NOD32 don't know a worm - ESET don't react?!

Whissi,

Your samples were added to virus database 1.1094.
It's only past 24 hours.
Eset Team is very fast.

Best Regards,

DonKid.

 

I agree with you. Unfortunately, there are people I run into who refuse to do any of this. They will run two antivirus programs simulataneously... both of them from 1999 (with subscriptions that expired in 2000), go clicking every single popup ad they can find, and download every worthless piece of garbage they can find.

For these people, it is essential that the AV program detect as much as possible, because they are not going to avoid the viruses themselves. Even if you tell this to the computer owner, there is a good possibility that it will go in one ear and out the other. Even if they do listen, there is a pretty good chance their family members or friends will muck things up for them.

Now, I am not going to weigh in on the relative importance of this particular worm, because I really do not know enough about it, nor do I know anything about the other viruses that have been submitted to Eset. I am going to stay neutral in this regard, but I will have to trust that the people at Eset know what they are doing.

**edit***
Just saw DonKid's post above. Nice work, Eset!

 

Well, first of all: Thanks to ESET

And the second:

1) I don't think ESET or any other antivirus company is able to legitimate themselves with saying:

At least I hope, that it is the aim, to protect the customer and NOT to be only faster than other anti virus scanners are.

2) If you agree or not, it is a fact, that many other av companies have detected this virus at least ~24-48h before ESET has found it. So you have lost THIS competition.

Well, as I said many times before, I noticed and I am very thankfull that ESET and NOD32 is a great product. Since this virus, I didn't find any others, which wasn't detected. Quite contrary to other products - NOD32 detected news threats with heuristic scanner before other companiws ever know about it... - but in this case, NOD32 has lost the game the first time. I hope ESET will take this as an incitation and everything is fine

Thanks again ;-)

 

Yes, I do expect them to react. But the reason I use NOD32 instead of Nortons or many of the other major AV vendors, is that I want my AV Vendor to react in a logical fashion. I don't need protection for instance from things that only exists in a lab somewhere or won't alter or damage my systems. I don't need my systems loaded down like that.

And.... I actually anticipate that the backup will fail. That's why I have layered lines of protection. I expect that anyone of them alone will fail, but that the chances of all of them failing are remote.

Well Trained Users
Fully updated Systems. (And not just Windows updates.)
Fully locked down systems. (MBSA helps with this.)
NAT Router
Software FireWall
NOD32
MS AntiSpyware

And even then I double check everything once in a while with one of the online scanners like Panda or Nortons, check for open ports over at GRC and will snoop around a bit with HiJackThis.

 

And thank you for submitting it..that helps all the user.

 

Maybe the others won a small battle on a yard with a non-functional trojan downloader, but luckily NOD32's heuristics beats the others when it comes to dangerous worms, trojans, backdoors and other nasties at the event they come into the world.

 

In THIS case it didn't beat anyone, so what the hell are you trying to say here

 

I do remember that during the recent Sober outbreaks, the big guys who released updates first (Symantec, Trend, possibly McAfee), didn't even do a complete analysis of one variant of Sober.......

At least Eset gives a complete cure for samples it does miss, even if it takes some time. I want a good cure, not just my AV telling me that I have malware and I can do nothing about it except delete the infected file without registry disinfection!

NOD32 does a very good job at removing registry entries, BHOs and other things left by malware, and a lot of other AV's do not do as good a job.

 

Just what he wrote..it was non fuctional to the point it would not even pull off the second part of the exploit..but since it could have, it was included..only Whissi knows what happened to Troj/Dloader-NC portion.

Or did not you understand the entrie thread ?

 

One trojan (especially a non-functional one) is hardly anything by which to judge an AV.. although they did still add detection promptly. You can't expect any AV to detect 100% of all malware, though.. that's the nature of signature based security apps. You should really have at least a few more layers of defense, user education being one of them. Nothing is 100%, to expect otherwise is lunacy (or at least heavy naïveté.)

If you can't trust who sits at your computer, they should only be running under a very limited user account, at the very least. Anyone that sits at my computer knows better than to just click on everything with complete abandon, just as they know better than to come into my house and start breaking the furniture. If you're that worried about it, get an anti-trojan program and at least one behavior blocker. See the rest of the forum, there are plenty of good programs to supplement your anti-virus and firewall.

 

Once again, these are not my computers I am talking about! These are computers of friends, relatives, and acquaintences. Asking them to do any sort of maintenance on their computers is truly hopeless. Even clicking the Windows Update button is too much for them to do. The best behavior blocker for them is something like Knoppix, which runs off a CD and cannot be changed.

And yes, they will destroy my furniture if I invite them into my house.