a lot of ********!!!!!!!!!!!!!!" }-

Just because you have had a bad experience doesn't mean everyone else has or will. Lay off the bold type, and stay away from the course language and on topic.

-{ Quote: "Im using A-Squared Anti-Mallware with Kaspersky & it works great. Anyone using A-Squared here. It has intrusion detection system which stops the unknown threats, detects hidden process & detects rootkits & destroy trojans;D" }-
So, when A-Squared Anti-Malware and KAV say both "Congrats, No threats found.", you believe that your computer is malware-free ?

-{ Quote: "So, when A-Squared Anti-Malware and KAV say both "Congrats, No threats found.", you believe that your computer is malware-free ?" }-

There is no presently no security solution that guarantee 100%. I also scanned my computer with Avira Trial, It found nothing. I believe some independent tests are actually reponsible for this MYTH & HYPE ABOUT NOD32 which contradicts NOD32 real world performance.!!![:thumbd::thumbd:THEY SUCK!!!!!!!!!!!!!!!!!!!! & I would never trust them again >:(

I also scanned computer with a super command line scanners of 4 av_(Sophos, Trend Micro, McaFee & Kaspersky) called multi-av), all found nothing after scanning with AVIRA ,Kaspersky & A-Squared. NOD32 SUCKS, a message to them, they lose this customer!!!! & my opinion of nod32 will now never change meaning it will always be very low no matter what people say!!!!!!!!:thumbd: :wacko: The so called great nod32 beaten by the new comer " A-SQUARED"???? Now what thats what I call ]"INFERIOR antivirus" Someone explain the ]THE EXTREME FAILURE OF DETECTION OF 25 TROJANS OF NOD32 TO ME THEN">:( :thumbd: Its what I found out about NOD32 proves it to be WEAK= very FEW virus records in its signature database & Heuretics now outclassed by the competition.!!! Frankly Nod32 only edge now is only in scanning speed & that is all there is to it!!!!!!!!!!!!

-{ Quote: "Someone explain the THE EXTREME FAILURE OF DETECTION OF 25 TROJANS OF NOD32 TO ME THEN">:( :thumbd:" }-Well, it could be anything from: NOD32 and a couple of other products missed genuine samples
The samples are corrupted and therefore detection is highly variable and influenced by the specifics of the corruption
Some products are having a bit of a false positive issue
Detection is not on the sample itself, but on how it is packed
You have not appropriately configured all the products
They are grey zone calls which some products will flag while others will not.
A host of other specific causesIn other words, detection or lack thereof on a sample set comprised of 25 samples of indeterminant and uncontrolled origin (i.e. are they 25 independent samples of 25 variants of the same piece) says very little of any of the products mentioned above.

Finally, civil discourse is the preferred mode of communication here.

Blue

-{ Quote: "Well, it could be anything from: NOD32 and a couple of other products missed genuine samples
The samples are corrupted and therefore detection is highly variable and influenced by the specifics of the corruption
Some products are having a bit of a false positive issue
Detection is not on the sample itself, but on how it is packed
You have not appropriately configured all the products
They are grey zone calls which some products will flag while others will not.
A host of other specific causesIn other words, detection or lack thereof on a sample set comprised of 25 samples of indeterminant and uncontrolled origin (i.e. are they 25 independent samples of 25 variants of the same piece) says very little of any of the products mentioned above.

Finally, civil discourse is the preferred mode of communication here.

Blue" }-

By the way, I used VirusTotal (20 Scanners) on some of the samples detected by kaspersky & A-Squared & A lot of antivirus says samples are trojans!!! It like someone saying the world is flat & the rest of the world is saying it is round!!;D Who are you going to believe a lot of antivirus scanners or a blind scanner who says it is not a trojan.?????????

Anyway, You also have a point, I will now layoff the language because I already proven my point.

-{ Quote: "By the way, I used VirusTotal (20 Scanners) on some of the samples detected by kaspersky & A-Squared & A lot of antivirus says it is a trojan!!! It like someone saying an someone saying the world is flat & the rest of the world is saying it is round!!;D Who are you going to believe a lot of antivirus scanners or a blind scanner who says it is not a trojan." }-and you clearly have not taken the time to understand each point that I wrote.

