WARNING!!!

Hello!. I've been using NOD32 for years without any problem, but today I noticed something weird that migth be translated as DANGER.

I like testing virus on NOD32!, it's something I enjoy heaps and no virus was able to pass thru. (I'm not a hacker or someone related to programming, just a curious amateur).

There's a trojan virus called Optix Pro 1.3 which NOD32 v2 Beta5 was able to detect from the update v1.416 (20030523) but now it won't!. I was making a virus scan on my comp, when the scan was done, I expected to find the Optix Pro 1.3 files there as usual but nothing showed up.

I quickly got to that folder (Optix Pro 1.3's) and manually scanned the stuff, one by one and....nothing again. Finally I scanned the file where Optix Pro 1.3 was compressed into, a zip file, the original file downloaded from the site of it's developers and....same thing, no virus was found, even when it used to detect the client as well as the server of course.

But I didn't stop there and called a friend of mine who's actually the person who told me about NOD32 to ask him to try the same thing and.....once again, it couldn't detect the virus.

I'm using NOD32 v2 (no beta, the current NOD32 v2)with the lastest virus database update, my friend does too. I'm running Windows ME, if that matters whatsoever and as I said a few lines above, this antivirus USED TO detect it.

Any help?, is there something wrong with the database?, I'd never open an executable file hittin' my inbox, but there's a dumb handfull out there that certainly will!.

 

What are your settings and how did you configure NOD32? You can email me or IM me. I'll try and help and if I can't I let someone know who might be of some help?

 

I have set it to the maximum possible security. Deep Heuristic sensitivity, virus signatures and heuristics both checked for Diagnostic Methods and all the boxes checked as well for Objects To Diagnose.

Send Detailed Information On Each Detected Infiltration is also enabled.

Man, try it yourself, get here<link removed by mod> and download Optix Pro 1.3. This is not a problem of setup, but I do appreciate your help anyways. Warning stills up.


[Edited by Moderator due to Forum Policies]

 

Hi Proud User,

I really suggest that no one actually try to launch that software on any system that they rely on. NOD is an absolutely great AV product but Optix Pro is a Trojan and really needs a good Anti Trojan to deal with it (especially once it goes stealth as it appears to have done). I recommend you download TDS3 from

http://tds.diamondcs.com.au/html/download.htm

do a manual signature (radius) update and scan with that.

HTH,

Dan

 

Sorry Dan, but that wan't my point. NOD32 v2 DID detect Optix Pro 1.3 a while back and for logical reasons, it should now with the current virus database update. And, if NOD32 now fails to detect this old trojan, how can I have the guarantee the same won't happen with other viruses that NOD32 was already cabale to detect?.

I posted the link, you have it and you know I'm for real. I love this antivirus. If NOD32 wasn't able to detect Optix Pro 1.3 before, no big deal, but it did, now it doesn't. That's something serious to think about.

But sadly, I'm using the free trial version which clearly says: "Eset, LLC cannot be hold liable for any damages resulting from the usage or installation of the trial version of NOD32" so if some virus destroys my machine, is not ESET'S business and I shouldn't have the right of complaining about something I was warned of, nevertheless, just imagine the commercial version owns this flaw, isn't it threatening enough to accept it and start trying to fix it instead of suggesting other software?.

Best regards and warning stills up.

 

Well, there are a couple of points to be made.

I do not not work for and am not associated with Eset, I am merely trying to help someone that has asked for help.

I feel quite sure that once the Eset people come into the thread they will be most willing and able to assist you in the resolution of any issue with regards to definitions.

My recommendation of an AT solution for dealing with trojans (particularly if you are going out of your way to get them) has nothing to do with Eset's assessment or positioning of their product but merely my own personal opinion.

Hopefully that makes things clearer.

Regards,

Dan

 

Proud User,

I downloaded Optix Pro 1.31 (released in May) and NOD found both client and server components. Def ver 1.442

HTH,

Dan

 

Well, sorry for being a bitch but I still believe I'm right.

First for all, the screenshot shows that the NOD322 you're running is a NT based one, mine is 9X, Windows Millenium, even though it shouldn't make any difference since virus databases are the same.

But here comes the most important: I said it didn't detect Optix Pro 1.3, I never wrote a thing about Optix Pro 1.31. My NOD32 v2 DOES detect version 1.31, but it won't work that fine for version 1.3.

Do the next, download Optix Pro 1.3, not 1.31, scan it and realize it wasn't humbugs.

Thanks again and warning's up unless someone can solve this.

 

Okay..., I'll try downloading the older ver. but just out of curiousity, what to you mean when you repeat "Warning's up"?

 

Well, after the painfully slow download from the Optix site I found that NOD did not detect the trojan client or server in the Optix Pro 1.3 zip file (or after they had been extracted). I would be happy to submit the archive to someone at Eset if I an get an email address (IM me if you wish) but keep in mind it is almost 3am my time so I may not be awake that much longer

Regards,

Dan

 

Hmm, the warning thingy stands for the fact that this is some serious security threat to my point of view (a very chaotic troajn listed as detectable that is now undetectable) and I just won't rest in peace without getting a proper response from someone related to NOD32's development if possible.

 

Alrighty Dan, that's all I wanted to hear. I'd appreciate if you could send ESET a message explaining this issue as soon as you wake up.

Thanks!

 

Already done, am awaiting word back from them now

 

Hey Proud User,

thaks for the feedback - it'll be added in the next update.

Take care,

jan

 

...as an additional follow-up. The ESET team has indicated that the version on the DL site which was the subject of the discussion is the same version that the Win32/Optix.Pro.1.3 signature is based on but had been repacked with a different UPX packer to foil detection (a common ploy in Trojan circles).

Thanks to all!

 

I'm dead impatient!.

 

Great Jan!, thank you