I thought NOD 32 detected everything but

Well I've got NOD32 (licenced) installed thinking I will be fairly safe. But it has not detected a virus called W32.Gaobot.BIA. I've checked the NOD32.com site to see if the virus is listed there and it was not. Does anybody know anything about this because, when I was away my little brother used the computer and dowloaded something which chaged the dial up properties to dial some number in overseas. I probably will recieve a huge phone bill and very upset with NOD32 for making me believe that it will detect anything.

 

No antivirus will detect everything, it takes safe computing also.

bigc

 

As far as I can see Eset call it Agobot, and they have been detecting all its variants for quite some time: http://www.nod32.com/support/info.htm

Are you using the latest version of Nod32 - 2.12.3?

Do you have Nod32 tweaked to the maximum, as in the settings found here: https://www.wilderssecurity.com/showthread.php?t=37509

Cheers

 

bbektas, how do you know that you have "W32.Gaobot.BIA"? if you do have something that is not detected by nod32, you should submit the sample to samples@nod32.com ..

to submit a sample, you should zip the file, and password-protect the zipped file using the password "infected"..

here is a writeup for "w32.gaobot.bia":

http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.bia.html

 

From time to time I check out the online malware detection site:

http://virusscan.jotti.dhs.org/

No product catches all of the viruses. But my own unscientific sampling seems to suggest that NOD32 plus KAV pretty much catch everything. I use them both - especially when I need some verification. Have you verified the virus on virusscan?

Rich

 

Have you submitted your sample to NOD?

 

The only antivirus to detect all Agobots are Kaspersky and BitDefender.
Many packers supported and generic signatures do the trick. There are some isolated samples not covered by this generic signature,but these are covered seperatelly.
And as someone before me explaind...
you cannot expect all AVs to detect anything you throw at them.

 

Driving the safest vehicle that $ can buy AIN'T gonna prevent a collision if you drive like a maniac. You are correct when you said that "I will be fairly safe" with NOD32. Take responsibility for your action. Teach the kid how to use the internet. Or better yet, keep him OFF your PC.

 

I've just submitted another win32/agobot variant from a clients laptop to the lab for testing. NOD picks it up as a 'probably unknown NewHeur_PE virus' but only when the settings are maxed out.

In researching it I fount this site that may be of help or interest.
http://www.sophos.com/virusinfo/analyses/w32rbota.html

References to backdoor access permitting just about anything, so I'm not suprised to find dialup numbers changes, or any other thing with this particular variant running from a file called 'wuamgrd.exe'.

 

That's why it's important to enable the Advanced heuristics, Potentially dangerous applications and Runtime packers options in the on-demand scanner setup. If the trojan was downloaded from the web, IMON would have certainly intercepted it before it could get to the disk provided the client had NOD32 installed and the HTTP scanner in IMON enabled.

 

I don't know where you are from.. But in Germany just don't pay that part of the phone bill.... None of those a*****es will make yu trouble when you dont pay their bill... Cause I highly think it is illegal to install software without your permission.. and even more illegal to connect to any expensive phone number.

Which doesn't mean you should be still carefull with what you are downloading

 

except it's not the a*****es who will bill you, it is your telcom.

 

If that's the case, then why aren't these settings default?

 

I believe it's due to compatability issues with the various software on different computers.

Neil