Blue

are you saying a lot of antivirus scanners are lying about the samples while one blindfolded scanner says the truth??? ??? ??? ??? This case is like democracy, Majority wins, One minority saying something & the majority says the opposite.

-{ Quote: "are you saying a lot of antivirus scanners are lying about the samples while one blindfolded scanner says the truth??? ??? ??? ???" }-Look at the first item in the list that I replied with. I'll repeat it here for clarity:-{ Quote: "Well, it could be anything from: NOD32 and a couple of other products missed genuine samples
....." }-Perhaps it's time to relax, take the time to read everything that's written, and not immediately jump to conclusions. I don't recall stating that any one product is either lying or has a monopoly on the truth.

Blue

Very well I will relax, But like I said Nod32 loses this customer forever!!!!!!!


Totally dissatisfied with nod32

-{ Quote: "There is no presently no security solution that guarantee 100%." }-
Unless you replace your system partition (Windows + Applications) with a clean system partition during reboot, like I do in less than 2 minuts.
I don't remove malware, I remove any change = known malware + undiscovered malware + malware, that isn't born yet. :)

-{ Quote: "Unless you replace your system partition (Windows + Applications) with a clean system partition during reboot, like I do.
I don't remove malware, I remove any change = known malware + undiscovered malware + malware, that isn't born yet. :)" }-


Totally Agree on you on that.;D But I thought formating can also destroy mallware. Does it really??

-{ Quote: "Totally Agree on you on that.;D But I thought formating can also destroy mallware. Does it really??" }-
My first defense is a boot-to-restore, which works all the time.

In worst case scenarios, like a Killdisk Trojan attack, I zero my system partition harddisk[C:] and restore a clean image, but that didn't happen yet. Besides Anti-Executable is supposed to stop the Killdisk Trojan.
The main thing is that I have a cure for everything, except hardware viruses, those are more ghost stories than reality, a few are real but I never met them.

A boot to restore tool something like DEEP FREEZE you mean that puts mallware into the bermuda triangle???;D

I would be interested to see a list of the 25 supposed trojan files. Otherwise, visceral eruptions have no credence.

If you want proof here to those who are being taken for a ride by ESET. :thumbd:
I used to believe that nod32 was great but man was I wrong!!!!

This is how I found out why I had a nest of trojans that ""you know who missed".
Try this online scanners on your computers . Use Internet Explorer for best results.

Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner)

BitDefender Online Scanner (http://www.bitdefender.com/scan8/ie.html)

-{ Quote: "If you want proof here to those who are being taken for a ride by ESET. :thumbd:
" }-I for one would like to see your "proof". All I've seen thus far are a series of unhinged and unsupported rants.

Blue

Ultragunner, if you really would like to prove that you have any merit to your claims, take your issues to the Eset forum here in a professional manner. Otherwise, every post you make wrought with smileycons, bold text, colored text, and vehement rhetoric simply drops any credibility you have further down the scale.

As Blue and I have asked, provide real evidence or stop wasting everyone's bandwidth.

Here is proof: One Trojan undetected by Nod32!!!!!!!!!

Language


Server load
Server Load
VirSCAN <http://www.virscan.org>
Suspicious files to scan
1, You can UPLOAD any files, but there is 10Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 10
files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.







Current Position:
Current Scanner:
Last Scanned:
Suspicious degree:

File Name:
File Size:
File Type:
MD5:
SHA1:
Compressed:

Current Position: 0 / (0%)
Elapsed time: 0
Est Time Left: 0
Est Speed: 0


Main Menu
HOME </index.php> About VirSCAN </about.php> Report </reportlist.php>
Help VirSCAN </helpus.php> Submit Bugs </bug.php> Contact us </contacts.php>


File information
File Name : nod32 sucks.sqx
File Size : 134349 byte
File Type : data
MD5 : 826c923ace8b8bb83d26513b63968599
SHA1 : 4dad9f1e9e6bebd21d01bce6b6d652a037fabe8b

Scanner results
Scanner results : 25% Scanner(9/36) found malware!
Time : 2007/11/24 12:22:23 (PHT)

{As per forum policy, gratuitous VT summary scan results removed - Blue}

Told you that Nod32 sucks You are looking at a very unhappy customer here!!!:thumbd:

Another undetected Trojan by Nod32



Server load
Server Load
VirSCAN <http://www.virscan.org>
Suspicious files to scan
1, You can UPLOAD any files, but there is 10Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 10
files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.







