Does NOD32 Personnel Agree With (Virus Test by GEGA IT-Solutions)??

Hello!

And because we were unable to explain WHY Eset Nod32 has missed so many files, we did a rescan of the test with different settings, on different computer, and everything else. Here is the lof file with all options enabled (including list all files scanned) on a very old PC:

Report
NOD32 1.329 (20021115)
Prüfung Arbeitsspeicher auf Viren: OK
Prüfe NOD32.EXE
Datum: 21.11.2001 Zeit: 17:31:03
Prüfe Laufwerke und Ordner: V:\SCR_BAT
V:\SCR_BAT\!\_A_\282\VB_0592A.BAT - OK
V:\SCR_BAT\!\_A_\506\VG_09119.BAT - OK
V:\SCR_BAT\!\_A_\8FISH\190A26.BAT - OK
V:\SCR_BAT\!\_A_\ADUH\190A4B.BAT - OK
V:\SCR_BAT\!\_A_\ADUH\VD_D73C3.BAT - OK
V:\SCR_BAT\!\_A_\CRAZ1267\190A2B.BAT - OK
V:\SCR_BAT\!\_A_\CRAZ1267\VG_09051.BAT - OK
V:\SCR_BAT\!\_A_\CRAZ1267\VG_18089.BAT - OK
V:\SCR_BAT\!\_A_\BATALIA3\15E6F1.BAT - OK
V:\SCR_BAT\!\_A_\BATALIA6\190A55.BAT - OK
V:\SCR_BAT\!\_A_\BATALIA6\VG_09122.BAT - OK
V:\SCR_BAT\!\_A_\BATALIA6\VG_31315.BAT - OK
V:\SCR_BAT\!\_A_\BATALIA6\VG_31316.BAT - OK
V:\SCR_BAT\!\_A_\BATALIA6\VG_31318.BAT - OK
V:\SCR_BAT\!\_A_\BATALIA6\VG_31319.BAT - OK
V:\SCR_BAT\!\_A_\BATALIA6\VG_31321.BAT - OK
V:\SCR_BAT\!\_A_\BATALIA6\VG_31322.BAT - OK
V:\SCR_BAT\!\_A_\BATALIA6\15E6CC.BAT - OK
V:\SCR_BAT\!\_A_\BATALIA6\VD_2A5F2.BAT - OK
V:\SCR_BAT\!\_A_\VIR94458\VG_08403.BAT - OK
V:\SCR_BAT\!\_A_\VIR94458\VG_56206.BAT - BAT/Stormbringer.2097.B Virus
V:\SCR_BAT\!\_A_\VIR94458\VG_56207.BAT - OK
V:\SCR_BAT\!\_A_\VIR94458\VG_56208.BAT - BAT/Stormbringer.2097.B Virus
V:\SCR_BAT\!\_A_\VIR94458\15E6CF.BAT - BAT/Stormbringer.2097.B Virus
V:\SCR_BAT\!\_A_\BUG_560\190A56.BAT - OK
V:\SCR_BAT\!\_A_\BUG_603\VE_9DA.BAT - OK
V:\SCR_BAT\!\_A_\VX_558\190A4D.BAT - OK
V:\SCR_BAT\!\_A_\VX_558\VD_90C8F.BAT - OK
V:\SCR_BAT\!\_A_\VIRH\15E6EA.BAT - OK
V:\SCR_BAT\!\_A_\CHEEZ329\190A29.BAT - OK
V:\SCR_BAT\!\_A_\CHEEZ329\VG_09083.BAT - OK
V:\SCR_BAT\!\_A_\CLSV_475\VG_08344.BAT - OK
V:\SCR_BAT\!\_A_\CODE_169\190A2A.BAT - OK
V:\SCR_BAT\!\_A_\CODE_356\VG_59103.BAT - OK
V:\SCR_BAT\!\_A_\COMBA735\VG_18088.BAT - OK
V:\SCR_BAT\!\_A_\COMBA735\VG_59105.BAT - OK
V:\SCR_BAT\!\_A_\COMBA735\VG_59106.BAT - OK
V:\SCR_BAT\!\_A_\COMBA735\VG_64791.BAT - OK
V:\SCR_BAT\!\_A_\DOUBL298\VD_BC15D.BAT - OK
V:\SCR_BAT\!\_A_\FORMATS\VE_9DD.BAT - OK
V:\SCR_BAT\!\_A_\GEEZ_145\190A32.BAT - OK
V:\SCR_BAT\!\_A_\GEEZ_216\190A33.BAT - OK
V:\SCR_BAT\!\_A_\GRAY_705\VE_9EF.BAT - OK
V:\SCR_BAT\!\_A_\HELLOW\190A38.BAT - OK
V:\SCR_BAT\!\_A_\INFEC406\190A48.BAT - OK
V:\SCR_BAT\!\_A_\INFEC406\VE_9DF.BAT - OK
V:\SCR_BAT\!\_A_\INFEC406\VG_63862.BAT - OK
V:\SCR_BAT\!\_A_\INFEC406\VB_0594E.BAT - OK
V:\SCR_BAT\!\_A_\KHORY289\VE_9FC.BAT - OK
V:\SCR_BAT\!\_A_\KTULU\VE_9FF.BAT - OK
V:\SCR_BAT\!\_A_\LAME_874\VE_9E2.BAT - OK
V:\SCR_BAT\!\_A_\LAME_874\VG_10729.BAT - OK
V:\SCR_BAT\!\_A_\MDMA_990\VG_10563.BAT - OK
V:\SCR_BAT\!\_A_\MDMA_990\VG_10598.BAT - OK
V:\SCR_BAT\!\_A_\MELT\190A3D.BAT - OK
V:\SCR_BAT\!\_A_\MELT\VG_08779.BAT - OK
V:\SCR_BAT\!\_A_\MELT_B\190A3B.BAT - OK
V:\SCR_BAT\!\_A_\MELT_B\VG_17316.BAT - OK
V:\SCR_BAT\!\_A_\MINUS380\VG_08093.BAT - OK
V:\SCR_BAT\!\_A_\NEWHOST\15E6CB.BAT - OK
V:\SCR_BAT\!\_A_\NEWHOST\15E6DD.BAT - OK
