simple homepage hijacker missed by NOD

that is a simple one an should be caught by NOD... ...but does not. fortunately it is only a homepage hijacker for web browsers

File Name : stPage.exe
File Size : 16384 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 5096414628facf862e974dddbd5f8ea9
SHA1 : 287a451ec965eb4e6cd982c57e67e959ae437f2f

all this shiny new interface for v5 does not help if the detection keeps going down the drain. and cloud does not help with it when being offline. please get the core to improve on the detection rate!

 

See: https://www.wilderssecurity.com/showpost.php?p=1825183&postcount=4

 

I am well aware of how to submit samples - please do not just rush a post for the sake of posting

 

Drop the attitude. I was only trying to help. What's the point of your original post if you don't want Eset to fix it? The purpose of this forum is to receive help with a problem.

 

no attitude here. and I clearly mentioned "please get the core to improve on the detection rate!". as NOD missed such simple malware, which is known in the cloud (a.k.a. public virus detection tools) since a while and could have been picked up.
hence it is not problem with the software but the efficiency, which is not going to improve with sample submission.

there is concern that the surface is getting polished for v5 to achieve a better marketing but the core keeps falling behind in detection, as it has been since v4. this simple malware being missed is just another indicator.

perhaps on another occasion I should also mention that I am literate and know how to make use of the forum search feature...

 

I used ESET by long time but after see version 5 i decided for change for Avira. ESET is light but never innovates in nothing, then no wait version 5 for resolve all problems with malware why no will.

 

To be fair, you should also point out malware that Eset catches that no one else does.

 

that is the job it is being paid for

 

I guess you also didn't look at the latest VB RAP test where NOD32 did very well.
Pointing out that NOD32 missed this or that malware is silly. You should know better.
See: https://www.wilderssecurity.com/showpost.php?p=860087

 

So sorry to hear about your issue but no AVs can detect all the malware.Besides,all AVs have their own PROS and CONS and may you able to mention one perfect av vendor to me?No.Cause non of them are perfect and they are still far from perfect too.I think you should submit the sample to ESET Lab.Your submission will kindly appreciated.Thanks.

 

I guess, Eset NOD lab is doing its best to provide subscribers the best protection that it can offer... but it is not God...mind you, even angels could not protect us all the way from all evils in the world. So the best that we can do is to have several layers of multiple protections.

Eset lab especializes in detecting viruses and your problem mentioned here are something like spyware related, so you know what I mean. Isn't it?

And by the way, do you already have the link of that shiny v5?

 

I don't understand this frustration, especially if it's a trivial startpage VB malware that has been submitted by 3 people (including 1 AV company) from all around the world. Having stronger heuristics for StartPage malware might result in high FP ratio as it is nothing unusual that even legit sw contains code for changing the home page and offers the user to set it by enabling the appropriate option / check box.
Anyways, a detection for this particular file will be added to the next update.

 

don't think there is anything silly pointing to failing parts of a product you bought, one would perhaps do so for a car or facility alarm system, whatever test results being published about that particular product. if you do not the vendor would see no reason to improve the product and the consumer will have to live with the problem forever.

from my perspective it would be silly to sit tight and be happy that a product is failing.

 

https://www.wilderssecurity.com/showthread.php?t=294574

and I do not know what you mean - NOD is not supposed to deal with spyware but viruses only? well, that is being promoted as the products key benefits:

sounds like you are user who is 100% satisfied with the product. I am not, I prefer it to evolve and provide a better protection - as obviously the other side is faster, more flexible and more creative in developing threats

 

is not frustration, is being shocked that such simple piece of code was not detected. startpage hijackers are common since the early days and a possible high FP is kind of lame. but pointed in the right direction - it does not ask by showing option / check box to change the homepage and that separates it from a legit apps.

however the point is not it being a homepage hijacker, it is the simplicity of the code slipping by NOD.

 

It is obvious that there are and will always be certain threats that slip through antivirus protection no matter if heuristics, HIPS, behavior blocker, cloud, etc. is used and continually being improved. This concerns any AV vendor, be it ESET, Microsoft, Kaspersky, Antivir, Avast, Malwarebytes, etc. (even the sample in question was missed by other famous AV vendors).
Every AV vedor strives for providing as best protection as possible and minimizing the gap between a new malware variant is created and detection / recognition is added.

If one finds a new piece of potential malware, we strongly recommend submitting it to ESET per the instructions here. If a malicious nature of the file is confirmed, detection should be added to the next update. Not every suspicious file poses a (high) risk; one should take into account the prevalence (this particular sample was submitted only by 3 people worldwide), the triviality of the sample (e.g. if batch files, autorun.inf or simple scripts are used that can be used in a very similar way by legit applications which prevents vendors from making generic detections without producing more-less serious FPs) and, the last but not the least, the functionality of the sample (even payload downloaded by malware can be corrupted and non-functional or the sample could be a junk data/config file used by malware).

 

As I wrote, a detection was added and will be included in the upcoming update. It is not possible to generically detect every application that changes the home page in prefs.js, in such case we'd detect Firefox as well.

 

Are you serious? You base such a decision on screenshots of a beta product that's not even been released?

 

I could spend all day, every day, at every Anti-Virus forum, complaining about the hundreds of samples that they miss. Many of the samples having only the slightest modification made to them, to break the majority of signatures, both specific and generic.

But that would be a futile waste of time and not tell the AV companies anything that they already don't know.

The days of an AV detecting and protecting a PC from almost everything are long gone.

 

point being - do not use AV as it cannot protect?

 

I didn't say that I'm 100% satisfied with NOD32 but in my experience it could always detects something that others coudn't.

I understand your concern and by what you mean, but I could not solely rely on an Anti-virus program that promises to detects every malwares in cyberspace, especially spywares. Even after running the on-demand antivirus scanner/s my Antispyware scanners will always detects spywares or something that an antivirus misses.

 

I'd say - use security software to minimize the risk of getting infected. One will never reduce the risk to absolute zero under any circumstances.

 

No need for test for see "What is nothing new in version 5" (Parental Control/HIPS and Cloud). The big useless Parental Control, HIPS is a old feature in world and i no need it, Cloud only works with internet connection, the result no will be different of some others products or you think ESET will be agressive now? ESET will always works for 0% of false positives and with it will missed a lot of malwares as you can see in this thread.

 

Before seeing how HIPS/Behavior blocker is implemented. Making decisions about the product may not lead to correct choice IMO...

b/W HIPS is very good and Effective solution to fight with zero day viruses provided if its implemented in a intelligent way to reduce unnecessary pop-ups.

 

Just curious as to when you last used Eset?