Nod 32 Not Detecting Viruses

Discussion in 'NOD32 version 2 Forum' started by worldcitizen, Aug 4, 2004.

Thread Status:
Not open for further replies.
  1. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Dave, this is what is set up on my system and they all play together nicely:

    1. Nod32 Beta - Anti-virus
    2. Zone Alarm (free) - Visual outgoing alerts
    3. Spyware Blaster (free) - Spyware Prevention
    4. Spyware Guard (free) - Browser Hijack prevention
    5. Spybot Search and Destroy (free) - if running the above 2 programs, should remain fairly clean
    6. Adaware (free) - same as above
    7. Script Defender (free) - Script protection
    8. System Safety Monitor (free) - Registry change warning
    9. File Checker (free) - Monitors important ".exe" files of various programs
    10. Mozilla Firefox (free) - Safer Web Browser - try some of the exploit tests in the "Polls" section here at Wilders, it's scary stuff, enough to have most people looking for better solutions...
    11. Proxomitron (free) - With Kye-U's filters installed
    12. Ewido (free) - anti-trojan
    13. For email - Mozilla Thunderbird (free) - I don't use it because I only have Hotmail.

    Now you have some even better programs such as TDS (I'd set it to run at start up) and Process Guard that void out Ewido and File Checker.

    The above will give you a fairly tight system. Ultimately it comes down to safe practices, still, it is always best to practice and think of safety, otherwise it will remind you and it won’t hold back in doing so... it's a bit like gravity, very unforgiving...

    Hope this helps...

    Cheers :D
     
  2. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    Hi BlackSpear,

    I'm re-arranging everything and I really appreciate your advice.

    It's true I've got a lot of very good programs but for some I'm still waiting for fixes. Port Explorer was definitely a shining star. When I 1st bought it I used to ask what do I do with tit. Now I was noticing my connection running I found hidden processes etc.

    Thanks again,

    Dave
     
  3. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    That was a mispelling and besides I know only too well what to do with that. :D

    Dave
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    ROFLMAO, no comment :D

    :D :D :D
     
  5. Manuel

    Manuel Registered Member

    Joined:
    Jul 23, 2004
    Posts:
    11
    So now, I have to drop some words...
    What's up in here? His fault was the missing firewallo_O Not really, hm?

    When nearly all scanner out there did detect the viruses, why didn't Nod?
    Using Nod means must-have a firewall? Come on, this can't be the trouth.

    Using a firewall to prevent trojans phone home?
    I think a anti-virus software should prevent me from trojans?

    I use KAV 4.5 with no firewall. Never had any virus oder trojan.
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    That's like saying I run across a very busy highway every day and have never been hit...

    For this trojan to get past 2 of the worlds best, it pointed to other security issues. The new Beta of Nod32 would have picked up the trojans upon download...

    Cheers :D
     
  7. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    Hi There,

    I've had to discontinue using NOD 32 because of the concern that all the other AV's picked up the virus but NOD 32 couldn't detect anything . The problem here was with NOD 32 's inability to detect what all other AV's could and nothing to do with firewalls. Regardless of whether my firewall is good enough or not NOD 32 should not have missed a virus that seemed to be very well known by all other AV's.

    I'm willing to accept that maybe a weak firewall let it through but then NOD 32's scanner should have picked it up on a full deep scan like all the other AV's did but it didn't and so I can't rely on NOD 32 anymore.

    Dave
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Hi Worldcitizen,
    are you sure NOD32 didn't pick it up even with Advanced heuristics enabled? (just to explain - unless you have the beta installed, you need to run nod32.exe with the /ah parameter). As I have already stated before, most of even not yet known variants of Agobot are detected via AH and its engine will be improved soon for better trojan detection. In conjuction with the HTTP scanner, it will be a powerful tool against trojans.
     
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Like I stated here:

    You are laying the blame of a Trojan at the foot of a anti-VIRUS program, when you also were using TDS, a world leader in TROJANS, if not THE world leader in trojan detection.

    I am not trying to defend the indefensible here, just trying to say, if you want to play off road, then you need a off road vehicle set up accordingly, in this case you did not have your system set up correctly, as pointed out further up this thread...

    Cheers :D
     
  10. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    This in addition to the fact that nobody has seen these files which are undetected by both NOD32 and TDS3.
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Exactly ;)

    Cheers :D
     
  12. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    Hi Guys,

    I told you that they were automatically deleted by other AV programs and I didn't keep a copy. The logs I posted were genuine and if other Av's could pick them up then I expected NOD 32 to do the same.

    The issue here for me is that all the other AV's were able to detect what NOD 32 couldn't. If these were only supposed to be detected by an anti-trojan program then why were they in the data base of EVERY online scanner I used and not in NOD 32's??

    It'll probably be fixed up in the next version & it was probably a one off issue which will never happen again.