V:\SCR_BAT\!\_A_\NEWHOST\VB_05931.BAT - OK
V:\SCR_BAT\!\_A_\NIKA_479\VE_A04.BAT - OK
V:\SCR_BAT\!\_A_\NUC-A\VE_A00.BAT - OK
V:\SCR_BAT\!\_A_\PAMP_919\VE_9FA.BAT - OK
V:\SCR_BAT\!\_A_\PARASITE\VG_71058.BAT - OK
V:\SCR_BAT\!\_A_\PARASITE\VG_71060.BAT - OK
V:\SCR_BAT\!\_A_\PARASITE\VG_71061.BAT - OK
V:\SCR_BAT\!\_A_\PG94_703\VG_18081.BAT - OK
V:\SCR_BAT\!\_A_\PG94_703\VG_18317.BAT - OK
V:\SCR_BAT\!\_A_\PG94_703\15E6FF.BAT - OK
V:\SCR_BAT\!\_A_\PG94_703\VB_05948.BAT - OK
V:\SCR_BAT\!\_A_\PG94_703\VD_EB51A.BAT - OK
V:\SCR_BAT\!\_A_\PIFV\190A57.BAT - OK
V:\SCR_BAT\!\_A_\PIFV\15E6EF.BAT - OK
V:\SCR_BAT\!\_A_\POLYBAT\15E6D5.BAT - OK
V:\SCR_BAT\!\_A_\POT\VG_08027.BAT - OK
V:\SCR_BAT\!\_A_\POT\VG_56215.BAT - OK
V:\SCR_BAT\!\_A_\POT\VG_56216.BAT - OK
V:\SCR_BAT\!\_A_\POT\VG_56217.BAT - OK
V:\SCR_BAT\!\_A_\POT\VG_56218.BAT - OK
V:\SCR_BAT\!\_A_\QLOP_646\VE_A08.BAT - OK
V:\SCR_BAT\!\_A_\SILLY_53\VE_A09.BAT - OK
V:\SCR_BAT\!\_A_\SILLY_54\VB_A77.BAT - OK
V:\SCR_BAT\!\_A_\SILLY_55\VE_A0E.BAT - OK
V:\SCR_BAT\!\_A_\SILLY_63\VE_A0F.BAT - OK
V:\SCR_BAT\!\_A_\SKUL\190A45.BAT - OK
V:\SCR_BAT\!\_A_\SKUL\VE_9D0.BAT - OK
V:\SCR_BAT\!\_A_\SKUL\VG_07942.BAT - OK
V:\SCR_BAT\!\_A_\SKUL\VG_24509.BAT - OK
V:\SCR_BAT\!\_A_\SKUL\VG_56220.BAT - OK
V:\SCR_BAT\!\_A_\SKUL\VG_56221.BAT - OK
V:\SCR_BAT\!\_A_\SKUL\VG_56222.BAT - OK
V:\SCR_BAT\!\_A_\SKUL\VG_56223.BAT - OK
V:\SCR_BAT\!\_A_\SKUL\VG_77925.BAT - OK
V:\SCR_BAT\!\_A_\TINY\190A50.BAT - OK
V:\SCR_BAT\!\_A_\TRIVIAL\VE_9E8.BAT - OK
V:\SCR_BAT\!\_A_\VIZ\VA_VIZ.BAT - OK
V:\SCR_BAT\!\_A_\WINS296\VE_9D7.BAT - OK
V:\SCR_BAT\!\_A_\WINS296\VB_09706.BAT - OK
V:\SCR_BAT\!\_A_\XOP\VG_07788.BAT - OK
V:\SCR_BAT\!\_A_\XOP\VG_56225.BAT - OK
V:\SCR_BAT\!\_A_\XOP\VG_56226.BAT - OK
V:\SCR_BAT\!\_A_\XOP\VG_56227.BAT - OK
V:\SCR_BAT\!\_A_\XOP\VG_56228.BAT - OK
V:\SCR_BAT\!\_A_\ZEKEZIP\15E6E5.BAT - OK
V:\SCR_BAT\!\_A_\ZEP\VG_07795.BAT - OK
V:\SCR_BAT\!\_A_\ZEP\VG_24515.BAT - OK
V:\SCR_BAT\!\_A_\ZEP\VG_24516.BAT - OK
V:\SCR_BAT\!\_A_\ZEP\VG_24517.BAT - OK
V:\SCR_BAT\!\_A_\ZEP\VG_24518.BAT - OK
V:\SCR_BAT\!\_A_\ZIPBA607\VG_58346.BAT - OK
V:\SCR_BAT\!\_A_\ZIPBA607\15E6D9.BAT - OK
V:\SCR_BAT\!\_A_\ZIPBA607\15E6E6.BAT - OK
V:\SCR_BAT\!\_A_\ZOP_B\VG_07802.BAT - OK
V:\SCR_BAT\!\_A_\ZOP_B\VG_07948.BAT - OK
V:\SCR_BAT\!\_A_\ZOP_B\VG_24520.BAT - BAT/Zop.B Virus
V:\SCR_BAT\!\_A_\ZOP_B\VG_56236.BAT - BAT/Zop.B Virus
V:\SCR_BAT\!\_A_\ZOP_B\VG_56237.BAT - BAT/Zop.B Virus
V:\SCR_BAT\!\_A_\ZOP_B\VG_56238.BAT - BAT/Zop.B Virus
V:\SCR_BAT\!\_A_\ADUH_B\190A4C.BAT - OK
V:\SCR_BAT\!\_A_\CRAZ1414\190A52.BAT - OK
V:\SCR_BAT\!\_A_\DAMN1432\VE_9F9.BAT - OK
V:\SCR_BAT\!\_A_\DICK1424\VG_10300.BAT - OK
V:\SCR_BAT\!\_A_\DICK1424\VG_10683.BAT - OK
V:\SCR_BAT\!\_A_\FRET1023\VG_31332.BAT - OK
V:\SCR_BAT\!\_A_\FRET1023\VG_31333.BAT - OK
V:\SCR_BAT\!\_A_\FRET1023\VG_55941.BAT - OK
V:\SCR_BAT\!\_A_\FRET1023\VG_55942.BAT - OK
V:\SCR_BAT\!\_A_\FRET1023\VG_55944.BAT - OK
V:\SCR_BAT\!\_A_\FRET1023\VG_56186.BAT - OK
V:\SCR_BAT\!\_A_\FRET1023\15E6D6.BAT - OK
V:\SCR_BAT\!\_A_\FRET1023\VB_05924.BAT - OK
V:\SCR_BAT\!\_A_\FRET1023\VB_09313.BAT - OK
V:\SCR_BAT\!\_A_\FROG1476\VG_08257.BAT - OK
V:\SCR_BAT\!\_A_\FROG1476\15E6EE.BAT - OK