Current Position:
Current Scanner:
Last Scanned:
Suspicious degree:

File Name:
File Size:
File Type:
MD5:
SHA1:
Compressed:

Current Position: 0 / (0%)
Elapsed time: 0
Est Time Left: 0
Est Speed: 0


Main Menu
HOME </index.php> About VirSCAN </about.php> Report </reportlist.php>
Help VirSCAN </helpus.php> Submit Bugs </bug.php> Contact us </contacts.php>


File information
File Name : H.tar
File Size : 187904 byte
File Type : tar archive
MD5 : a9f92dd282556a3531278a35fff00afc
SHA1 : bf4f4920c5deb85a6786b915884fc16e4b92cecf

Scanner results
Scanner results : 61% Scanner(22/36) found malware!
Time : 2007/11/24 12:49:30 (PHT)


{As per forum policy, gratuitous VT summary scan results removed - Blue}



Now you all see why I am unhappy with Nod32.
Try scanning your computers with the online scanners then to see what I mean.

-{ Quote: "Told you that Nod32 sucks You are looking at a very unhappy customer here!!!:thumbd:" }-

Well if you don't like a particular software which in your case is NOD32, do what myself and many other's do is this situation. Don't use it, try something else. Personally I will not download,install,use,recommend,endorse or touch anything with a ten foot pole from Emsi software.

Fine. Told you all that I had proof!. ;D

-{ Quote: "Now you all see why I am unhappy with Nod32.
Try scanning your computers with the online scanners then to see what I mean." }-First of all, as you should be well aware if you've frequented these forums, use of collected VT/VS/or other summary scans tell you very little when you get right down to it. If you wish to expand on specifics, at least take the time to perform some analysis on your end - and that doesn't mean regurgitating scanner summaries. When you have mixed results, as were the two cases you provided, naturally caution is warranted. What's probably not really warranted is going off on an aggressive rant against any specific product. Whenever I'm presented with opposing opinions, and that what the results you provided are, I personally dig deeper. Lots of the flag I personally experience are false positives due to flags originating with potential riskware. No more, no less.

I take it at face value when you state that x% of the scanners at VT (or other resource) have flagged a file. I assume that statement's you have made correctly relayed the information that these multiscanners provided. Reproducing that scan result adds nothing to the discussion, except to illustrate that A-squared alerted on neither example you posted, while KAV flagged both examples as Trojan.Win32.Agent.cro.

You have a file, you state that it is malware, some scanners flag it as such, some do not. If you are going to immediately presume that any one positive constitutes immediate and incontrovertible proof that you have a functional piece of malware in your hands, the discussion is pretty much over. If that's your approach, go with a solution that flags as much as possible - other factors are irrelevant - and move on with your life.

If you want to dig deeper, fine, but I'm not about to play multiscanner games with you since they go nowhere at the end of the day. No one is further educated as to what's behind the detections, whether the platform used in the scan is relevant to causal (i.e. Windows) users, or why I should be concerned about the specific file in front of me.

Do I think the samples you provided are potentially malware? Of course I do. I explicitly stated that in my first point of my initial response to you. However, you seem more focused on ranting than discussing. If that's the case, I'm done.

Later,

Blue

-{ Quote: "A boot to restore tool something like DEEP FREEZE you mean that puts mallware into the bermuda triangle???;D" }-
Yes, something like DeepFreeze, but I prefer FirstDefense-ISR, because DF is just an option in FDISR. All the main functions of FDISR don't even exist in DF.
DF is too limited in possibilities and not flexible enough for home users.
The frozen mode of DF is not the same as a frozen snapshot in FDISR, although many users THINK it is.

