|
|
#1
November 12th, 2007, 08:37 AM
|
|||
|
|||
Win32.Virtob.2.Gen
It seems that Nod32 v2.7x & v3.0x did not detected this virus. It's not even in Nod32 database... ;( BitDefender and Norton AV saw the virus and sent it to quarantine. So, what's going on guys?
3 days ago i got infected by this $#%#ing virus and I was "forced" to re-install Windows XP again. NOD32 guys, please do something about! |
|
#2
November 12th, 2007, 09:37 AM
|
||||
|
||||
Re: Win32.Virtob.2.Gen
oh man it's virut
a exe infector
__________________
Malwarebytes Anti-Malware v1.70.0.1100 Eset Smart Security v6.0.308.0 SUPERAntiSpyware Professional v5.6 Window 7 Service Pack 1 x86 Eset Beta Tester |
|
#3
November 12th, 2007, 10:18 AM
|
||||
|
||||
|
Re: Win32.Virtob.2.Gen
please update you nod32 to letest 2653
if virus still not detected upload some infected exe files to http://www.eset.com/threat-center/up/submit.htm eset will add it's detection and disinfection |
|
#4
November 12th, 2007, 11:30 AM
|
|||
|
|||
|
Re: Win32.Virtob.2.Gen
Quote:
Always image your drive when its all complete and you're happy with it. Saves stress and tears every time. |
|
#5
November 12th, 2007, 03:09 PM
|
||||
|
||||
|
Re: Win32.Virtob.2.Gen
Quote:
I know this is OT but what do you use to image your drive and how do you restore on XP SP2?? |
|
#6
November 13th, 2007, 01:10 AM
|
|||
|
|||
|
Re: Win32.Virtob.2.Gen
Imagine that: 2 days before the infection I've made a partition backup (the entire partition) and it saved me... but this is not a solution. Nod32 must update their database ASAP. I have sent this file for analisys to NOD32 support center but nothing ;( They didn't reply to my problem. That is very sad and anoying also.
This virus infected not only the .EXE files but .DLL files also. IT WAS A $#%$ing nightmare!!! |
|
#8
November 13th, 2007, 02:17 AM
|
|||
|
|||
|
Re: Win32.Virtob.2.Gen
A friend of mine sent me a CD with a application. It seems that one .exe file was infected, but what was more strange is that nod32 was unable to "see" this file on scanning. It was totally "blind"...
|
|
#11
November 13th, 2007, 05:50 AM
|
|||
|
|||
|
Re: Win32.Virtob.2.Gen
Hmm... The last 48hrs, my rig was infected ( i don't even suspect anything) with "trojan.ntRootkit.211". Only after 18hrs later did my VBA detected it... that was 12.Nov.2007 (yesterday, right after coldboot).
VBA did a good job of 'deleting' it, leaving original files untouched.... darn, i was almost stressed out worrying all my new compilations gonna be wiped out, when VBA's counter started rolling!  I once disinfect someone's ThinkPad for a record of 600+ "infections" ... using a BidDefender v6.0 It took me 3 days & with a lot of help from Sabina_C of BD (hence i always had high respect on them BD folks) to finish the job... whew  |
|
#12
November 13th, 2007, 06:07 AM
|
|||
|
|||
|
Re: Win32.Virtob.2.Gen
Quote:
Are you positive that it was an actual threat? I've found one dll detected under that name which is part of the Nullsoft installer: AhnLab-V3 2007.11.13.1 2007.11.13 - AntiVir 7.6.0.34 2007.11.13 - Authentium 4.93.8 2007.11.13 - Avast 4.7.1074.0 2007.11.12 Win32:HideProc-E AVG 7.5.0.503 2007.11.12 - BitDefender 7.2 2007.11.13 - CAT-QuickHeal 9.00 2007.11.12 - ClamAV 0.91.2 2007.11.13 - DrWeb 4.44.0.09170 2007.11.13 Trojan.NtRootKit.211 eSafe 7.0.15.0 2007.11.08 - eTrust-Vet 31.2.5291 2007.11.13 - Ewido 4.0 2007.11.12 - FileAdvisor 1 2007.11.13 - Fortinet 3.11.0.0 2007.10.19 - F-Prot 4.4.2.54 2007.11.13 - F-Secure 6.70.13030.0 2007.11.13 - Ikarus T3.1.1.12 2007.11.13 Virus.Win32.HideProc.E Kaspersky 7.0.0.125 2007.11.13 - McAfee 5161 2007.11.12 W32/HideProc!sys Microsoft 1.3007 2007.11.12 - NOD32v2 2655 2007.11.13 - Norman 5.80.02 2007.11.13 - Panda 9.0.0.4 2007.11.13 - Prevx1 V2 2007.11.13 Heuristic: Suspicious File With Covert Attributes Rising 20.18.11.00 2007.11.13 - Sophos 4.23.0 2007.11.13 - Sunbelt 2.2.907.0 2007.11.13 - Symantec 10 2007.11.13 - TheHacker 6.2.9.124 2007.11.13 - VBA32 3.12.2.4 2007.11.11 suspected of Embedded.Trojan-Clicker.Win32.VB.qj VirusBuster 4.3.26:9 2007.11.12 - Webwasher-Gateway 6.0.1 2007.11.13 - |
|
#13
November 13th, 2007, 02:35 PM
|
|||
|
|||
|
Re: Win32.Virtob.2.Gen
I am currently evaluating NOD32 3 and will have to make my mind up about which version to go with when my evaluation period runs out. I see here that a virus or two wasn't detected by version 3. Would that have been the case for Version 2.7, or are the virus databases or detection processes different between the versions?