V:\SCR_BAT\!\_A_\GURU1460\VG_59006.BAT - OK
V:\SCR_BAT\!\_A_\GURU1460\VG_59008.BAT - OK
V:\SCR_BAT\!\_A_\HIGH1400\VG_35925.BAT - OK
V:\SCR_BAT\!\_A_\HIGH1400\VB_09312.BAT - OK
V:\SCR_BAT\!\_A_\HNY_3350\VG_09950.BAT - OK
V:\SCR_BAT\!\_A_\HOLOCAST\VE_9F0.BAT - OK
V:\SCR_BAT\!\_A_\HOLOCAST\VG_08229.BAT - OK
V:\SCR_BAT\!\_A_\HOLOCAST\VG_08230.BAT - OK
V:\SCR_BAT\!\_A_\INVADER\VE_9E0.BAT - OK
V:\SCR_BAT\!\_A_\MELT1811\190A3C.BAT - OK
V:\SCR_BAT\!\_A_\ORAG1462\VE_9E5.BAT - OK
V:\SCR_BAT\!\_A_\ORAG1462\VE_9F4.BAT - OK
V:\SCR_BAT\!\_A_\PASS1354\190A40.BAT - OK
V:\SCR_BAT\!\_A_\PASS1354\VG_08736.BAT - OK
V:\SCR_BAT\!\_A_\SHAK1268\190A44.BAT - OK
V:\SCR_BAT\!\_A_\SHAK1268\VG_08642.BAT - OK
V:\SCR_BAT\!\_A_\TNSE1519\15E6D8.BAT - OK
V:\SCR_BAT\!\_A_\TNSE1519\VB_096F0.BAT - OK
V:\SCR_BAT\!\_A_\WISE2233\190A5A.BAT - OK
V:\SCR_BAT\!\_A_\WISE2233\VG_08491.BAT - OK
V:\SCR_BAT\!\_A_\WISE2233\VG_65023.BAT - OK
V:\SCR_BAT\!\_A_\126\190A4A.BAT - OK
V:\SCR_BAT\!\_S_\AT\VE_A1C.BAT - OK
V:\SCR_BAT\!\_S_\CB\VE_9EA.BAT - OK
V:\SCR_BAT\!\_S_\CB\VG_24496.BAT - OK
V:\SCR_BAT\!\_S_\CB\VG_56176.BAT - OK
V:\SCR_BAT\!\_S_\CB\VG_56178.BAT - OK
V:\SCR_BAT\!\_S_\DC\VG_77926.BAT - OK
V:\SCR_BAT\!\_S_\DF_CMP\VB_02F8E.BAT - OK
V:\SCR_BAT\!\_S_\F\15E6F2.BAT - OK
V:\SCR_BAT\!\_S_\FF\VE_A07.BAT - OK
V:\SCR_BAT\!\_S_\KIT\VB_091C8.BAT - OK
V:\SCR_BAT\!\_S_\MUNGA\VE_9EB.BAT - OK
V:\SCR_BAT\!\_S_\S\VB_03536.BAT - OK
V:\SCR_BAT\!\_S_\S\VB_03537.BAT - OK
V:\SCR_BAT\!\_S_\S_1\VB_03535.BAT - OK
V:\SCR_BAT\A\ALEK\A\VE_9D8.BAT - OK
V:\SCR_BAT\B\BATALIA1\VG_60289.BAT - OK
V:\SCR_BAT\B\BATALIA1\15E6EC.BAT - OK
V:\SCR_BAT\B\BATALIA\D\VG_17700.BAT - OK
V:\SCR_BAT\B\BATALIA\D\VG_59203.BAT - OK
V:\SCR_BAT\B\BATALIA\D\VG_59202.BAT - OK
V:\SCR_BAT\B\BATALIA\D\VG_64856.BAT - OK
V:\SCR_BAT\B\BATALIA\D\15E6E4.BAT - OK
V:\SCR_BAT\B\BATALIA\D\15E6E7.BAT - OK
V:\SCR_BAT\B\BATALIA\D\15E6F0.BAT - OK
V:\SCR_BAT\B\BATALIA\E\VG_31317.BAT - OK
V:\SCR_BAT\B\BATALIA\E\VG_31320.BAT - OK
V:\SCR_BAT\B\BATALIA\E\VG_40569.BAT - OK
V:\SCR_BAT\B\BATALIA\F\15E6D2.BAT - OK
V:\SCR_BAT\B\BATALIA\C\15E6CD.BAT - OK
V:\SCR_BAT\B\BATALIA\C\VE_9D5.BAT - OK
V:\SCR_BAT\B\BATALIA\C\VG_31309.BAT - OK
V:\SCR_BAT\B\BATALIA\C\VG_31310.BAT - OK
V:\SCR_BAT\B\BATALIA\C\VG_31312.BAT - OK
V:\SCR_BAT\B\BATALIA\C\VG_31313.BAT - OK
V:\SCR_BAT\B\BATALIA\C\VG_31314.BAT - OK
V:\SCR_BAT\B\BATALIA\C\VG_39661.BAT - OK
V:\SCR_BAT\B\BATALIA2\VG_17698.BAT - OK
V:\SCR_BAT\B\BATALIA2\15E6ED.BAT - OK
V:\SCR_BAT\B\BATALIA7\VG_17188.BAT - OK
V:\SCR_BAT\B\BATALIA7\VE_9D9.BAT - OK
V:\SCR_BAT\B\BATMAN\VG_82243.BAT - OK
V:\SCR_BAT\B\BATMAN\VG_56246.BAT - OK
V:\SCR_BAT\B\BATMAN\VG_56247.BAT - OK
V:\SCR_BAT\B\BATMAN\VG_56245.BAT - OK
V:\SCR_BAT\B\BATMAN\VG_24528.BAT - OK
V:\SCR_BAT\B\BATMAN\VB_057FE.BAT - OK
V:\SCR_BAT\B\BFV\190A4F.BAT - OK
V:\SCR_BAT\B\BINGO\VG_12347.BAT - OK
V:\SCR_BAT\B\BLAH\3385\A\VG_04324.BAT - OK
V:\SCR_BAT\B\BLAH\3385\A\VG_07145.BAT - OK
V:\SCR_BAT\B\BLAH\3385\A\VG_07146.BAT - OK
V:\SCR_BAT\B\BLAH\3385\A\VG_24338.BAT - OK
V:\SCR_BAT\B\BLAH\3385\A\VG_24339.BAT - OK
V:\SCR_BAT\B\BLAH\3379\190A28.BAT - OK
V:\SCR_BAT\B\BLAH\3379\VE_9CF.BAT - OK
V:\SCR_BAT\B\BLAH\3379\VG_11427.BAT - OK
V:\SCR_BAT\B\BLAH\3379\VG_11428.BAT - OK
