Today my pc was infected by a trojan named "Trojan-Downloader.Win32.Bagle.hh". nod32 v.3.0621 was not able to detect it.
after a reboot, nod32 don´t load anymore. when i opened the control center, it was totally empty, blank. so i have installed kaspersky, which detected this trojan with the above name.
i believed, i was secure with nod32, but now...???
:thumbd: :thumbd: :thumbd:

Every AV misses something, I could prove the same with KAV if I used a different set of samples. If you come across a threat that is not detected, compress it, protect the arcive with the password "infected" and send it to samples[at]eset.com

Also, since bagle is usually an attachment to an e-mail, I would inform whom ever opened that attachment to be somewhat more cautious.

Bubba

But some are better than others. I guess that is what we spend all this time looking for.

Here a screenshot of the nod32 control center i get after a reboot.:ouch:

Do a repair install.

Just cuirious if you are having definition update issues or has someone altered the default schedule regarding updates ?

It appears you are ~ 15 updates behind.

Latest is NOD32 - v.2757 (20071230) (http://www.eset.com/support/updates.php?pageno=1)

Bubba

I had a virus get through on nod32V2 with blackspear settings,how ever I do a lot of downloading and was not running any other realtime protection along side just windows firewall.A back up on demand scan got it.I believe If I was using something of lesser quality I may have been Infected more often .Do i still use nod you bet I do just added a realtime spyware/malware for some more layered protection.

{QUOTE-> Just cuirious if you are having definition update issues or has someone altered the default schedule regarding updates ?

It appears you are ~ 15 updates behind.

Latest is NOD32 - v.2757 (20071230) (http://www.eset.com/support/updates.php?pageno=1)

Bubba <-QUOTE}


2740 is the default signature version that comes with the installer file of build 3.0.621
Most likely it has never been updated

{QUOTE-> 2740 is the default signature version that comes with the installer file of build 3.0.621 <-QUOTE}Very true ;)
{QUOTE-> Most likely it has never been updated <-QUOTE}Appears as much :o

just wondering here...who knows if u wud have experienced the same sort of problems with version 2.7...just a little thing in the back of my head..thats all.

{QUOTE-> Most likely it has never been updated <-QUOTE}That may be correct or maybe not. Version 3 as well as Version 2 update upon installation if you enter your license details while installing.

If they don't update, you will get a warning.

Here is another screenshot on onother pc infected by the same trojan.
nod32 is here up to date: v2757???

The Eset must walk guarding the viruses for her, the updating does not do corresponding sense to the number of samples that are sent, besides when we subject some archive for the Eset we are not warned if this one is or not a virus and it was put itself in the database.


The Trojan Bagle as it was said here in the forum is able to do so that the ekern.exe is finished and the Eset is not acting in the most correct way for with the users who order samples and have not any answer of turn.


Please do from knots a few innocent dogs that do not understand of anything and what we like implicating.

I do no about v2 being disabled from trojan but If virus database is out of date I will get a warning to update by

{QUOTE-> The Eset must walk guarding the viruses for her, the updating does not do corresponding connection to the number of samples that are sent and we are nor warned or alerted for same.


The Trojan Bagle as it was said here in the forum manages to do Kill to an ekern.exe and the Eset is not oh for the samples which knots we order users.


Please make a submission of filing cabinets be cost and do not make from knots a few little dogs. <-QUOTE}I'm not sure I understand what your trying to say. Would you consider reposting? I know that english is not your first language but I don't understand the references to knots, filing cabinets and dogs.

{QUOTE-> I'm not sure I understand what your trying to say. Would you consider reposting? I know that english is not your first language but I don't understand the references to knots, filing cabinets and dogs. <-QUOTE}
same quote found here from same member.
http://www.wilderssecurity.com/showthread.php?p=1150534

{QUOTE-> I'm not sure I understand what your trying to say. Would you consider reposting? I know that english is not your first language but I don't understand the references to knots, filing cabinets and dogs. <-QUOTE}

Editing post :)

{QUOTE-> same quote found here from same member.
http://www.wilderssecurity.com/showthread.php?p=1150534 <-QUOTE}


Post edited. Thank you

{QUOTE-> I'm not sure I understand what your trying to say. Would you consider reposting? I know that english is not your first language but I don't understand the references to knots, filing cabinets and dogs. <-QUOTE}

