Sometimes NOD32 catches viruses before they're added to the signatures. I know it's thanks to the heuristics engine. BUT... does that mean all nod32 users are protected or only those that knows how to scan with AH using the command line? If the latter is correct I think nod32 developers should inform their customers that those worms or whatever it is are detected only by using the command line / shell extension & not by default. I hope anybody can answer this question. Here's an example http://www.nod32.com/msgs/baglea.htm "Win32/Bagle.A is one of a long series of worms that NOD32 detects using a unique “Advanced Heuristics”, which means that all NOD32 users are protected against this worm from the time it was released in the wild. The detection of Win32/Bagle.A using sample is added since version 1.601."