V:\SCR_BAT\B\BUG\A\VG_10726.BAT - OK
V:\SCR_BAT\B\BUG\A\VG_10727.BAT - OK
V:\SCR_BAT\B\BV-DP\A\VE_9FB.BAT - OK
V:\SCR_BAT\C\CLSV\190A51.BAT - OK
V:\SCR_BAT\C\CARBUNCL.E\190A54.BAT - OK
V:\SCR_BAT\C\CODE\B\15E6DA.BAT - OK
V:\SCR_BAT\C\CODE\B\15E6FE.BAT - OK
V:\SCR_BAT\C\CODE\B\VB_05958.BAT - OK
V:\SCR_BAT\C\CODE\B\VG_59101.BAT - OK
V:\SCR_BAT\C\CODE\B\VG_64787.BAT - OK
V:\SCR_BAT\C\CYBER\190A2C.BAT - OK
V:\SCR_BAT\D\DITTY\VB_09311.BAT - OK
V:\SCR_BAT\D\DAKUMA\A\15E6E9.BAT - OK
V:\SCR_BAT\D\DAKUMA\A\VG_72115.BAT - OK
V:\SCR_BAT\D\DAKUMA\B\VG_56995.BAT - OK
V:\SCR_BAT\D\DAKUMA\C\VG_63761.BAT - OK
V:\SCR_BAT\D\DAMANG\A\VE_9FD.BAT - OK
V:\SCR_BAT\D\DIRECT\A\VD_US.BAT - OK
V:\SCR_BAT\D\DROP\VG_18242.BAT - OK
V:\SCR_BAT\D\DROP\VG_64642.BAT - OK
V:\SCR_BAT\D\DROP\190A30.BAT - OK
V:\SCR_BAT\D\DROP\15E6FC.BAT - OK
V:\SCR_BAT\D\DOUBLE_A.T\B\VD_6197C.BAT - OK
V:\SCR_BAT\D\DRIVES\A\DRIVES.BAT - OK
V:\SCR_BAT\E\ELF\VG_64652.BAT - OK
V:\SCR_BAT\E\ELF\VG_59030.BAT - OK
V:\SCR_BAT\E\ELF\15E6D0.BAT - OK
V:\SCR_BAT\F\FINEKILL\VE_9DC.BAT - OK
V:\SCR_BAT\F\FOR\VG_18249.BAT - OK
V:\SCR_BAT\F\FOR\VG_64658.BAT - OK
V:\SCR_BAT\F\FOR\VG_59036.BAT - OK
V:\SCR_BAT\F\FOR\VG_59037.BAT - OK
V:\SCR_BAT\F\FOR\190A31.BAT - OK
V:\SCR_BAT\F\FOR\VB_0595D.BAT - OK
V:\SCR_BAT\F\FRIENDME.SS\A\MESS.BAT - OK
V:\SCR_BAT\G\GEEZ\A\VG_09011.BAT - OK
V:\SCR_BAT\G\GOOFY\VG_65645.BAT - OK
V:\SCR_BAT\G\GOOFY\VB_05960.BAT - OK
V:\SCR_BAT\G\GRAY\B\VE_9DE.BAT - OK
V:\SCR_BAT\G\GRAY\A\VG_18258.BAT - OK
V:\SCR_BAT\G\GRUNCH\VG_08968.BAT - OK
V:\SCR_BAT\G\GRUNCH\190A35.BAT - OK
V:\SCR_BAT\G\GREMLIN\A\190A34.BAT - OK
V:\SCR_BAT\G\GREMLIN\A\VG_17888.BAT - OK
V:\SCR_BAT\G\GREMLIN\B\VG_65646.BAT - OK
V:\SCR_BAT\G\GURU\VG_64596.BAT - OK
V:\SCR_BAT\G\GURU\190A36.BAT - OK
V:\SCR_BAT\G\GURU\15E6D7.BAT - OK
V:\SCR_BAT\G\GURU\15E6DC.BAT - OK
V:\SCR_BAT\H\HEX\190A25.BAT - OK
V:\SCR_BAT\H\HEXVIR\VG_63827.BAT - OK
V:\SCR_BAT\H\HEXVIR\190A39.BAT - OK
V:\SCR_BAT\H\HOTTOTRO.T\190A37.BAT - OK
V:\SCR_BAT\H\HOTTOTRO.T\VG_58797.BAT - OK
V:\SCR_BAT\H\HOTTOTRO.T\VG_58798.BAT - OK
V:\SCR_BAT\H\HOTTOTRO.T\VG_64547.BAT - OK
V:\SCR_BAT\I\ICH\VG_08235.BAT - OK
V:\SCR_BAT\I\ICH\15E6F3.BAT - OK
V:\SCR_BAT\I\INSEND\VG_65616.BAT - OK
V:\SCR_BAT\I\INSEND\190A3A.BAT - OK
V:\SCR_BAT\I\IRCBAT\B\V.BAT - OK
V:\SCR_BAT\J\JAMES\VG_08204.BAT - OK
V:\SCR_BAT\J\JAMES\VE_9DB.BAT - OK
V:\SCR_BAT\J\JAMES\VE_9E1.BAT - OK
V:\SCR_BAT\J\JERKY\VE_A02.BAT - OK
V:\SCR_BAT\J\JOY\A\VE_9F1.BAT - OK
V:\SCR_BAT\J\JOY\B\VE_9F2.BAT - OK
V:\SCR_BAT\K\KURT\VG_10625.BAT - OK
V:\SCR_BAT\K\KURT\VG_10624.BAT - OK
V:\SCR_BAT\L\LCAMBAT\VE_9F5.BAT - OK
V:\SCR_BAT\L\LAME\A\VG_10728.BAT - OK
V:\SCR_BAT\L\LAME\A\VG_10730.BAT - OK
V:\SCR_BAT\L\LOVELETT.ER\Y\WORM.BAT - OK
V:\SCR_BAT\M\MASTNY\VG_11633.BAT - OK
V:\SCR_BAT\M\MASTNY\15E6D4.BAT - OK
V:\SCR_BAT\M\MANTIS\A\VE_9FE.BAT - OK
V:\SCR_BAT\M\MF\A\VE_9F8.BAT - OK
V:\SCR_BAT\M\MF\C\VE_9F7.BAT - OK
V:\SCR_BAT\M\MF\B\VE_9F6.BAT - OK
V:\SCR_BAT\M\MOBIUS\15E6EB.BAT - OK
V:\SCR_BAT\M\MORAL\VG_18153.BAT - OK
V:\SCR_BAT\M\MORAL\VG_64379.BAT - OK
V:\SCR_BAT\M\MORAL\190A3E.BAT - OK
V:\SCR_BAT\M\MORAL\VB_05950.BAT - OK
V:\SCR_BAT\M\MTR\VG_18008.BAT - OK
V:\SCR_BAT\M\MTR\VG_64385.BAT - OK