DF is only faster and uses less space than FDISR. I'm not blinded by speed and less space in a software, because both are hardware issues.

Why would I use A2 Anti-Malware or any other scanner to remove malware, if I don't allow any change on my system partition ?

What can a malware do in my system partition, that has no personal data ? My system partition is like an empty house to a burglar.

The only thing a malware can do is corrupt my Windows and Applications. So what ? A simple reboot and everything is back to normal and if that doesn't work a simple restore of a clean image will do it.

NOD32 didn't detect 25 trojans. KAV is better than NOD32. Do you really think I still care about that ? I use these scanners for only one thing : to prove my approach really works. If all these scanners will ever find something on my system partition, it will be a false positive. :)

Point taken. But you would be mad too if your ex-favorite antivirus missed that many trojans you know. 25 trojans is a riduculous amount to ignore. Guess I was just blowing off steam. Pls understand my side too pls.
I kept the trojans in quarantine in KASPERSKY by the way to those who still have doubts that I am telling the truth.8)

-{ Quote: "Yes, something like DeepFreeze, but I prefer FirstDefense-ISR, because DF is just an option in FDISR. All the main functions of FDISR don't even exist in DF.
DF is too limited in possibilities and not flexible enough for home users.
The frozen mode of DF is not the same as a frozen snapshot in FDISR, although many users THINK it is.

DF is only faster and uses less space than FDISR. I'm not blinded by speed and less space in a software, because both are hardware issues.

Why would I use A2 Anti-Malware or any other scanner to remove malware, if I don't allow any change on my system partition ?

What can a malware do in my system partition, that has no personal data ? My system partition is like an empty house to a burglar.

The only thing a malware can do is corrupt my Windows and Applications. So what ? A simple reboot and everything is back to normal and if that doesn't work a simple restore of a clean image will do it.

NOD32 didn't detect 25 trojans. KAV is better than NOD32. Do you really think I still care about that ? I use these scanners for only one thing : to prove my approach really works. If all these scanners will ever find something on my system partition, it will be a false positive. :)" }-


Okay I try this FirstDefense-ISR because you recommended it. Personally I dont like Deep Freeze because it freezes everything else no exceptions including your updates.

-{ Quote: "Point taken. But you would be mad if your ex-favorite antivirus missed that many trojans you know." }-It depends.

I really only worry about things that I anticipate I have a finite chance of encountering. That's why, at the present moment, I really don't even think about esoteric malware that's more rumor than even firm proof of concept, yet you can uncover threads here and elsewhere that would lead you to believe we're in the midst on a deluge of this same material. I really don't view this situation as a lot different, given that experiencing something like 25 alerts (i.e. 25 trojans) will take me a few years to see during my normal computer usage - and that includes navigating to dicey sites that are sometimes posted here as links.

Blue

ultragunnerdcl

Very often scanners will have a "false" detection for certain files. It is done, as I understand, because there is a possibility of a threat is still justifiabe in some way or another. I suppose you installed a game and it has some "risky" files. Equally, if you scan an installed angryIP or the magic bean counter these too will appear as threats. Yet these are neither a risk or a threat. The decision rests in the hands of the user to say if the file or software has to be cleaned or uninstalled.

I suppose the other side of the coin is an AV being too lax, as that could be very dangerous.
I suppose if the scanners jump at the least risk files, then they have justified their presence on the PC and promoted the sale and customer loyaty. Plus the user does not have to think about anything -before, during or after- the PC usage. The software does all the thinking for the user. Kind of sad- the users are becoming used to this convience and being taken care.

I just finished downloading 300 songs. Scanned with NOD 2.7 and asquared. All came clean. Listening to them now as typing. But I should add false detection of scanners is not a funny topic to be taken lightly_KAV 6 once ripped out a few files out of my MS Office, rendering it useless. All because of false detections. I had to re-install Office from the media disks just to type a letter. Then I changed the KAV setting to alert instead of automatically remove on detection. ;)

12fw

-{ Quote: "ultragunnerdcl

Very often scanners will have a "false" detection for certain files. It is done, as I understand, because there is a possibility of a threat is still justifiabe in some way or another. I suppose you installed a game and it has some "risky" files. Equally, if you scan an installed angryIP or the magic bean counter these too will appear as threats. Yet these are neither a risk or a threat. The decision rests in the hands of the user to say if the file or software has to be cleaned or uninstalled.

