NOD 32 VS Smitfraud?

Just curious as to how affective is Nod 32 against smitfraud-ebay whatever? Which is a hybrid Trojan, malware, spyware , Phishing etc. I figured Norton AV 2007 W/ Norton Firewall along W/Ad-aware 2006 Pro should of been enough but guess not.

I had a date with Smitfraud 3 weeks ago and found myself reformatting because the patches that claimed to remove it didnt, and I also found 1k racked up on my credit card (Thanks for the great protection Norton).

So anyway has there been tests done on this specific hybrid virus? And can NOD 32 handle this nasty thing?

Thanks,

TSP

p.s.I am using my 30 day trial.

 

I have never heard of that threat - but I hope you don't run across W32.SpyBot.Worm. I know for a fact that NOD32 can't pick that one up.

I spent hours cleaning up the mess on our network yesterday. Granted Norton Corp picked up the threat, it only did so with the latest definitions from that very day, and the worm was still screwing the Norton installation up.

I haven't come across any product that can detect everything. Even though the threat was very apparent, it was still not detected by a few products I used to try and remove it.

 

Codpet just hope smithfraud aka smitfraud does not get on your network. I do not want to even imagine what that thing could do on a network. It is not very common, however after doing research on it I had found it to be one of the worst.

 

I've run across Smitfraud many times (on clients PCs...not mine)...it's a very aggressive malware that constantly changes. Many variants of it..Spyfalcon, Spysheriff, etc etc. I've not seen any antivirus program that can remove it...I've always resorted to the special removal tools you can easily find for this infection at BleepingComputer, along with some other tools I commonly use such as the TCP/Winsock repair utility, manual cleaning, Spybot S&D, SuperAntispyware, etc. I've seen some variants of this bugger make it onto computers that have NOD32 installed also..regardless of settings.

 

And as everything on that planet , even these tools aren't perfect. Once in December last year , I used all the tools + AutoRuns + scan with Spybot S&D and Ad-Aware and even after that NOD found six more files that belonged to the malware

 

6x that it didn't find in the beginning?

 

Hi All,

In one of my PC's I had smitfaud-c, detected but not cleaned by Spybot S&D, but not detected at all by NOD32.
Another incident was a bt848rom.dll-a variant of Win32/Spy Goldun.GU trojan which was starting all services, including NOD32. Detected but not cleaned by NOD32

Both incidents reported. No reply received.

Today, another user called me that when he uses his USB at home, his McAfee detects that it is infected with a trojan. Upon checking the PC, it has the latest updates for NOD32, did an indepth scan and it found nothing. Further investigation showed the trojan is songs.exe, maybe a renamed my documents.exe, possible brontok variant? I manually deleted the file, edited registry etc. Submitted the file to Eset, hoepfully I get a reply.

 

Hi jayps, welcome top Wilders.

Please read this thread on dealing with infected systems and file submission.

Blackspear.

 

But that thread says nothing about Brontok. A client of mine brought his NOD32-protected laptop over last weekend, because it was playing up. It turned out he had acquired Brontok recently, and it had got by NOD32's defences.

I've seen Spybot Search and Destroy find instances of SmitFraud and freeze up trying to remove them. Repeated reboots and rescans eventually break SmitFraud into submission, but you have to be patient. S&D often appears stuck, when, in fact, it is busy cutting out crud from your forest.

Perhaps, you ought to be thinking of making NOD32 less signature-dependent. I have never got infected by trojans or viruses while running MJ Registry Watcher - it always spots anything trying to set itself to auto-run. Couple that with an anti-rootkit program like Sophos' offering, and S&D, I run very clean systems wherever I go.

 

It does, if your system is infected after running scans with NOD32, then run the tools mentioned and email support.

Blackspear.

PS. if you are still having update issues, send me a PM.

 

Ugh..I just had a new variant of Smitfraud sneak into a lappy that was running NOD last week. Smitty is a nasty one.

 

Thanks Blackspear.

I actually sent it the infected file via the web today and to my vendor via email. It is very strange that their NOD32 detected the malware while mine didnt.

From vendor email:
***********************
A virus (TROJ_VB.CBJ) was detected in the file (SONGS.rar/SONGS.exe). Action taken = remove
***********-***********
__________ NOD32 2405 (20070718 ) Information __________

This message was checked by NOD32 antivirus system.
http://www.eset.com
My NOD32 version across my clients:
NOD32 antivirus system information
Virus signature database version: 2406 (20070719)
Dated: Thursday, July 19, 2007
Virus signature database build: 10349

Information on other scanner support parts
Advanced heuristics module version: 1.064 (20070717)
Advanced heuristics module build: 1163
Internet filter version: 1.002 (20040708 )
Internet filter build: 1013
Archive support module version: 1.055 (20070712)
Archive support module build version: 1192


Then I saved the file to c:\temp\virus\ and made NOD32 scan the folder. I got this:
Scan performed at: 07/19/2007 18:33:17 PM
Date: 19.7.2007 Time: 18:33:29
Anti-Stealth technology is enabled.
Scanned disks, folders and files: c:\temp\virus\
c:\temp\virus\SONGS.rar »RAR »SONGS.exe - is OK
Number of scanned files: 1
Number of threats found: 0
Time of completion: 18:33:29 Total scanning time: 0 sec (00:00:00)


I'll try to do whats posted in the link tomorrow.