I have used Symantec for years and never had an infection it didn't find and fix. I am wanting to change from Symantec because it hogs system resources and takes up so much disk space. NOD32 is much better in those respects. But, I don't want to give up protection to get those benefits. marcos - In your previous post you have a list of what appears to be many antivirus programs. Only a few have a virus name after them. Does that list mean you ran a test of the virus in question and only those few detected that virus? If that is the case, is it normal that most antivirus programs will miss a virus or two from time-to-time? |
|
#14
November 13th, 2007, 02:42 PM
|
|||
|
|||
|
Re: Win32.Virtob.2.Gen
Quote:
Colors say it best.  Quote:
What Marcos posted was a scan result from Virus Total but it shows these AVs are flagging a non-virus sample as threat (a.k.a False positive detection) . The particular dll Marcos showed the results of is not infected . Quote:
Yes . People make antiviruses and humans make mistakes from time to time . |
|
#15
November 13th, 2007, 03:06 PM
|
|||
|
|||
|
Re: Win32.Virtob.2.Gen
Quote:
Put another way, in 10 years of using Symantec I have only had a few viruses detected and they were cleaned or quarantined. I have never had a problem caused by a virus infection that slipped past Symantec. True, some viruses may have indeed slipped past, but I never have had a problem manifest itself because of a virus. I do use the web heavily and download music and utilities as needed, do the opportunity certainly was there. So, from a user standpoint, Symantec protected me from virus problems. Quote:
As a new participant to this forum, I was not aware of Virus Total. I searched for that term and found the website. I did not understand that marcos was showing false positives. Thanks for clarifying that. Quote:
That certainly is true. But with the many choices available, even between NOD32 2.7 or 3.0, I want to choose the best protection. I have read a lot of good things about NOD32, but the issues that have come up in this forum about 3.0 are making me wonder if I should go with 2.7, or even look at other antivirus programs. Are there compelling reasons to go with NOD32? I am open to suggestions. |
|
#16
November 13th, 2007, 03:46 PM
|
|||
|
|||
|
Re: Win32.Virtob.2.Gen
Quote:
The new version 3 does work well on some machines so you must first try it to see if you are one of those who run it flawlessly. For the rest of us , who have small problems , version 2 has been protecting us since 2003 pretty well and will continue working for long. I should not tell you "compelling reasons" , you'd better find them yourself . |
|
#17
November 13th, 2007, 05:28 PM
|
|||
|
|||
|
Re: Win32.Virtob.2.Gen
Quote:
I am running version 3 and only have problems with some web pages not loading. My evaluation copy is the .551 version. I need to find out how I can upgrade that to the latest version to see if it will fix the web page issue, while still maintaining my evaluation period intact. I am a bit curious about your comment to find my own compelling reasons for choosing NOD32. I had thought that NOD32 users through this forum would provide compelling reasons for why they had chosen NOD32. I am sure that other NOD32 users do not feel the way you do and will provide me with those testimonials. |
|
#18
November 14th, 2007, 03:31 AM
|
|||
|
|||
|
Re: Win32.Virtob.2.Gen
Quote:
Sorry for the late reply, 'marcos'... VBA did indicate 'trojan.ntRootkit.211' & it was sourced from a folder that i've tranfereds from an 8gb flashDR. Which in turn was first detected by KAV_7 (i-Swift off) that i maintained on another rig. The flashDR was left overnight attached to that rig - powered off. It made a real mess of that rig thou!! Am still dazed by this particular infection. KAV_7 detected it as a 'VB' type (in my recollections) infection but wasn't able to eliminate completely due to numerous counts in successions! In haste, I pulled off the flashDR and tranfered it to my other rig that was covered by VBA32. When detected, i do suspect that the original 'VB' infections has morphed. VBA was indicating strings of 'trojan.ntRootkit.211' pests. The messed up rig should have its log files intact, but i haven't dissect the system files yet. I do have 1 quarantined... and i may have it for verification before the day was out. -------------------------- EDIT: addendum Last edited by clambermatic : November 14th, 2007 at 03:39 AM. |
|
#20
November 17th, 2007, 05:23 AM
|
|||
|
|||
|
Re: Win32.Virtob.2.Gen
Quote:
'marcoS' ... i'll get back to you on that particularly infected file.  |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
'hope is allright...
