Hi,

I have an undetected malware sample of size 1.6 MB. The problem with NOD32 is that it takes more than 1 min to scan that single file.

My questions -
1. Why is NOD32 taking that much longer time to scan just a 1.6 MB file.
2. To whom should be the sample submitted, such that the scanning time of this particular file can be reduced.

Virustotal link for the sample i've tested -

~Virus Total link removed per Policy.~ (http://www.wilderssecurity.com/showthread.php?t=180057)


Note: My computer hasn't been infected. I'm just testing whether my NOD 32 picks up it or not in Sandboxie.

Thanks,
Harsha.

It can be normal if it's a large runtime packed file. Unpacking and emulation takes time, especially if it's compressed with a high compression ratio. You can submit it in a password protected archive to samples[at]eset.com so that it's added to the whitelist if it's actually clean.

Thanks Marcos! for explaining the cause briefly. The sample is being detected by NOD32 with v4562 update :).

One question i would like to ask...
How difficult is to implement a technology like to ignore scanning a already scanned file on the system which is considered as clean/trusted before?

Surely it ain't easy, but we'll see if such a technology can be incorporated safely in future versions without the risk of malware modifying this kind of information to evade detection.

Thanks Marcos! Hope Eset successfully implements this in Version 5!
All the Best ESET :)
This thread can be closed now...

-Harsha.