V:\SCR_BAT\M\MTR\VE_9E4.BAT - OK
V:\SCR_BAT\M\MYPICS\A\MYPICS.BAT - Win32/MyPics.A Wurm
V:\SCR_BAT\N\NICE\VG_18119.BAT - OK
V:\SCR_BAT\N\NICE\VG_08756.BAT - OK
V:\SCR_BAT\N\NICE\190A2F.BAT - OK
V:\SCR_BAT\N\NICE\15E6DB.BAT - OK
V:\SCR_BAT\N\NICE\15E6FD.BAT - OK
V:\SCR_BAT\N\NICEOLD\VG_18120.BAT - OK
V:\SCR_BAT\N\NICEOLD\VG_58737.BAT - OK
V:\SCR_BAT\N\NICEOLD\VG_58736.BAT - OK
V:\SCR_BAT\N\NICEOLD\VG_64390.BAT - OK
V:\SCR_BAT\N\NICEOLD\190A2D.BAT - OK
V:\SCR_BAT\N\NICEOLD\15E6E0.BAT - OK
V:\SCR_BAT\O\OTTER\B\VE_9ED.BAT - OK
V:\SCR_BAT\P\PANIC\B\VB_05927.BAT - OK
V:\SCR_BAT\P\PANIC\C\190A27.BAT - OK
V:\SCR_BAT\P\PARASITE\190A3F.BAT - OK
V:\SCR_BAT\P\POLYBAT\VG_10940.BAT - OK
V:\SCR_BAT\P\POLYBAT\VG_10942.BAT - OK
V:\SCR_BAT\P\POLYBAT\VG_10943.BAT - OK
V:\SCR_BAT\P\POLYBAT\VG_10944.BAT - OK
V:\SCR_BAT\P\POLYBAT\VG_10945.BAT - OK
V:\SCR_BAT\P\POLYBAT\VG_10941.BAT - OK
V:\SCR_BAT\P\POLYBAT\15E6DF.BAT - OK
V:\SCR_BAT\P\POT\A\VG_24504.BAT - OK
V:\SCR_BAT\P\POT\A\190A42.BAT - OK
V:\SCR_BAT\P\POT\A\VE_9D4.BAT - OK
V:\SCR_BAT\P\POT\B\190A41.BAT - OK
V:\SCR_BAT\P\PRON\A\VE_A01.BAT - OK
V:\SCR_BAT\P\PAMPERS\VICTIM.BAT - OK
V:\SCR_BAT\R\RAMBLE\190A59.BAT - OK
V:\SCR_BAT\R\ROOT\190A4E.BAT - OK
V:\SCR_BAT\S\SMALL\A\VE_9E6.BAT - OK
V:\SCR_BAT\S\SHADOWBA.T\190A43.BAT - OK
V:\SCR_BAT\S\SHADOWBA.T\VG_18234.BAT - OK
V:\SCR_BAT\S\SHADOWBA.T\VG_58445.BAT - OK
V:\SCR_BAT\S\SHADOWBA.T\VG_58446.BAT - OK
V:\SCR_BAT\S\SMF\266\VB_A47.BAT - OK
V:\SCR_BAT\S\STUPID\190A53.BAT - OK
V:\SCR_BAT\S\STORMBRI.NGE\C\VG_45322.BAT - OK
V:\SCR_BAT\S\STORMBRI.NGE\C\VE_9E9.BAT - OK
V:\SCR_BAT\S\STORMBRI.NGE\D\VG_56211.BAT - OK
V:\SCR_BAT\S\SWING\190A49.BAT - OK
V:\SCR_BAT\S\SWING\VE_9E3.BAT - OK
V:\SCR_BAT\S\SYS\15E6FB.BAT - OK
V:\SCR_BAT\S\SYSDATA\VG_07912.BAT - OK
V:\SCR_BAT\S\SYSDATA\VE_9F3.BAT - OK
V:\SCR_BAT\T\TINY\VD_04BB8.BAT - OK
V:\SCR_BAT\T\TNSE\VG_56915.BAT - OK
V:\SCR_BAT\T\TNSE\VG_56914.BAT - OK
V:\SCR_BAT\T\TNSE\VG_56913.BAT - OK
V:\SCR_BAT\T\TNSE\VE_9E7.BAT - OK
V:\SCR_BAT\V\VOFF\VG_58399.BAT - OK
V:\SCR_BAT\V\VOFF\VG_18106.BAT - OK
V:\SCR_BAT\V\VOFF\VG_58398.BAT - OK
V:\SCR_BAT\V\VOFF\VG_64086.BAT - OK
V:\SCR_BAT\V\VOFF\190A2E.BAT - OK
V:\SCR_BAT\V\VOFF\15E6E2.BAT - OK
V:\SCR_BAT\V\VOFF\15E6E3.BAT - OK
V:\SCR_BAT\W\WAGNER\190A58.BAT - OK
V:\SCR_BAT\W\WAGNER\15E6DE.BAT - OK
V:\SCR_BAT\W\WINSTART\296\VE_9D6.BAT - OK
V:\SCR_BAT\W\WINSTART\296\VB_0592C.BAT - OK
V:\SCR_BAT\W\WINRIP\WINRIP.BAT - OK
V:\SCR_BAT\X\XOP\A\190A5B.BAT - OK
V:\SCR_BAT\X\XOP\C\VG_55943.BAT - OK
V:\SCR_BAT\X\XOP\C\VG_24514.BAT - OK
V:\SCR_BAT\X\XOP\C\VE_9D1.BAT - OK
V:\SCR_BAT\X\XOP\C\VB_096F9.BAT - OK
V:\SCR_BAT\X\XOP\D\190A5C.BAT - OK
V:\SCR_BAT\Z\ZEKE\190A5D.BAT - OK
V:\SCR_BAT\Z\ZEP\VG_56234.BAT - OK
V:\SCR_BAT\Z\ZEP\190A5E.BAT - OK
V:\SCR_BAT\Z\ZEP\190A5F.BAT - OK
V:\SCR_BAT\Z\ZEP\VE_9D2.BAT - OK
V:\SCR_BAT\Z\ZIPBAT\VG_64000.BAT - OK
V:\SCR_BAT\Z\ZIPBAT\VG_58347.BAT - OK
V:\SCR_BAT\Z\ZOPB\VG_56239.BAT - OK
V:\SCR_BAT\Z\ZOPB\VG_24525.BAT - OK
V:\SCR_BAT\Z\ZOPB\190A60.BAT - OK
V:\SCR_BAT\Z\ZOPB\VE_9D3.BAT - OK
Anzahl geprüfter Dateien: 382
Anzahl infizierter Objekte: 8
Verbliebene Viren: 8
Beendet um: 17:31:31 Uhr Benötigte Zeit: 28 sec (00:00:2