Whatd'ya mean you dont understand filing cabinets and dogs, its part of NOD isnt it ?? ;D Sorry you just made me laugh a bit, needed that.
Thanks also nodyforever !! I did understand properly though in the end. ;)

27-Dec-2007 = nightmare for me.
I am using Windows XP.
First i couldn't download Security Update for Windows XP (KB890859) &
Security Update for Windows XP (KB931784) &
Definition Update for Windows Defender - KB915597 (Definition 1.24.5054.0).
Second i couldn't run and later reinstall my security program NOD32,
KASPERSKY,PANDA,PC-Cillin,.. then i installed Spybot's Search and Destroy
but some bug or what erased exe-files and after all online NOD32,
KASPERSKY,PANDA,PC-Cillin,.. didn't found nothing.
Pleas help me.

In my experience, NOD32 is really bad in finding Bagle viruses compared to other scanners like Kaspersky. It's takes some time for Eset to update their signatures with the latest Bagle variants.

This happened with all variants that I have seen:
-Trojan-Downloader.Win32.Bagle.ft
-Trojan-Downloader.Win32.Bagle.fx
-Trojan-Downloader.Win32.Bagle.hi (still undetected by Nod32)
-Trojan-Downloader.Win32.Bagle.hh (still undetected by Nod32)

@Muscle

May be (just a guess) they want to update/develop one generic signature instead of pushing new signatures for each and every new variant every day ?

{QUOTE-> May be (just a guess) they want to update/develop one generic signature instead of pushing new signatures for each and every new variant every day ? <-QUOTE}
If I was ESET, I'd create signatures (even simple CRC32 of files) for these samples and later work on the generic detection. Having undetected samples leaves a sour taste.

I have to agree. Working on the "big picture" is great and probably has a lot to do with why NOD32 is lighter than other scanners; however, it little comfort to those who get infected in the meantime. I don't remember all these issues popping up in the forum with V2.7 so I am wondering if Eset is spread too thin.

It seems that Eset should be able add the newest signatures while working on the longer term solution and then remove them as they are no longer needed. Not doing so is undermining my confidence in this product and making me wonder if hourly updates and a little more scanning time is a better way to go.

I'll probably stick it out with NOD32 for now, but if this continues, I'm going to take a good look at KAV V8 when it is released. I hope Eset is not just being "hard headed" about their methodology. It would hate to see it damage the product's popularity.

{QUOTE-> Whatd'ya mean you dont understand filing cabinets and dogs, its part of NOD isnt it ?? ;D Sorry you just made me laugh a bit, needed that.
Thanks also nodyforever !! I did understand properly though in the end. ;) <-QUOTE}


Thank You poutine


But is it the reality, at last I wonder for what the submission of archives?

I Agree the highly rated and customer satisfaction of v2 has now turned A V3 nightmere for many folks.My feelings there should have been small upgardes to a already very good product V2 Instead of such a major overhaul that was not needed If anything maybe just a new look with same functions.just my opinion though

Beagle always kills ess :'( :thumbd:

Reboot to safe mode and try scanning again.

All, who can't enable NOD/ESS:

If you don't remove active infection (e.g. Win32/Bagle), you won't run NOD/ESS. Go to some forum (or write to my mail/icq), where you can send logs and clean your pc.

:thumb:

{QUOTE-> @Muscle

May be (just a guess) they want to update/develop one generic signature instead of pushing new signatures for each and every new variant every day ? <-QUOTE}
{QUOTE-> If I was ESET, I'd create signatures (even simple CRC32 of files) for these samples and later work on the generic detection. Having undetected samples leaves a sour taste. <-QUOTE}

I'm still wondering it the missed/too late detected downloader.trojan.Bagle's are just an incident or a structural problem of Eset.

If that would be the case what you say (that they wait for generic signatures before releasing a signature), than that would be a structural problem of Eset. (And a reason for me to go to another scanner who releases signatures immediately.)

The timeliness of signature additions and\or critical updates to software\anti-malware software should be a concern to users of their respective software. If by their computing habits they need minute by minute updates, then they need to search for that software mfg and embrace it as their layer of protection.

Having said that and as noted in some past removal notices, these type threads are neither support issues or helpful. If and when the vendors receive such samples, they will act on them according to the priority they deem necessary. Some will add detection and some won't. We won't debate the merits of their sample by sample decisions in such threads here at Wilders Security.

This horse is gone to pasture.

Happiest of New Years,
Bubba

Bubba