    Regards

    Dave
     
  13. sard

    sard Registered Member

    Joined:
    Apr 18, 2004
    Posts:
    175
    Location:
    UK
    It's not a one off,

    https://www.wilderssecurity.com/showpost.php?p=222181&postcount=22 is my account of NOD32 failing to detect something all other AVs detected.

    https://www.wilderssecurity.com/showthread.php?p=227840# is about a virus redgob had that many other AVs detected.

    In both cases NOD32 supposedly had the definition for them already. Never did get an explanation as to why these old viruses were missed by NOD32.
     
  14. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I was the last to post, asking Redgob to keep us informed:

    In the above thread (Redgob) Nod32 did pick up the infection through a online scan, why it didn't pick it up on Redgob's system remains a mystery...

    Cheers :D
     
  15. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Hi Dave, most of other AV vendors have a much bigger base of clients who provide them with suspicious files for analysis. However, as I have stated before, NOD32 uses an unprecedented advanced heuristics which detects a high number of threats without needing to have the appropriate update installed. It's still not clear to me whether the trojan slipped through NOD32 at the time you had the beta or a regular version of NOD32 installed. If the former, it's obvious it could not be detected via AH unless you ran nod32.exe with the /ah parameter.
     
  16. sard

    sard Registered Member

    Joined:
    Apr 18, 2004
    Posts:
    175
    Location:
    UK
    It would be nice if like most other AVs NOD32 had a built in mechanism for submitting suspicious files. Any plans to implement such a system?
     
  17. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Hi Sard,

    Of course, that's one of our priorities now.
     
  18. kwesi

    kwesi Registered Member

    Joined:
    May 18, 2004
    Posts:
    87
    Location:
    London
    Just one quick thing, worldcitizen. I don't have any axe to grind in this, but I was wondering, having seen your list of very impressive defence apps on your system, whether, in fact,the NOD 32 detection capability might not have been disabled through competition/conflict with the three ATs that were on your system, let alone some of the other products?

    Certainly, I know that there is a conflict between NOD and ZA Pro (possibly with minor effects), & that scanning with an AT or AV, is usually better if the other product's scanner is switched off. I'm also wondering, given some of the things that I've seen while trialling KAV 5 and NOD 32, whether running Spysweeper (like you, I have that, plus Spybot & Ad-Aware, etc.), also adds to the soup. We're all drowning in multi-capable defence apps!

    I hope that things settle down soon for you, & I, for one, would be very interested in what AV you eventually settle for, & why (I'm currently trialling McAfee VS Enterprise 7.1, & I quite like it, but if I find that I can't buy or can't afford it for home use, I'll trial KAV 4.5, I think; KAV 5 squashes System Restore on my PC). Good Luck, & Safe Hex, as others have said.
     
  19. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Excelent :D
     
  20. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    Hi Guys,

    Glad your all not mad at me.

    To Marcos - I was using the usual NOD 32 not the beta because the beta kept crashing my PC so I couldn't uses it. It's always possible that SpySweeper conflicted because SS picked up the attack however on a full scan NOD 32 did not.

    I eventually settled for Bit Defender Pro for many reasons. It has a http scanner, a good firewall, a registry monitor, script control, cookie control, email scan, can block internet traffic, dial activity control and 24/7 hrs live support. You can talk with a real person anytime online and they really know their stuff. They have 500 + staff and regular updates. Also you can submit a file via the quaratine menu direct to their support. Their support apart from live support is excellent. I usually get an email response between 30 minutes and a couple of hours at most.

    Works just great with XP SP2 Windows Security Centre which recognises both the AV and the Firewall when they are turned on and off and gives alerts if one or both are turned off. They really got ready for SP2 well ahead of schedule and I was very happy to see that they had done their homework very well indeed. Protects P2P, is very configurable with many options including a scheduler. They have phone support in addition to the 24/7 live online support and email support.

    Scanner scans inside packed and archived files also. Live update also works extemely well. Average about 2-3 updates a day depending on the latest threats. Although Certified by ICSA Labs, VB and Checkmark I rate their support as well as being able to easily submit files more important because when things go wrong you need immediate help and it's there with this product.

    Best

    Dave
     
  21. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    This is log file of a right click scan on my wallpaper folder:

