Antivirus 360 got through

Discussion in 'ESET NOD32 Antivirus' started by bradtech, Feb 25, 2009.

Thread Status:
Not open for further replies.
  1. bradtech

    bradtech Guest

    It could be my fault because I did not have
    Potentially unwanted apps
    or
    Potentially unwanted
    Potentially unsafe
    Applications enabled.. However I would classify Antivirus 360 as a Adware program since it got in and installed itself under a LOCAL USER account without administrative access, is linked by a DNS forward from another site, and it pretty much tricks the users into installing it.

    I enabled all the heuristics, and unwanted/unsafe settings and ran NOD32.. It said everything was clean.. Ran Malware Bytes, and it found some stuff left over from it..

    This looks bad since I am rolling out 2,000 copies and lobbied to get NOD32 in the door, and Symantec out.

    Unfortunately our proxy is just a basic squid, and we are in the infancy of bringing this place into a secure environment with a Websense like solution that will possibly block redirects to malware sites..

    Still This is not an unknown problem please add detection for AV360.. Trust me I have used NOD32 for a long long time.. Implemented NOD32 into a small school district, and am now doing it for several State Agencies. I really hate seeing what I get in the door fail, but understand nothing is a kill everything solution.

    I am just having a hell of time with these AV2008,AV2009, and now AV360 programs getting through Internet Explorer and onto our machines.. We are trying desperately to get everything on par with a private sector like environment. Hard to undo 10-15 years in the eight months I have been there.:'(



    PLEASE REFERENCE
    http://myreader.co.uk/msg/102018335.aspx
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Unfortunately, an AV with 100% malware detection is utopia. The malware authors don't sleep and they continually develop their creations to avoid detection by AV programs. I'll quote VirusTotal: "Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. You may become a victim of misleading advertising, if you buy such a product under those premises."
     
  3. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Hello Bradtech, unfortunately as Marcos said, no AV is perfect :/

    If you glance at the update list for ESET, they add fake AV variants nearly every update, it's just really bad luck to come across one not detected, and the best thing if you can manage to get the undetected files, is to submit them.

    To clear up though, they are not in the "PUA" category, they are actual threats.
     
  4. bradtech

    bradtech Guest

    Yes, I brought this up, and understand that these individuals are up all night figuring out ways to get past Eset, Symantec, Kaspersky. I left out Mcafee because everything does get past them..

    Anyhow I just thought I would bring this up here hoping that an ESET rep or someone sees this, and hopefully we can get a def signature out for AV360. I am not knocking ESET NOD32 at all, and I never went with ESET on the notion it would catch everything. I know it catches more over a span of my career testing it, Symantec, and Mcafee.

    Trust me, I am IMPRESSED and an avid supporter of NOD32.. It is just my mentality to want to contribute, get the word out, and hopefully touch base in the official ESET forum because I do not want to see ESET look bad in the eyes of others who are not as versed, or understandable *higher ups not technical *puppy* *.
     
  5. bradtech

    bradtech Guest

    I would also like to add that I have researched this, and found Kaspersky, and Symantec have let this one get past also. I am looking at implementing a Systems based or Restricted Site policy for known parasites.. Especially this raunchy AV2008/2009/360 series..

    *NOD has defeated AV2009* the one that does a fake BSoD and Windows boot up.. I installed NOD32, and it caught it, and defeated it.. Symantec 10 with current updates failed to defeat it.
     
  6. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    You can't really speak of AV360 at "it", like it's one thing, when today alone many many variants will have been created.

    ESET adds detection as it finds them/as samples are submitted, again, you can't refer to it as "I hope ESET can add detection", because it is plural here not singular.

    Just clearing that up :) anyway you can help via http://kb.eset.com/esetkb/index?page=content&id=SOLN141
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    As funkydude says, it's not a matter of a particular one variant which uses similar files. If it was so, most AVs would already detect them with a generic signature. It's a neverending fight with malware writers where's one ahead of the other. There will be some improvements in this regard in the future, but this will require a completely different approach to detection than the one most AVs currently use.
     
  8. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Ppl oughta stop depending on Av's to protect against spyware
     
  9. bradtech

    bradtech Guest

    NOD32 is a security package which protects against both. People need to realize I posted this not to bash NOD32, rather to let people know about this.. I sent out an email this morning instructing the Tier 2 Technicians to compress Spyware, and email it in if NOD32 misses it, and also how to submit various files..
     
  10. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    A360 is really no different from XPAntivirus2009, 2008, etc. It's been out for many months already.
    Check out all the aliases that this same family of trojans runs under...
    http://en.wikipedia.org/wiki/Rogue_software

    These people pushing out these rogues are releasing several new variants per day...staying ahead of most of the antivirus brands.

    As much as I've loathed Symantbloat over the past several years, I've noticed their new, light 2009 product is doing very well against these rogues. That new "pulse" updating..where it gets updated malware defs every 15 minutes, seems to help quite a bit in staying ahead of these constantly morphing rogue variants.

    Scroll down, that's just a partial list of the names. I've come across nearly 50% of those with our business clients..on their networks. 95% of our clients are running EAVB on their networks.

    I've cut down infections quite a bit by implementing UTM appliances on the networks of many clients, replacing their traditional NAT routers. Been using Untangle for most of those. It has additional virus scanning, as well as a good AntiSpyware module. Scanning of traffic is done at the gateway, so zero performance hit to the clients by having additional scanning done.

    It's great for schools also, as it helps in content filtering compliance.
     
Thread Status:
Not open for further replies.