cheers,
Andreas

 

Hello!

First, may I cite the review? In the first line, it tells that Nod32 has passed all ItW tests with 100% - it has detected everything. That's quite good, because two other programs (Panda and Trend Micro) did not score 100% ItW.

Second, we have performed Zoo tests, too. For this, we have not used any kind of "old DOS viruses" (I fully agree with Anton on this). These files represents really lots of viruses, but the distribution is indeed almost zero today. And in the Zoo test, we were quite surprised about Nod32, due to the BAT virus detection rate of only 2%. Other programs scored 100% or almost 100% here.

In later tests - however - we found that this problem was indeed fixed. The detection rate of Zoo BAT viruses was a bit higher than 80%. (Again: Other programs detects 100% of them, only missing a very few samples.)

For this tests, we have indeed renamed the file, but NOT the extention. The files are renamed due to our sort process - every file gets an individual number and code. you can see it in the log files above.

However, Anton has requested this part of the collection and I simply copied all files into one folder, and to prevent accidential execution, I have renamed them to *.BAT$. Therefore, he thinks that we have tested Nod32 against renamed samples. Later on the same day I send him the collection we have used in our test - with the full directory structure and with the original names of the samples. (We have restored them from an archive - we are always keeping all of the log files, the collection etc. in an archive, so we could easily validate our results - or some other people can do it for us.)

I cannot see an error here. Even if Nod32 would detect all of the BAT viruses now, the total Zoo detection score would still be at the 92,x % level which is the worst in the test (a lot of products scored higher than 99%).

More later...

cheers,
Andreas

 

looks like we will have a real duel here. Fellaz get yer baseball bat and ...

 

Hello!

OK, let me continue with part 2: Compressed files. Like many other anti-virus experts I think that's essential for an AV program to detect (runtime-)compressed files.

