NOD32 Detections Failing

Hello Readers,

Once again i found a virus, as simple as a Autoit.xx variant, which is caught by (not almost) actaully all the AVS in the Competition of NOD32

1. Kaspersky
2. Bit Defender
3. McAffee
4. Symantec / Norton
5. Antivir
6. Avast
7. f-secure and the the list goes on and on...

what the problem with NOD32, why is it failing to detect such simple variants and generic Detections....Why is nod32 avoiding this again and again...

~snip~

check this out, its only 1 out of so many examples...

~EC Edit: Please don't link to virustotal/jotti. Links removed as by TOS~

 

Microsoft also avoid detection if look at the situation this way . Do you really need an answer of the stupid question you are posting ?

 

Should M$ be considered the yardstick when comparing response times
Now there is a premise thats really dumb !!!

 

MS is no where in the frame when comparing the AVS,
nod32 has set its own standard, against all, all these years
i only want to say is its failing like it never has...

detections are added only after u sent then samples from 50-100 times and post the moderators about it....
Update response time is very late as compared to other AVS, i sent samples to kaspersky and they every time i send they include it in their very next update or the next at max..

then why is NOD so slow..
is it lacking Man Power,

 

Virustotal isn't an accurate test, it's really more just to check out a file, for instance nod32's best heuristics comes from the webav, and the engine that checks it before it's run, the file scanner misses many that nod32 actually detects, and as such virustotal is useless for that

That being said, every antivirus misses stuff, i've found esets addition of stuff lackluster at best, but the files i've given to marco's personally have been handled quickly and sent into updates the next update

also one sent to samples@eset.com was also quickly added, however i must add this is a file that had potential to rapidly spread, the random malware eset doesn't prioritize

that being said eset does very well in detection of many of the samples i play with

-Brian

Edit can i add, where are your samples from?, do you include any information with the files at all?, if you'd like you can pm me direct links and where you found them and i can probably tell you why eset doesn't prioritize them as important

 

Actually those Autoit samples (or rather the scripts themselves) are detected, but the archives are specially crafted so that they are not scanned internally. It's like demanding detection for whole archives that are not supported and thus the files inside cannot be extracted. We'll check that sample, but isn't it strange that those specially crafted archives are comming only from one person in the world and then we are put under pressure to hurry with adding detection?

 

Sorry Marcos but....

Sorry about it Marcos, i understand it
ok lemme tell u my situation
I am a computer Admin, for a Certain College level institute having around 3000 computers
I dont know the actual source of these autoit scripts ( i want 2 know the source)
but if 1 variant comes to a system, i believe they spread to all 3000 computers in 6 hrs, because of extensive usage of usb mass storage devices
and they cross over to computers of the whole city via cyber centers etc.

and our company provides maintenance to almost 20000+ computers of the city. thats the reason i pressure u to provide the faster update,

but i dont understand how kaspersky or others catches them while nod doesn't?

and please tell me if there is a way to permanently blocking these autoit variants.

thankx please reply

 

This argument is sounding very immature to me and the usual drama why didn't NOD32 not detect this or why didnt KAV not detect this and Bitdefender did and so on. So let me stress here "there will never ever be a 100% AV product out there and there never ever can be one. I'm not taking sides here and saying NOD32 is the best AV in the world and others a poor, but what I can say is NOD has detected viruses that others havent and also I can say is that its false positive dtection rate also has been better than alot of others as well. Ok true NOD has missed one of two small variants, viruses what ever you call it, but I'm sure so has others.

 

Haha well, checked out these files nothing special, comodo doesn't detect them either, that being said i also accidently executed this badboy on my main pc, Sucks for me, luckily nothing went to crazy

that being said marco's is right, nothing real special here with these samples, it's actually detected by comodo after being ran(whatever file it drops), and i'm going to assume eset has the same

-Brian

 

actually that was my problem with eset, slow response time to submitted samples. i switch to nod32 antivirus because its fast and effective, but they should consider the customers submission sample and replying fast.

unlike avg, the technical dept of avg is very fast in replying to customers concern, and they reply also to your emails and file submission. and they add new found threat to there database quickly, my only problem with avg is it consume to much resources. sometimes my pc hang when playing online.

eset should response quickly. thats my opinion

 

yes i think too.
I send 5-15 samples per month, there are never reply.
Support is very poor (just auto reply) and add samples is very middle.

