Nod32 missed Backdoor Trojan

Been using Nod32 now for almost 12 months, its been fantastic

Lately I've been having problem with my Windows XP Firewall.. It will auto disable itself, over and over each time I turn it back on.
A complete scan with Nod32 did not detect anything, so I tried another antivirus program.

'eTrust' is what I tried, and it detected a 'Backdoor-CCB' Trojan located in my scvhost.exe file which was causing the problem. I would have sent in a copy of it, but its been removed from my system now.

I'm pretty sure I know where I got it from to start with, so I may even download the file again just so I can send in the trojan for the Nod32 guys to see.

 

Hi Raptess,
no AV program will ever guarantee 100% detection of every single virus in the world, that would be so-called "perpetum mobile" in the antivirus world. However, Eset endeavours to get a 1st-class detection ratio exploiting the superb advanced heuristics which has been able to detect several thousands of not yet known viruses, worms and trojans.

Whenever you find your machine behave in a fishy manner, please download the utility HijackThis (http://209.133.47.12/~merijn/files/HijackThis.exe) and send the log created to support@nod32.com for analysis.

 

Hi Raptess, that would be appreciated, if you can download the file, please zip it up and send it to samples@nod32.com

Cheers

 

You mean "perpetuum mobile", which (for those who don't want to bother looking it up) means "perpetual motion". I looked it up, but still don't understand how it applies here. I assume it means "an impossible, never-ending job".

But the point is a good one. When I ran KAV 5.0 (that is, before being driven clinically insane by its astonishing CPU usage), I found two or three trojans that it missed (but TDS-3 caught). I submitted them, and they were added, but the point is made: No single AM product is perfect, even the venerable KAV.

---------
P.S. I didn't become infected with these trojans; I merely came across them on Usenet, and downloaded them to test KAV 5.0. I'm glad I did. BTW, one of the trojans was what TDS refers to as "Trojan.Win32.Golid.b". The others I'm not sure of, since I can't find the emails I sent. It doesn't matter anyway.

 

look no disrespect, and i'm a happy nod32 user, but i'm kinda sick and tired of eset pple and the mods in here keeps saying how great nod32's heuristics is.........please next time when someone complains about nod32 not detecting some viruses.....it would be better to say something like..."we will do some more research and we will update our database soon...." or something along the line.........

 

Don't forget that it can also be that the other package gave a false alert... NOD32 will not do that on that file and then it is the bad one? I don't agree on such a thought.

 

Great advice Derek, thank you.

Eset are growing at a rapid rate and with this need all the help that they can get with new samples from those that find them, the address is: samples@nod32.com

Cheers

 

Is Eset not included among other av's and the sharing of newly detected viruses? If so, they should have had it in their defs quite awhile ago, obviously they didn't. This particular virus was added by most vendors to their defs in April 2004. What's up Eset

 

I'd love to know how you came into that bit of information, since you don't even know what version or variant of the "Backdoor-CCB" trojan was missed.