For example, you can grab a copy of the SubSeven backdoor. Every scanner will detect it. Now compress it using some runtime-packers like UPX. How many programs will still detect it?

Nearly (if not) all - simply, because this form of distribution (a compressed SubSeven) is widely used by Script Kiddies. Most av programs includes special signatures to detect compressed copies of SubSeven.

But the better solution would be to unpack such files, and to check it's content. That will be a pro-active solution. In the first case, an AV company needs to detect SubSeven and all compressed forms of them which causes quite a lot of different signatures in their database. And if new compression tools are released, the compressed SubSeven would not be detected in this case. And think about the overhead to detect all 3000+ backdoors this way. If only 20 different runtime packers were known (btw, much more exist), you'd need 60.000 signatures to detect all forms.

Therefore, it's better for an AV program to really unpack runtime-compressed files. For example, lots of different ItW viruses were re-packed in past. Virus A gots ItW and on the next few days you'll see variants B, C, D, and E, F, G and H, I, J and so on. The difference is usually only that they have been compressed by a tool such as UPX, Neolite, WPack32 etc.

If you are company 1 that does not support runtime-compressors, you'll need to add variant A to your database and release an update. And you need to add B to your database and release an update. And C, and D, and so on. In every case, you'll need to release an update. That's quite a lot of work and there is always a delay between the time where the virus gots ItW and it was first seen by virus researcher. And of course, he needs to analyse the sample and so on.

But if you are company 2, you only need to release an update A. The other variants are detected without any update and without a delay, simply, because the program is able to uncompress the file and detect this virus. That's a far better protection in my eyes.

And most programs like Bitdefender, Kaspersky Anti-Virus, McAfee VirusScan and G Data AntiVirus Kit are able to detect almost everything which is runtime-compressed. Therefore, the companies do not need to release a lot of updates for such new in-the-wild malware.

However, in the case of Nod32 (and a few other programs like Norton AV) the developers decided to NOT include such uncompress routines. I can understand why Nod32 does not include an unpacker - because it slows down the scan process a lot.

And Nod32 wouldn't be a very fast scanner anymore. (Today, it's really the fastest scanner I know.)

cheers,
Andreas

 

Vamp - Bottom line for me is this - if, as you say, NOD's so bad, where are all the droves of people screaming about the "fact" that "NOD missed this!" or "NOD missed that!"?

You don't see/hear that, do you? Of course you don't.

Either all the people being "let down" by NOD are remarkably forgiving, silently-suffering types - or NOD isn't letting its' users down in the real-world experience of day-to-day Internet/email usage.

And I think that says it all. Pete

 

Exactly. Much more runtime packers are known and if a nasty virus writer really wants to pass a packer, than he can do it... Therefore, support of a limited number of runtime packers is a nice-to-have feature, but it is NOT a universal protection.

NOD32, ver. 2 addresses this problem in a far more universal manner and version 1 has the best track record in detection of the ItW viruses (even those compressed).

That is correct. However, if your product supports X runtime compressors (not all, of course) and another (X+1)th becomes 'popular', than the product needs to be upgraded. It usually takes a lot of time to add support to a new 'variant' of runtime compressor.

NOD32, ver. 2 addresses this problem in a more universal manner via a generic runtime compressor.

Sorry, I don't think so. If a diligent virus vriter would change a byte or two in the 'original' worm than the support of that particular compressor is, in most cases, useless. Again, what a good product really needs is a generic unpacker and extremely good heuristics.

BTW - if all the big boys are so good in supporting major runtime compressors, then I have to ask: why do they have problems detecting the ItW compressed worms in general? (not in GEGA test, AFAIK)

Yes, in some cases this may be an advantage. In other, they may be in (big) troubles (see above).
This problem is more complex than it appears. This is not a good space to go into details, I am affraid.

I only believe in numbers I can measure I would not dare to predict the features of anybody's product in advance. Than, of course, the question is what is 'very fast'
I recommend checking the difference in scanning rate between NOD32 and other product you mentioned. How come one is 4-5 times faster?


anton
eset

 

Spy1,

How about a little test, You send me ten viruses, That NOD can detect, I will pack them, send them back, and Now you will have ten viruses NOD can't detect, or NOD misses.

 

Sorry, you missed my point. You could do exactly the same with any of the products that support runtime packers! You'd have to work just a little bit harder though.

BTW _ what do you think: Is this .BAT file a virus?:

@echo off
resident.bat

 

Maybe I'm missing something here

If a file is packed, to get at the files inside I need to unpack it, if I unpack it the antivirus finds this virus (hopefully)

If the packed virus is never unpacked it doesn't pose any threat to me, and even if it was unpacked the virus would be detected (again hopefully)

So what danger to me are packed files if they are never unpacked?

Sure it would be nice to have a virus detected in a packed format (even at the expense of speed I'd like to see it) but I still dont see the immediate danger.

 

Toney - I seem to have misplaced my sack full of virii, but I'm sure you have plenty - go ahead and pack them up and send them on.

I can't do anything about the fact that my ISP (Comporium) does their own email virus scanning (it'll give me a good chance to see if it works!).

Please bear in mind that all my email is checked on the server with MailWasher, and that what I do transfer on to OE gets filtered by Benign (that'll be a good test for it, too!).

Cool! Send away! Pete

 

Tinribs - Shhh! Don't bring that up! It knocks the legs out from under his whole arguement, for heaven's sake! Pete

 

No this is not True, you don't need to unpack it, The author of NOD, knows, for a fact, what I am saying is true. The file (virus) will execute, then you are screwed, cause NOD, can't stop it from executing.

It will unpack it's self in memory, then do it's damage to your PC, while NOD just sets there and smiles.

 

Tinribs,
Do you have a file, that NOD detects? says, a test file, firewar, or some other safe file, pack it, then execute it NOD, will allow the exe to execute, and do nothing.

 

I hope anton, comes back and explains to you, that NOD will just set there and do nothing, while a virus that was packed, and NOD missed it, destroys, your data, formats your PC, or steals your information.

