Trojan.MulDrop.2542

Well, another threat missed by NOD32. I'm posting here just because there are no packers involved and additionally the file is not corrupted. It's a dropper and NOD missed it and I've runned it by mistake... Now what? Is ESET going to come at my home fixing the issue? I have some ports Closed even though they should have been Stealthed with Windows Firewall (Win XP SP2).

The top AVs like Symantec, BD, KAV detects it of course... ESET still add samples on a prior to base need ...and I've send them the sample 4 days ago.
Here's a screenshot from virustotal.com

 

If you think they are the top anti-viruses in the world, why do you still use NOD32?

Send a sample, you know where to, and lets wait for Marcos to come online and advise further.

Blackspear.

 

the sample has been sent 4 days ago as I've stated. And there are the top AVs according to many tests and to the number of users having them installed on their PCs. NOD32 is also one of the best but it started to dissapoint me, that's all.

 

I understand, however as has been stated many many times, viruses, trojans and other malware are added on a priority basis, and it has to be this way or you would have the analysts breaking their back over the odd single sample sent to them, instead of keeping focus on the spreading samples and adding the rest as they go...

Cheers

 

yeah...odd single sample..of course....and why others detect it? Their priority should be their users and they seem to be always too slow.
Anyway, I"ll wait for an ESET mod to see what is his oppinion....

 

This is an example of some others that caught something that NOD didn't. That will be the case no matter which program you choose. I've seen similar posts about NOD catching something the others missed.

The bottom line for me is that when I make my list of what I like about NOD versus what I like about the other guys, I'm never tempted to switch. The shear number of both viruses and spyware that NOD stops is truly impressive. But to do so using so little system resources is amazing. I can't say that I would never switch, but it's gonna take one heck of a product to lure me away.

By the way, thanks for pointing out this area for NOD to improve upon. We'll all benefit from you turning in that signature.

 

I agree with you ejr. I also like NOD very much comparing with others, but their reaction time is not so fast always.

 

My blood pressure went up when I analysed this sample. Again, it's something that is not malicious itself and for me it's questionable whether it should be detected, to say the least. When you run it, first, you have to visit 2 sponsors, then it downloads a file detected by NOD32.

 

Thank you Marcos, your analysis is very much appreciated, keep you blood pressure down, and as always keep the detection database as Eset sees fit, we want it clean and mean, not full of crud.

Cheers

 

yes, Marcos! It's no use to have your blood pressure high. AS long as you give no answer to samples submitted like most AVs do, I think it's not too much to know if I'm protected or not. Sorry if that bottered you... and btw, here's the screenshot with the malware picked by NOD32 after clicking all the buttons there and downloading the file.

 

And here's the proof that NOD is very good...sorry for misjudging it. That file extracted is detected by very few AVs, even if the original one was detected by many of them.

 

Pykko,
I know it's good to make sure that ESET are kept on their toes but do you have to bait them so much?

 

I don't understand why scan result in VirusTotal shows that NOD32 doesn't detect it since in previous post we can clearly see evidance that it DOES.

 

Maybe a wrong extension

 

? It still doesn't show in the screenshot.. I'm lost

 

Pykko likes fiddling around samples so maybe he could rename the vcom extention to com and submit it to VT again.

 

Oh yeah I forgot, NOD adds a V to the extension.

 

well, NOD did detect it on my computer and changed the extension to .vcom. That's all. No need to post another screenshot.
But btw, a good antivirus should detect a sample regardless of its extension.

pc-support:
I wouldn't have post it here if I hadn't run it by mistake. And I was curious to see what's all about this file since I got njo answer from ESET. I scanned my PC with Avira which found nothing but I wanted to be sure. And anyway it's obvious I won't post here screenshots about not detected samples. I will submitt them to ESET and it's their business to add it. No need to stress them.

 

I agree that extension should not matter UNLESS the user sets extensions in the exclude list.

But I am getting a little tired of posts that state - "NOD32 didn't detect while some other did". They're so repetitious and useless.

 

This is like with boot sector img files - they are just benign images and are not detected as boot viruses unless you change their extenstion to img.