NOD 32 v.4 completly missed a virus..

[MichaelG]

NOD 32 v.4 completely missed a virus..

Well its managed to miss Global.exe completely which arrived on a customers flash stick.. I now have a computer thats infected up to the eyeballs and now nod 32 has decided to clean all exe files on the said pc... after infection what use is that ??

what a mess, ive never had a problem with older versions of this software.. this is going into the bin if i have to reformat the drive.


regards

Michael

[Marcos]

Every AV program misses threats, that's a matter of fact. There's no solution that would detect 100% of all threats. Refere here for instructions how to submit unrecognized suspicious files to ESET for analysis.

As for formatting, it's not inevitable when malware is found running on a computer. Simply remove it either with assistence of ESET's customer care people or using free tools that are available on the Internet.

[Eagle Creek]

Hi Michael,

I run NOD32 at my laptop and I got a infected USBstick from a colleague. My NOD32 detected this and prevented my laptop from getting infected.
Later I scanned the file with Kaspersky at home and it didn't find anything. In fact, when I uploaded it at Virustotal only 50% of the scanners found the virus, altough it really was one (I tested in a VM).

Like Marcos said; every scanner will miss a threat now and then. This time it was NOD32, previous time it was my Kaspersky.

[MichaelG]

yes nod32 cleans usb autorun files quite well..

Marcos: Nod32 is supposed to catch all known threats and Global.exe isnt exacly a new threat..

But its not supposed to miss a well know virus like Global.exe and it decided to try and clean after its connected to the internet and downloaded a load of other infected exes... i had to reformat the drive every time it found an association with Global.exe and its many addons it removed them but the infection replaced itself instantly leaving me with nod32 just going into a loop.... even in safe mode... every program exe file on the pc became infected according to nod32..

in the bin it goes and paypal to Kaspersky

[funkydude]

How are you quoting a filename as a popular virus? A virus can have any filename under the sun, and nod32 detects all viruses in the wild.

[Marcos]

Global.exe can be anything from adware to a file infecting virus. A file name does not tell anything about what kind of malware it is.

[kriebly]

Quote:

Originally Posted by MichaelG

NOD 32 v.4 completely missed a virus..

Well its managed to miss Global.exe completely which arrived on a customers flash stick..

Michael, is autorun still enabled on your system? If so, be sure to disable it. For xp:

http://antivirus.about.com/od/securi...ht/autorun.htm

For Vista:

http://antivirus.about.com/od/securi...ta_autorun.htm

[Echofig]

You should check you advanced settings. You are able to disable real-time file system protection from Removable media.

[steve1955]

NOD 32 v.4 completely missed a virus..
Is that worse than just "missed a virus":-I would have thought they were both the same!every AV misses things from time to time,its a fact of life and something we've all got to live with!

[SternMan]

Yesterday sent to the laboratory file
~VirusTotal link removed per forum Policy.~
, no response so far.

Help, all system is infected with them

[berryracer]

have you applied the blackspear settings dude?

[Marcos]

Blackspear's settings are not recommended. Default settings provide best balance between protection and performance.

[Marcos]

Quote:

Originally Posted by SternMan

Yesterday sent to the laboratory file

Did you actually send it to samples[at]eset.com per the instructions here?

Disabling Autorun is kind of a drastic action much like disabling vbs association back in the day when vbs worms spread.. A sound software restriction policy, non administrator rights, and NOD32 have proven to be very effective against autorun attacks. I am very happy with the detection rates, and prevention I see.. Only thing that has really got past is fake AVs which NOD32 added to their detection list in 48 hours after I submitted..

[kriebly]

Quote:

Originally Posted by bradtech

Disabling Autorun is kind of a drastic action much like disabling vbs association back in the day when vbs worms spread..

How so? Is having to double-click on a program on the CD-ROM or USB-stick significantly harder than having the program Start menu pop up automatically?

Apple for its part had ditched autorun by the time OSX came out.

Quote:

A sound software restriction policy, non administrator rights, and NOD32 have proven to be very effective against autorun attacks.

I don't doubt that, but aren't the first two items you listed more complicated for the average user to implement than turning off autorun?

[Eagle Creek]

Not sure if you could call Disabling Autorun drastic. I don't like it very much either, but it seems the best advice at the moment. Microsoft even has made several changes in Windows 7 causing USB not to autorun anymore, by default.

It's always usability vs security..

[lumpeh]

I personally wouldn't have a desktop that has USB sticks going into it from unknown sources, running as admin

[piranha]

Quote:

Originally Posted by Marcos

Blackspear's settings are not recommended. Default settings provide best balance between protection and performance.

BS tutorial (and settings included) is sticky, it looks very much like as recommended, may be you should add a warning