Well. My recommendation for NOD32 went down a treat with this client. Not.
Here's the file that's not detected with NOD32 v2 updated to 28-9-2004, even though searching google shows results on this file from back in July.

link removed as points to malware which is against TOS

guess I need to download an evaluation of KAV to clean this one.

{QUOTE-> Well. My recommendation for NOD32 went down a treat with this client. Not.
Here's the file that's not detected with NOD32 v2 updated to 28-9-2004, even though searching google shows results on this file from back in July.

link removed
guess I need to download an evaluation of KAV to clean this one. <-QUOTE}

NOD detected it here with the IMON HTTP scanner and stopped it from downloading.

Time Module Object Name Virus Action User Info
9/29/2004 9:54:10 AM IMON file link removed probably unknown NewHeur_PE virus quarantined - connection terminated STAN\Administrator

http://webpages.charter.net/gunn1943/css.JPG

Please, remove that links from your posts immediatly.

Detected here.

strange. I had heuristics set to Deep. Still nothing.
How bizzare. I uploaded it to one of the scanning sites and as you said NOD detected it as "probably unknown whatever".

File is now removed. Thanks for the help.

Wilders Security Forums
Terms Of Service

You agree, through your use of this forum, that you will not post any material which is false, defamatory, inaccurate, abusive, vulgar, hateful, harassing, obscene, profane, sexually oriented, threatening, invasive of a person's privacy, or in violation of ANY law. This is not only a forum policy, but legal action can be taken against you in accordance with appropriate law. You also agree not to post or upload any copyrighted material unless the copyright is owned by you or you have consent from the owner of the copyrighted material. Spam, flooding, advertisements, chain letters, pyramid schemes, and solicitations are also inappropriate in this forum. Furthermore, you agree not to post any links to warez sites or sites from which malware (viruses, worms, trojans, backdoors etc.) can be downloaded.

{QUOTE-> strange. I had heuristics set to Deep. Still nothing.
<-QUOTE}

Do you have "Advanced heuristics" marked?

A copy of the file is on it's way to ESET nowe so it should be included in next batch of updates as the CWS trojan that other antiviruses know it as.

Thanks, I managed to get the file instantly as the link had been posted. It seems to be a new trojan, we'll analyse it and add detection by name shortly.

{QUOTE-> Do you have "Advanced heuristics" marked? <-QUOTE}


Maybe I'm missing something, but there is no Advanced Heuristics for AMON. There is for IMON, but this was to clean an already infected machine.

I took the drive out of the bad computer, and scanned it in my machine.

{QUOTE-> Wilders Security Forums
Terms Of Service
Furthermore, you agree not to post any links to warez sites or sites from which malware (viruses, worms, trojans, backdoors etc.) can be downloaded. <-QUOTE}


Yep, very sorry about that. I registered here a long time ago and haven't been since, so the TOS were not fresh in my mind. I'll take better care next time.

{QUOTE-> Maybe I'm missing something, but there is no Advanced Heuristics for AMON. There is for IMON, but this was to clean an already infected machine.

I took the drive out of the bad computer, and scanned it in my machine. <-QUOTE}

Are you using the NOD version 2.12.2?

http://webpages.charter.net/gunn1943/amonsetup.JPG

ooops! I guess that's the difference between:
"Perform program component upgrade only if necessary for proper virus signature database functioning"
and
"Perform program component upgrade if available"

Something new learned today!

<leaves with head down> ;)

{QUOTE-> ooops! I guess that's the difference between:
"Perform program component upgrade only if necessary for proper virus signature database functioning"
and
"Perform program component upgrade if available"

Something new learned today!

<leaves with head down> ;) <-QUOTE}
Hi Carl, there is a fairly comprehensive step by step tutorial on Nod32 here (http://www.wilderssecurity.com/showthread.php?t=37509)

Hope this helps...

Cheers ;D

about 2-3 months ago i had a CWS trojan/malware on my computer,
it was the first net bug to stump me, because my NOD was fully up-to-date, deep, advanced heuristics. My Spyware removers were fully up-to-date and still my internet explorer was going hay wire and nothing was detected.

Anyway after some searching/researching i found a program to remove that specific CWS trojan/malware, and to my understanding NOD didn't pick it up because it wasn't technically a virus or somthing.

But now i know that NOD will pick up those types of net bugs.

{QUOTE-> about 2-3 months ago i had a CWS trojan/malware on my computer,
it was the first net bug to stump me, because my NOD was fully up-to-date, deep, advanced heuristics. My Spyware removers were fully up-to-date and still my internet explorer was going hay wire and nothing was detected.

Anyway after some searching/researching i found a program to remove that specific CWS trojan/malware, and to my understanding NOD didn't pick it up because it wasn't technically a virus or somthing.

But now i know that NOD will pick up those types of net bugs. <-QUOTE}

NOD & most other antiviruses will detect many forms of the CWS trojan and block it from activating, BUT I don't know of any antivirus or antitrojan that can clean an infiltration of CWS completely once it has got established

The methods that they use to hook into the system need specialist cleaning tools and routines that no "off the shelf " anti trojan or antivirus can include as each infection differs on every individual copmputer

The CWS adware trojans have several hundred varieties and several new versions come out daily

These pests are far better prevented than cured and the only way is to keep up to date with all windows updates and your antivirus

NOD(heuristically) (and KAV)detects more varieties of these than most other antiviruses do , but nothing detects every version unfortunately

So more than likely i received a CWS trojan, i got infected, the next NOD update cleaned it, then i needed to d/l a tool the fix the problems created by this CWS. Or does this problem only occur when the trojan itself lives on the computer, when it gets cleaned the problems go away? i s'pose not

{QUOTE-> So more than likely i received a CWS trojan, i got infected, the next NOD update cleaned it, then i needed to d/l a tool the fix the problems created by this CWS. Or does this problem only occur when the trojan itself lives on the computer, when it gets cleaned the problems go away? i s'pose not <-QUOTE}
Hi Arrowsmithmidwest you can do the following:

Install and run CWShredder available here (http://www.wilderssecurity.com/showthread.php?t=14086)


IF the above does NOT fix your problem please download and run “Hijack This” found here (http://www.wilderssecurity.com/showthread.php?t=12516)


and post your log at one of the forums found here (http://a-sap.org/)


Keep in mind the following quote:

{QUOTE-> The two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.Com (http://forums.spywareinfo.com/index.php) and ComputerCops.Biz (http://computercops.biz/modules.php?name=Forums). Be sure to read their posting policy in the links at their log review forum sections prior to posting. <-QUOTE}


Hope this helps…

Let us know how you go…

Cheers ;D

Why are these 2 lasts options from the picture not activated as default in 2.12.3? If I had not read this thread I have never thought on activating them. What sorprises me more is that "advanced heuristics" is "recommended" on the help file and it is not ON by default.

Can someone explain me? Thanks.
.
[.QUOTE=Stan999]Are you using the NOD version 2.12.2?

http://webpages.charter.net/gunn1943/amonsetup.JPG <-QUOTE}

{QUOTE-> Can someone explain me? Thanks. <-QUOTE}Nod32 is set VERY conservatively, there is a thread here under "Everything Else" and Item number 11, and further down in that thread there are links to very long discussions on this matter: http://www.wilderssecurity.com/showthread.php?t=49674

Hope this helps...

Cheers ;D