Antivirus 2009 Scareware not detected by ESS?

Discussion in 'ESET Smart Security' started by JackSun, Dec 11, 2009.

Thread Status:
Not open for further replies.
  1. JackSun

    JackSun Registered Member

    Joined:
    Mar 21, 2009
    Posts:
    25
    Hi,

    I have been a user of Eset Smart security for many years and have always considered it to be the best product of it's type.
    I have recommeded it to many of my customers and friends for the past few years and I have never had to deal with any malware problems on their machines.
    Before that they were mostly using various free and some well known big name "paid for" Security packages. I would often get calls from them with malware problems that had got through their so called protection.

    But just recently I have had to deal with at least 20 infected machines who have all been infected by variations of the Scareware program Antivirus 2009 and Total security 2009. In all cases they have been using Eset smart security 4 (as recommeded by me) and they were all fully up to date and still within their subscription period.

    In a number of cases ESS had flagged up some problems but was unable to deal with them i.e. it says unable to clean or that files were deleted but then after a restart they are back again.

    I tried running a command line version of ESS virus scanner but still the same problems. About 80% of the machines I have been able to recover by running Malwarebytes anti malware, SuperAntiSpyware in Safe Mode (although this particular virus can make it difficult to start in safe mode), HijackThis and a number of manual registry deletions. All of this is very time consuming as you have to run multiple scans and searches in the registry to get rid of the many components.

    In a couple of cases I have had to give up and reintsall a fresh copy of Windows after backing up their data first.

    In almost all cases I have been asked the question "I thought this Eset package was supposed to protect me from this sort of thing?"

    And I've had to reply :"well in my experience it usually does but in this case it seems to have messed up"

    So what's the issue, why doesn't EEST detect and stop this malware before it gets installed?
    And if it does get installed why do I have to use many other free tools to get rid of the infection. Surely my paid for security package should do that for me?

    I won't name any names here but I have tested 5 well known security suites and 1 free product. I setup a spare PC with a Virtual machine copy of Windows XP SP3, fully patched. I then tried infecting the machine with a copy of the malware I had taken from one of the infected machines.
    The free AV software detected and stopped it. 3 of the 5 big name packages also stopped it and 2 of them detected problems but like ESET let the machine become infected.

    I would have hoped for a better level of protection than this, especially as this malware has been around for some months now.

    As I write this I have had two more calls from people who have machines displaying the symtoms of this infection. I won't know for sure until I get a chance to look at them but I would put a fair amount of money on a wager it's another of the same infections.

    So from my recent experience I would say this piece of malware is going to be a major problem with many securty packages unable to protect them. I hope Eset can get some decent protection from it very soon. o_O
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Re: Antivirus 2009 Scareware nto detected by ESS?

    It's been discussed recently here.
     
Thread Status:
Not open for further replies.