    Scanned files

    D:\Programs - Master\XP\XP Wallpaper\631943817332199.jpg OK
    D:\Programs - Master\XP\XP Wallpaper\Aero Bliss.jpg OK
    D:\Programs - Master\XP\XP Wallpaper\bliss.jpg OK
    D:\Programs - Master\XP\XP Wallpaper\cover_1024x768.jpg OK
    D:\Programs - Master\XP\XP Wallpaper\daemon_1024.jpg OK
    D:\Programs - Master\XP\XP Wallpaper\goldeye2_1024.jpg OK
    D:\Programs - Master\XP\XP Wallpaper\greenland.jpg OK
    D:\Programs - Master\XP\XP Wallpaper\Hobbit Hole.jpg OK
    D:\Programs - Master\XP\XP Wallpaper\Longhorn PDC Bliss.jpg OK
    D:\Programs - Master\XP\XP Wallpaper\mage_1024.jpg OK
    D:\Programs - Master\XP\XP Wallpaper\Midnight Bliss.JPG OK
    D:\Programs - Master\XP\XP Wallpaper\monster_1024.jpg OK
    D:\Programs - Master\XP\XP Wallpaper\road.jpg OK
    D:\Programs - Master\XP\XP Wallpaper\sf4.jpg OK
    D:\Programs - Master\XP\XP Wallpaper\sf5.jpg OK
    D:\Programs - Master\XP\XP Wallpaper\SF_Wallpaper_02_BoW_1024x768.jpg OK
    D:\Programs - Master\XP\XP Wallpaper\Skeletton 1024x768.bmp OK
    D:\Programs - Master\XP\XP Wallpaper\Skeletton 1024x768.jpg OK
    D:\Programs - Master\XP\XP Wallpaper\Thumbs.db OK
    D:\Programs - Master\XP\XP Wallpaper\TW02_1024x768_5.jpg OK
    D:\Programs - Master\XP\XP Wallpaper\WallIrish1024.bmp OK
    D:\Programs - Master\XP\XP Wallpaper\Winter.jpg OK
    D:\Programs - Master\XP\XP Wallpaper\Xp Wallpaper Folder.txt OK
     
  22. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,229
    I am beginning to wonder if we can trust what you are saying. Here you say you had nothing but problems with the new beta but in a thread that you started about how great the beta was you said:


    Now you say you must go with another AV due to so many problems with NOD. What gives? You should go with the AV that works the best for you and on your system, but I for one don't know what to make of your posts. In one thread you have all kinds of problems and must switch to Bitdefender, in another NOD is the greatest thing since velcro.
     
  23. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    Hello,

    I said that immediately after I downloaded it. It began causing me problems shortly afterwards. I was SO EAGER to SING THE PRAISES OF THE NEW BETA (which clearly showed my bias at the time TOWARDS NOD 32) that I didn't even wait for any problems to develop as I had 200% confidence, trust and faith in the product after using it for so long.

    So this does not contradict any of my statements made except that it was made BEFORE all the problems as well as viruses occured.

    I still feel that people would rather try and call me a liar than accept that I'm telling the truth. Again I say that I have no reason to lie and I am not in the business of deceiving or spreading misinformation. It's simply a matter of timing. I wrote that BEFORE any problems occured and the rest is history so please don't keep sitting in judgement of me.

    Of course I was impressed with the beta and still am except it kept crashing my machine. My wife discovered that the next morning. So I had to discontinue using it and revert back to the normal NOD32. But my eagerness to jump online and PRAISE NOD32 HAS NOT BEEN PICKED UP BY ANYONE and you all have preferred to call me a liar instead of realising that I was among the VERY FIRST to PRAISE THE VIRTUES OF THE NEW BETA.

    I am very disappointed that I am being mistrusted because I am telling you all the truth and can clear up any misunderstanding or contradiction you wish because I am telling the truth and know what happened and when it happened and how it happened. I've had NOD32 for over a year and there's no reason why I should have to ring the US (no reply to my emails) to request a refund for my 1 year license and then spend another $39.95 for another AV. I would rather keep my money but after that attack I just couldn't risk it.

    Why is a position of mistrust taken instead of an open mind especially when I have a history (as you have clearly quoted) of PRAISING NOD32o_Oo_O Had the beta not kept crashing my PC then I would still be using it and not have changed anything because I liked it very much but everytime my wife started listening to live broadcasts then the drive went crazy scanning and the pc crashed. An uninstall solved the problems.

    Regards

    Dave
     
  24. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,229
    Ok I guess I have to eat my words, I have both Panda and NOD installed and for the last few days I have been using NOD as the on access scanner. Today I switched back to Panda and guess what, within seconds I got;

    Scan complete On-demand antivirus scan 08/12/04 17:05:23 Scan: C:\WINDOWS\system32\drivers\etc\ directory
    Virus detected: Trj/Qhost.gen On-demand antivirus scan 08/12/04 17:05:23 Moved Path: C:\WINDOWS\system32\drivers\etc\hosts
    Scan started On-demand antivirus scan 08/12/04 17:05:05 Scan: C:\WINDOWS\system32\drivers\etc\ directory
    Enabled E-mail antivirus protection 08/12/04 17:04:18 Correct
    Enabled File antivirus protection 08/12/04 17:04:18 Correct
    , Unfortunately Panda is set to disinfect automatically and quarantine so I can 't send the file to Eset. It does seem that NOD has trouble detecting Qhost trojans as I think that is what worldcitizen had when he started this thread. What gives Eset?
     
  25. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,059
    Location:
    Texas
    Why do you assume NOD is wrong? Did you have problems with your computer?

    I have a program to scan on demand and it named one of NOD's files a trojan!!
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.