nod32 fails to detect virus Heur.Downloader

Discussion in 'ESET NOD32 Antivirus' started by Superman20, Dec 26, 2007.

Thread Status:
Not open for further replies.
  1. Superman20

    Superman20 Registered Member

    Dec 24, 2007
    I previously had nod32 version 3 (build 621) and it started acting wierdly, I noticed that the display at the top of the screen (main menu) i.e. the green part which says nod32 was missing. Also I ran a scan and suprisingly it took only 10 mins to complete (usually 40 mins). I did a clean uninstall (including registry) and reinstalled. However the same problem occured. As a last resort I removed it and installed Kaspersky antivirus 7 and ran a complete system scan. The scan yielded 3 trojans which were supposedly removed by nod32 and also 2 new threats (not previously detected by nod32):

    virus Heur.Downloader (detected in C:\System Volume Information\_restore{CCCDEC69-6F0A-4A1F-93EF-1FB499906871}\RP260\A0057110.exe). (deteded in C:\System Volume Information\_restore{CCCDEC69-6F0A-4A1F-93EF-1FB499906871}\RP250\A0056198.exe/AutoPlay/autorun.cdd)

    I would be grateful if the above threats could be added to the virus definitions
    Last edited: Dec 26, 2007

    THE_BAD_BOY Registered Member

    Nov 15, 2007
    Hello those treats are on system restore .. please turn off system restore then restart your pc when pc start back again turn on system restore then run a fuu system scan again with Ess/EAV
  3. cupez80

    cupez80 Registered Member

    Jun 28, 2005
    Surabaya Indonesia
    Every AV will missed malware sometimes. You could send samples to samples[at] :D
  4. ASpace

    ASpace Guest

    If the above was everything that Kaspersky detected , it was harmless unless you use System Restore or Eset Antivirus has already killed them (in SR it was just a copy)
  5. Marcos

    Marcos Eset Staff Account

    Nov 22, 2002
    Remember that it was detected heuristically so there's a bigger chance it could be a false positive. The best would be if you could compress the file, protect the archive with the password "infected" and send it to samples[at] for analysis.
Thread Status:
Not open for further replies.