i recently ran a scan of ADAware Pro and i was shocked ow many Trojans were found in archives on my PC.
See attached screenshots.
I was wondering why ESET did not detect any of them?
ESET is also configured to scan archives and so i dont know why this anto virus program cant find stuff a freeware program can find.
i checked the results with Virus Total Online website and they were real (unfortunately).

Are my settings wrong or is Eset just bad at detecting Malware / trojans?

Greets,
Gelangweilt

How do you know that the files are actually malicious? What if they are just a sort of data or configuration files created by the trojans or even false positives? Have you submitted them to ESET for analysis per the instructions here (http://kb.eset.com/esetkb/index?page=content&id=SOLN141&actp=search&viewlocale=en_US&searchid=1256586525276)? Even if they were actually functional missed samples, remember that no AV protection has 100% detection of malware. If you installed EAV on a computer protected by Adaware it might find malware undetected by Adaware.

Currently i have both scanners installed:
AdAware Pro 8.1 and EAV 4.0.67

I didnt submit them to Eset, as i deleted them in AAW Pro already.
I will do next time.

Anyway i was wondering, as some files which contained the trojans were on my HDD already a few months....

Mabe you did not have your archive scanning set properly in NOD32, and thats why it missed them ?

You call them trojans, but what if they were just benign data or configuration files, or even false positives from Adaware? At least knowing the file names and their location would shed a little light.

i am 100% postive archive scanning was ON, as i could see the files in the archive during scanning.
There were showing up at the scan progress window.

There is a test site I use, that has 100's of trojans directly linked to download files.Every one I have clicked on so far, Eset has cought :doubt:

Those are the names in that list in your screen shot of the trojans ? i'll find them on the site and see if my NOD32 misses them then.

The heuristics cought this one:

213330

Signatures cought this one:

213331

Not enough info about the trojan.downloader and I can't find the firefox one in the list, but you get the point.

Thanks for the effort.
Can you let me know where that site is so i can check myself?
Not that i doubt your results, but maybe my setup is messed up or some setting is wrong?

No, if you find it on your own, thats one thing.

But there is an archive here to test:

http://www.eicar.org/anti_virus_test_file.htm

scroll to the bottom and click eicar2.zip

-{ Quote: "Can you let me know where that site is so i can check myself?" }-
Gelangweilt, because you are a new member, please review the Terms of Service (http://www.wilderssecurity.com/faq.php?faq=wilders_tos#faq_wilders_tos_1) policy you agreed to, when signing up. We don't want inexperienced visitors to download something that can damage their computers and that is why, posting links to malware are not allowed in this forum. It's also the reason why ccomputertek covered the URL in the images.

ccomputertek, thanks for abiding by the TOS! :thumb:

Thanks to both of you.
Sorry for asking for that website.
Eicar was detected on normal http, the SSL one was not detected.

Gelangweilt, no problem! As you post more, the Private Message (http://www.wilderssecurity.com/faq.php?faq=vb_board_usage#faq_vb_pm_explain) feature of this site will become available to you, thus being able to discuss things in private with other members.

I don't use ESET, but my AV detects the SSL eicarcom2.zip, as soon as the download process starts. Hopefully, Marcos or someone else will respond soon.

JR

-{ Quote: "
ccomputertek, thanks for abiding by the TOS! :thumb:" }-:thumb:



-{ Quote: "
Eicar was detected on normal http, the SSL one was not detected." }-

Are you using NOD32 4.0 with SSL checking enabled ?

-{ Quote: "
Are you using NOD32 4.0 with SSL checking enabled ?" }-

I thought it was, but it wasn't.
just tried again and it worked.

from the setting in https.png i was assuming it was on.
until i checked the protocol setup in https2.png, where SSL was disabled.

-{ Quote: "Gelangweilt, no problem! As you post more, the Private Message (http://www.wilderssecurity.com/faq.php?faq=vb_board_usage#faq_vb_pm_explain) feature of this site will become available to you, thus being able to discuss things in private with other members.

I don't use ESET, but my AV detects the SSL eicarcom2.zip, as soon as the download process starts. Hopefully, Marcos or someone else will respond soon.

JR" }-

Can you tell me when i can use the PM feature?
In the TOS it won't say exactly when a new user will get this feature.
only that a mod can assign it or when limits are reached (which are not specified...)

Cheers,
G

-{ Quote: "Can you tell me when i can use the PM feature?" }-
Gelangweilt, I have PM'ed you.