Yes they add sample very dangerous in first but eset detects less in less, it is classified because it made little false device and it is fast.

If nod32 want the best antivirus, they are more add samples !

I have again 7 "new" virus 2 weeks ago who don't always add.
Now Antivir is the first, fast very good detecting

Sorry for my bad english.

 

dorg, antivir adds detection for ANYTHING you send, and removal is spotty at best, for instance where were your undetected files from?, are you sure eset doesn't detect them already before there run?, are they just dropper files that drop the actual malware exe's, and the malware exe's are detected?

many variables to this

-Brian

 

I have in folder, when I scan (with heureustic and all options) found 0.

Just exemple in file send at eset and not add :
http://www.virustotal.com/reanalisis.html?5b1e5d864a36c7b3ebfee26847a70326 (more 1 month)
http://www.virustotal.com/reanalisis.html?4f1d5dbce1a108772a016fe780dd7097
http://www.virustotal.com/reanalisis.html?3f5e7950c0c4f8933e39f395f77e9ac3
http://www.virustotal.com/reanalisis.html?cdbafe20044c0f95fac9030d993d2117
...

i just formatted pc, i have 7 files in pending...after i have +/- 15 files... :/

 

Scan on demand :
http://i37.tinypic.com/2wpowab.jpg

there are :
1 vbs worm usb
1 .com worm messenger (new i send this morning)
1 Marsufix (crack nod32 not add too ? )
4 adware/malware

 

Look, I was a NOD32 fan for a long time. A very long time. I recommended it to friends, family and co-workers.

Sadly... it's detection rates are swiftly dropping, as evidenced not only by testing, but real-world examples such as what the OP provided. Now with 3.0, detection is failing even more than ever.

So, to all you NOD fanbois in the thread calling the OP immature or rude or whatever, give it up already. This antivirus is waning in popularity and detection and a lot of people WILL be moving away from it to better programs.

This is not a flame, it is simply facts as I see them, read about them and experience them myself.

I've since switched to Avira and have stopped using NOD. Avira has caught things that NOD simply refused to. And my subscription to NOD doesn't run out until late December...

 

Spotty at best, eh?

Not for anything... but NODs removal routine is spotty as well. Just like a lot of OTHER AVs.

But, it's a moot point since removal is the last thing you should worry about. DETECTION BEFORE INFECTION is more important than that.

 

Yes nod32 now detecte .com worm msn :
C:\Users\****\Desktop\Nouveau dossier\D90037.JPG_Photobucket.com - Win32/IRCBot.AJI cheval de troie


Good less 4 hours, just next update....
but the they don't want add other lol...

 

Well i gotta tell you i see this thread being locked, but out of curiousity what exactly did avira detect that nod did not?

 

By the way, we have thousands of examples where Antivir is missing threats detected by NOD32. We have never said that our detection 100% covers all threats. I'm quite positive that the statistics may flip over in the near future. We're on a good way to achieve it thanks to some significant improvements to heuristics and increasing the number of virus lab analysts. There are many things that are going to improve and I'm sure each of you will notice this in any aspect, not only in detection.

 

can someone please interpret this for me. and msg me or email me at leemar [at] smartbro [dor] net

** HijackThis Log removed per this policy. If you need a log reviewed, please go to one of the forums mentioned or another similar PC cleaning forum.

 

I agree with that.

 

Marcos is right,no AV can 100%.See this one:http://mtc.sri.com/live_data/av_rankings/

 

That's true, nothing is 100%. But I'll take 96% over 70% any day.

 

True...If nothing is 100% the better is the best and it seems that Avira is the new boss now for the last couple of months...

 

I really can't go to sleep now . Really impatient !