I suppose the other side of the coin is an AV being too lax, as that could be very dangerous.
I suppose if the scanners jump at the least risk files, then they have justified their presence on the PC and promoted the sale and customer loyaty. Plus the user does not have to think about anything -before, during or after- the PC usage. The software does all the thinking for the user. Kind of sad- the users are becoming used to this convience and being taken care.

I just finished downloading 300 songs. Scanned with NOD 2.7 and asquared. All came clean. Listening to them now as typing. But I should add false detection of scanners is not a funny topic to be taken lightly_KAV 6 once ripped out a few files out of my MS Office, rendering it useless. All because of false detections. I had to re-install Office from the media disks just to type a letter. Then I changed the KAV setting to alert instead of automatically remove on detection. ;)

12fw" }-


IC, But 9 or more scanners detecting a TROJAN tells a very different story. I will never believed in nod32 again. To think I was using the new version 3.0.566.0 & I really like it at first that was until I tried kaspersky online scanner on my computer & found out the truth. I assure you 9 to 20 scanners detecting a file a trojan is not a false positive!!!!. Nod32 is a blind scanner!!!:thumbd:

-{ Quote: "IC, But 9 or more scanners detecting a TROJAN tells a very different story." }-Not always
-{ Quote: "I assure you 9 to 20 scanners detecting a file a trojan is not a false positive!!!!. Nod32 is a blind scanner!!!:thumbd:" }-On the basis of your disassembly of the code? Running it in a sandbox/VM and watching the activity and outcome? Note that I'm not relying on ad infinitum scanner results from online multiscanners. The jump from a cautious alert to firm proof is a big one, and it's a jump that you seemingly have not be able to come to grips with.

If I were a user looking to determine whether or not to use a program of unclear origin that yielded flags on a multiscanner, I'd take the results at face value and not use the file. However, if I was publicly and aggressively taking a vendor to task on detection metrics, I'd do a lot more homework on these supposed malicious files than you have in this instance.

Blue

ultragunnerdcl said:

"IC, But 9 or more scanners detecting a TROJAN tells a very different story. I will never believed in nod32 again. To think I was using the new version 3.0.566.0 & I really like it at first that was until I tried kaspersky online scanner on my computer & found out the truth. I assure you 9 to 20 scanners detecting a file a trojan is not a false positive!!!!. Nod32 is a blind scanner!!!"

Exactly. My point and see for yourself_ download angryIP and kf151 and then scan these two at VT and see the results. No doubt the detection will be high. Yet these are safe files to execute. I have a partition set aside to keep these types of "risky" file- it is excluded from the scanners. Most declared as "risk", yet they are innocent.

12fw

-{ Quote: "IC, But 9 or more scanners detecting a TROJAN tells a very different story. I will never believed in nod32 again. To think I was using the new version 3.0.566.0 & I really like it at first that was until I tried kaspersky online scanner on my computer & found out the truth. I assure you 9 to 20 scanners detecting a file a trojan is not a false positive!!!!. Nod32 is a blind scanner!!!:thumbd:" }-

I think you really need to educate yourself on why some anti viruses detect a file as malware while others do not.

There can be many reasons as Blue has touched on.

Example:

If the file is damaged, and therefore not able to infect a PC, it is useless so can it really still be called malware?

If Anti Virus 'A' flags this damaged malware as a trojan and Anti Virus 'B' does not, which one is correct?
Probably both but Anti Virus 'B' does not bother you with false alarms about non working malware.

Eset, as far as I'm aware, take the approach of checking malware individually and will not add damaged, unfunctional malware to it's database.

