Troj Ares.10 not found with NOD32?

Hi,

I am a trial user of NOD32. I thought it was the best, which of course is what I want.

I ran an online virus scanner (suggested by MS) and Housecall.antivirus.com found Troj Ares.10 on my d: drive, but NOD32 didn't.

Is this a false positive? I then went to several other sites, PandaSoftware.com, RAVAntivirus.com, and ran there on line virus just for that area. They all say it's not infected.

What am I to believe? None of the sites I went to even heard of Troj Ares.10. So......I still wonder whether I should still buy NOD32? Or, is HouseCall giving me a false?

Thanks for any help, Carol

 

Carol - Can you find the file that HouseCall found and submit it to Kaspersky? Here:

http://www.kaspersky.com/remoteviruschk.html

Also, you could submit it to NOD for closer examination:

samples@eset.com

Being as it's the holiday season, give Eset at least a week to respond (the Kaspersky results should get back to you a lot sooner). Pete

 

Hi Pete,

Thank you so much for your quick reply.

Unfortunately for me, I allowed HouseCall to delete the file. I had not restarted yet so I tried to get it from the trash but apparently it made sure it was completely gone. Dang me anyway.

Surprisingly, I ran a check using Norton Online, and it said the file was fine, and instead found another virus in the same directory. I deleted that one as well, I figured I might as well get rid of it.

Thank you for you help, I think my real question is,

Is NOD32 worth buying if it can't locate a virus (as supposedly happened?) MS says if I"m already infected, no AV can help me, only an online one, as they have updated files. If that's true, then really one needs BOTH an antivirus online and on one's computer.

Which leads to the next question .... is Kapersky better, if they have better response times?

Thanks for any suggestions !

Carol

 

Hi Deer

First of all, 'tis highly probable that Nod did not detect the infection, but there's one point you must not forget: the file was a TROJAN, not a virus/worm: its purpose is to give hackers access 2 your system's data, not destroy the data. So a firewall with decent outbound protection (LnS, ZA, ...) will be able to contain it.

Nod32 does not specialise in Trojan, it was not designed for that, though it has a few trojan signatures in its base.

On the other hand, ANY AV, even an older one such as Kaspersky, which comprises many more trojan signatures, does not have trojan heuristics, and is thus not able to detect unknown trojans. Such a job should be left to an appropriate AT...

On the other hand, Nod has (according to VB100 documents) often proven itself MORE than a match for its rivals when it comes to detecting known/unknown virii (all types).

The Eset guys will probably include this new trojan in the future signatures, but don't forget that there are much more urgent matters they should attend to first, namely including features that Nod32 is supposed to have but is still missing, such as the ability to scan into runtime packers and self-extracting archives.
Another good idea would be to give Nod32 the possibility to scan according to file's header (true type), and not its extension - Dr Web, if I recall correctly, has this feature.

But nevertheless, despite its (hopefully momentary) lack of extra features, Nod32 does it main job - detecting virii/worms - and does it extremely well, so I'd advise U to stick to it and complete it with a good AT (such as Trojan Hunter, there's a free version that can be downloaded, as for Nod32 ) and a good FW

 

Hello deerfern

Do you happen to have a game called "RETURN OF THE STAINLESS STEEL RAT" or "ARES RISING" or a downloaded cheat code for a game on your computer? Just asking because the first game mentioned has a file or notation in it called "Ares.10".

Hope this may help but perhaps we are on the wrong track.

Best wishes

 

Kaspersky have trojan heuristics,Include to take off the hull ability to the trojan

 

Negative, KAV does NOT have trojan heuristics, no more than any other AV for that matter. KAV can detect more new trojans than other AVs because the definitions base is updated very quickly, that's all. But it can't detect UNKNOWN trojans - otherwise they would be shouting all over the Web about it, and on their own homepage to start with - and the price of the product would go rocketing sky-high...

 

Yes, my mistake,But, TRO renewal method primarily is to add the hull on the original foundation,the AVP takes off the hull ability is very praiseworthy,An one of the reason for too is AVP can discovering new trojans

 

So you do concur that no AV (to this day) can tackle unknown trojans.

But what do you mean by 'hull ability'??

 

This is we Chinese way of speaking ^.^

 

OK I admire the superior wisdom, Master

But this doesn't answer my question - what do U mean by 'hull ability' of a trojan?

 

The "trojans hull" that I say, Generally is to divide of to a procedure for encrypting to the troj.

"Take off the hull ability"Is an analytical and unchain skill to say that AV encrypt the procedure to the trojans