Update 3096 and Win32/Adware.SpyBurner

I was just playing with NOD32 detection and found that signature level 3096 has detection for SpyBurner.

Since I'm testing NOD32 to see if it suits my needs, I decided to go the the site where SpyBurner is distributed from (just add www. to the front and .com to the end of the name).



What happened was a bit disappointing. I went over to the SpyBurner site, downloaded the application. Scanned the installer - nothing. Not a peep out of NOD32.





My Signature level:

 

Basicly we do not detect the whole installers. It's not a secret that the business with rogue antispyware produces profits to their authors thanks to human's naivity and for them it's worth hiring underground coders to make their "products" undetectable. Access to the site will be blocked soon.

 

Hi Marcos
Thanks for clearing that up, previously I noticed that other 'Malwares' were filtered out by NOD32 at site access or installer download. Appreciate you looking into it. Thanks again.

 

I think eset really need to get on top of this. This threat was picked up by Panda & Kaspersky's AVP Tool and not NOD32 with the latest signatures.

 

A nonsensical post zer0l0gic. You went looking for trouble and found it. Marcos could put up posts of his own where NOD finds stuff others don't, but thats not his style. Kaspersky is a good product by the way so if you decide it suits your needs better then go with it.

 

What's so nonsensical about it?? Judging by the way you talk, I suppose Nod32 is only useful as long as viruses don't appear! Whenever a user gets infected it's their fault... Nod32 is perfect and blameless.

I really think there's something seriously wrong at Eset. Whenever people point out that their product doesn't detect something, they serve up a bunch of excuses instead of fixing the problem. Eset, why don't you serve your paying customers' best interests, instead of your own pride?

 

jdenton NOD V3 is definitly not perfect. I didn't switch to V3 until the latest build 3.0.650.0. And the reasons given for a non detection are similar on every Av product forum including the ones your a fan of. If you want to find something that will give your chosen product a problem, you can. By the way nice Avatar. I've also suggested Dr. Web to friends who couldn't run NOD for one reason or another.

 

That's also where the difference is. The experts of those companies will listen and pay attention when a problem is found, instead of give the user mumbo-jumbo and then leave the problem unsolved.

Thanks for the compliments about the avatar. I grabbed it off some website, too bad I can't remember which one. You're welcome to take it if you like it LOL. I'm trying a load of antivirus trials now until AVG releases its next version because of a few problems bugging me. I'd like to try Nod32 too, but the attitude of the staff here don't really inspire confidence. Sure you can always find flaws if you look hard enough. That's not the issue. The issue is how the company reacts when a problem is found. Let's see how Eset reacts to this one.

 

The Avatar looks like a Dr.Web one so thats why I made the comment. Eset staff have been pretty good regarding my inquries at least so thats one of the reasons why they get my money. I check out Esets competition from time to time and find posters who have the same complaints on other Av product forums.

 

I see Panda and Kaspersky detect the installer itself . ESET do have detection about the software's executables so if you try to install this rogue AV , its files will get detected/deleted upon create and after that they can be removed by EAV .

Which means they will add the site distributor in the list of sites with known malicious content and users will not even be able to access the site and download this program .

 

Thanks everyone for your help.

I think I should look elsewhere for my AntiVirus.

 

@ zer0l0gic


What worries you ? You are worried because NOD32 doesn't detect that small installer ? The installer itself won't harm your machine
What is inside it can be nasty and this is what is indeed detected

 

Good luck on your choice of AVG. I know a lot of people that use it.

 

If a particular version of a fraud tool (rogue antispyware) is detected by an on-demand scanner doesn't mean much. The authors often modify the code to evade detection and for this reason the AV programs have to use other techniques to prevent this kind of software from being installed.

I have collected several rogue antispyware programs which are deteced only by 1 AV. If one encounters that file what should he do? Should he ditch the AV program he uses and install the one that detected it? But what if the new AV program misses other malware that would otherwise be detected by the AV he just ditched? Bear in mind that the best prevention is using common sense and avoiding downloading suspicious programs.

 

Thankyou Marcos. I think I now understand. I might have panicked a little.
I also just checked Eset's VB100 Rate and I'm very impressed. I got a license for NOD32. And also a license of AVG. I have two computers. Thankyou for your help.

 

Win32/Adware.SpyBurner