Maybe we should stop discussing about nod32 before I say something bad about it. I really like it a lot before & my mind is made up, nothing you all gonna say is gonna change that. Pls change the topic & let us stop discussing about nod32 now. Let discuss something else now.;D

-{ Quote: "Maybe we should stop discussing about nod32 before I say something bad about it. I really like it a lot before & my mind is made up, nothing you all gonna say is gonna change that. Pls change the topic & let us stop discussing about nod32 now. Let discuss something else now.;D" }-

You see, that's just the point. Moving on from that antivirus you don't want to talk about... Now, go run chkdsk. After it takes 6+ hours because Kaspersky has ganked your drive with ObjectID tags all over the place, you'll be just as critical of them. Oh, and good luck trying to remove the ObjectIDs when you're done. Getting rid of 25 abberant files will seem like a cakewalk.

-{ Quote: "Let discuss something else now.;D" }-

Yep I agree. How about A2?

Gerard

-{ Quote: "You see, that's just the point. Moving on from that antivirus you don't want to talk about... Now, go run chkdsk. After it takes 6+ hours because Kaspersky has ganked your drive with ObjectID tags all over the place, you'll be just as critical of them. Oh, and good luck trying to remove the ObjectIDs when you're done. Getting rid of 25 abberant files will seem like a cakewalk." }-

I do believe you are mistaken, I did just that & it finished in 4 minutes!!! Maybe you never tried kaspersky before. Im using the latest version 7 & I assure you it doesnt gank my drive with objectid. Ps

-{ Quote: "Yep I agree. How about A2?

Gerard" }-

A-Squared Anti-mallware.? You mean. Are you using it too?;D

-{ Quote: "I do believe you are mistaken, I did just that & it finished in 4 minutes!!! Maybe you never tried kaspersky before. Im using the latest version 7 & I assure you it doesnt gank my drive with objectid. Ps" }-ultragunnerdcl,

Unless there has been an unannounced change, scanned files will exhibit KAV created File Object ID's if they hadn't had them previously.

As for creating issues beyond a simple and required increase in time for chkdsk to execute, a very low frequency of problems have been reported - low enough that it should not be a significant concern. Since NTFS uses a transactional model, it is fairly robust against filesystem errors. However, I can conceptually envision that hard system crashes during scanning may precipitate filesystem inconsistencies - and there are certainly a few situations in which this would be more probable (say, with flaky power supplies or on a system overloaded with realtime security monitoring solutions from multiple vendors conflicting in the background while running a p2p filesharing application..., just as a couple of illustrative examples).

Blue

Look, Just becuase im no longer your customer, pls stop putting down kaspersky. Very well, I will go their official forum to verify what you said.

-{ Quote: "Look, Just becuase im no longer your customer, pls stop putting down kaspersky. Very well, I will go their official forum to verify what you said." }-Well, I guess you don't know me very well then, and you didn't read my post terribly carefully.

For your benefit, I happen to be a multilicense/multiyear Kaspersky user. I don't believe that file object ID's are a major practical issue. I do believe the KL programmers made a poor choice in using them for the purposes that they did, and I believe that any program should not leave extensive tracks of their existence on any machine if it is uninstalled - that goes for any program, it is simply very poor etiquette.

Blue

hi there,

for a bit of closure on the 'blind' NOD32 issue, i asked ultragunnerdcl to share the samples with me, which he kindly did. There are 5 files in an archive which are then in a tar archive.

NOD32 does not detect anything if you scan the tar file, obviously can't 'see through it', but once you extract it NOD32 jumps in with 'multiple infiltrations'. I disabled AMON so i could extract the files and see what was inside. there are 5 .exe files, one of which is only detected by PREVX at VirusTotal and is 1kb in size, so a nonsense file.

the other 4 files are detected by NOD32 as follows:

Scan performed at: 24/11/2007 14:49:55
Scanning Log
NOD32 version 2683 (20071124) NT
Command line: C:\Documents and Settings\***\Desktop\none\none.exe

Date: 24.11.2007 Time: 14:49:57
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\***\Desktop\none\none.exe
C:\Documents and Settings\***\Desktop\none\none.exe »RAR »keygen.exe - Win32/TrojanDownloader.Agent.NSP trojan
C:\Documents and Settings\***\Desktop\none\none.exe »RAR »crack.exe - Win32/Adware.Virtumonde application
C:\Documents and Settings\***\Desktop\none\none.exe »RAR »serial.exe - Win32/Dialer.NDU trojan
C:\Documents and Settings\***\Desktop\none\none.exe »RAR »install.exe - Win32/Virut.AV virus
Number of scanned files: 5
Number of threats found: 4
Time of completion: 14:49:58 Total scanning time: 1 sec (00:00:01)