Provided, that's what the virus was designed to do, if NOD, can't detect it before execution, you are screwed period.

anton should know by now, after reading this thread, a lot of his customers, are misinformed, or don't understand run time packers, believe it has to be unpacked first giving the AV time to stop it.

This is completely wrong, either the AV stops the execution, or you are done, end of story.

 

I appreciate GEGA's extra effort to repeat the tests. The test perfomed on NOD32 (by GEGA-IT itself) before and after this test showed an order of magnitude higher detection. That was the reason why the tests were repeated.

Ver. 1.329 and, for that matter, every version released is tested prior to its release in our labs. Every released version is archived. When Eset scans the same files as those shown in the GEGA-IT scanning LOG, using the same version - 1.329 (and all many prior and post versions as well, the result is different!

The LOG above says nothing about different settings of NOD32, and it says nothing about the contents of the files listed in the LOG!

I appreciate GEGA-IT's initial cooperation in trying to explain the problem (after PC Welt review had published the results) but the final attempt to perfom the 'experimentus crucis', in particular my suggestion to exchange the tested versions (1.329 used by GEGA-IT) and 1.329 archived in Eset has been rejected. Eset did its best to avoid this public discussion, because I strongly believe, it is based on error.

We can go on in this discussion (forever), however, the final judge in any theory is an experiment.

Therefore, I take the liberty to suggest simple experiment:

The EICAR (European Institute for Computer Antivirus Research) meeting is held next week in Copenhagen. The experiment can be performed during the meeting, with the same set of .BAT viruses and the same version 1.329. Independent experts can take part in the experiment.

Independent experts can also have a close look at selected files in GEGA-IT Zoo collection and decide whether a .BAT file like this:

1,4d
e

is a virus.

anton
eset

 

Well.... before someone thinks i join here this discussion "to bash" NOD32 - wrong. Because i must really something say to their "defense".

First at all - having a unpacking engine is i nice feature but it is NOT a must to catch virii/worms/trojans ITW. That's the first point. You can score here "without any problem" 100% ITW without having a unpack engine. (See VB Awards NOD32 - i know you don't like them Vamp, but it is really not so easy to get them as it seems there is not only a dedection of 100% ITW with a ondemand scan necesarry - there is A LOT OF MORE NEEDED for this. I know this because i am preparing for this. So i do respect this NOD32 Awards. 2nd Point.

And NOD32 does not claim to be THE BEST TROJAN SCANNER. Kaspersky is here the king and we all know this. Do we ?

A worm for instance, who is ITW can also be catched without a unpack engine.
Because he is "well known". If someone repacks this worm and release him again so that he is listed ITW AGAIN he will be in the same time detected - even without a unpacking engine. That's the point of ITW Lists/Alerts/Whatever.

You can always avoid detection - from Kaspersky, from MC Afee, from GAV, from NOD32 - from all scanners. It's just a question HOW DANGEROUS is this missed sample really. Is it a unique sample for scaring the own granddad ? Well then it's not a real threat. Is it available in the public areas (internet) well then it would be a good idea to add this; is it ITW then you have to add it. It's as simple as this.

And i can also pack at least 20.000 undetected Trojans for MC Afee or KAV - i just use a simple xor runtime encrypter. If he does not exist how i need him - it takes maybe a half day to write a working encrypter. Or i do a search on some chineses sites - you find there almost all unknown encryption stuff. Installed, encrypted, undetect - it's that way - you need not even to know anything about programming, you need just to know how to load/open the input file - then add some AntiDebugging / Dumping Code and voila - KAV add's this even also with packed signs - supirise ? Not really

And i am for sure "not the biggest nod32 fan" - but at least i am fair - even if i develop a unpack support for my own project - this doesn't matter for me.

Michael

 

Hey, Vamp! Where's my virus's at? Pete

 

Have you already sent me the 10 I ask for?

If so, you must have sent them to wrong address, send them here. vampirefo@hotmail.com

 

xor,


I don't mind NOD, so much, it's the users, or some of them, I don't care for, A question was asked, and answered, Then later just a bunch of slamming of me and any test but VB.

As you see in this whole thread very few posts are about NOD, a lot are about me, or something else to distract from NOD failing a test.

This thread was dying out, then rodzilla came a blasting away, at me, or anything to distract from the fact NOD failed, then anton, started blasting, but has since stopped, and started becoming more professional, which is what a CEO should do PR work. Not blast everyone, that disagrees, with NOD, or VB.

 

Its no secret I'm a Nod32 user, I do not want to get caught up in the (for a better word) 'slanging' match between the different parties, but I wonder why if Eset have had numerous emails about this test that something can't be done to appease the users fears.

I for one, despite my previous post, do not really want any virii or malware sitting on my pc undetected whether its packed or not.

If these unpackers cause a slow down to the main scanning engine then so be it, the time to make a cup of tea would be preferable to the time spent repairing a damaged o/s and valued files.

 

Vamp - You must be confusing me with an actual virus expert!

Not only do I not have any virii to send you - I wouldn't even know how to go about getting some.

That's what I meant when I said that I'd "lost my sackful of virii" - I never had any to start with.

Oh well. Pete

 

Nothing else can be gained from this thread, I am done with it, Hopefully, we can just let it die, enough information has been put into this thread.

For the ones who want to know if NOD is all that or just hype, for the ones that don't want to know, they can just skip over the thread.

Hopefully, the bashings have stopped, This Thread is about NOD, not Vampirefo, also no sin is committed, if one disagrees with NOD, or VB.

 

There are other threads with reference to GEGA tests etc, hopefully they might continue the vein of this thread.
And Vamp, dont take it personally, I'm sure your shouldrs are broader than that Remember you are in the Nod32 forum, its bound to get heated.

 

Obviously, you disagree with many AV Researches and experts. You must be very knowledgeable and special guy.



Technodrome