So, it isnt that NOD32 doesnt detect the nasties, it detects ALL of them. It just cant unpack (that the right word?) to see inside the tar file. The files pose no threat until they are extracted anyway, at which point NOD32 deals with them all.

i think someone owes someone an apology...;D

Lee

PS i will submit the files in the tar to ESET just in case they want to analyse the packing

You are also forgetting a lot of things. I have more samples here if you want. So by doing that test too shows one thing too & proves That Nod32 heuretics is inferior to the competition & a lot of antivirus heuretics beats the hell out of nod32!!! A lot of antivirus was able to scan thru the unpacking & nod32 could not shows that its signature detection is very weak & its heuretics does not work So are you sure you want to challenge me!!!!!! I have already sent all of the samples to kaspersky lab. Quit crying over spilled milk & all of you should accept that Nod32 all lost to a lot of better antivirus.!!!!!!!!!

Here are the facts:
Nod32 could not detect the samples & could not see thru the unpacking shows that it heuretics is not as good as it used to be.
Nod32 Signature Database has very few virus & trojan records compared to other antivirus!!!

Your test proves it is very weak.

By admiting that nod32 could not see thru the compresion means that its heuretics does not work!! A question to everyone " Does nod32 has the best heuretics"??? Absolutely not. Even if your reason that the file is harmless when packed, pls that like someone reasoning that he is winning after getting beaten up by a bully!!!
By the way, I used to use Nod32 version 3.0.566.0 which is superior to version 2.7.

Can some mod close this thread? I see it going nowhere.

-{ Quote: "You are also forgetting a lot of things. I have more samples here if you want. So by doing that test too shows one thing too & proves That Nod32 heuretics is inferior to the competition & a lot of antivirus heuretics beats the hell out of nod32!!! A lot of antivirus was able to scan thru the unpacking & nod32 could not shows that its signature detection is very weak & its heuretics does not work So are you sure you want to challenge me!!!!!! I have already sent all of the samples to kaspersky lab. Quit crying over spilled milk & all of you should accept that Nod32 all lost to a lot of better antivirus.!!!!!!!!!

Here are the facts:
Nod32 could not detect the samples & could not see thru the unpacking shows that it heuretics is not as good as it used to be.
Nod32 Signature Database has very few virus & trojan records compared to other antivirus!!!

Your test proves it is very weak.

By admiting that nod32 could not see thru the compresion means that its heuretics does not work!! A question to everyone " Does nod32 has the best heuretics"??? Absolutely not. Even if your reason that the file is harmless when packed, pls that like someone reasoning that he is winning after getting beaten up by a bully!!!
By the way, I used to use Nod32 version 3.0.566.0 which is superior to version 2.7." }-this is getting too funny. lets review. his test shows that when the 4 files that really are malware (all cracks and keygens, which is interesting by the way) are extracted from the rar file, nod32 detects them all. so from that you conclude that nod32 heuristics are no good. what the heck do heuristics have to do with that? you do know that heuristics have nothing to do with extracting files from archive formats right? and the fact that he shows them all detected when extracted somehow proves nod32 is no good at all because it isn't set to scan in rar files at virustotal. i love the logic.

A question why do the other antivirus detects through the unpacking & nod32.could not??? Your reason of harmless is not a valid reason if it is a very good antivirus it should see thru the unpacking!!!
Nod32 is weak. That is all!!

You should know that about 9 to 20 scanners detected through the unpacking by the way. All ,of you are admiting that nod32 is lesser than the rest but would not accept the truth. Like I said Nod32 is just a lot of HYPE & A VERY OVERATED PRODUCT.

Yes, The Truth hurts doesnt it, I found that out the hard way!!!

Alright enough!

This thread has gone way off it's original topic and is now closed!

Any other threads started and or disrupted in this fashion will end with the same fate.



snowbound