Antivirus 360 got through

It could be my fault because I did not have
Potentially unwanted apps
or
Potentially unwanted
Potentially unsafe
Applications enabled.. However I would classify Antivirus 360 as a Adware program since it got in and installed itself under a LOCAL USER account without administrative access, is linked by a DNS forward from another site, and it pretty much tricks the users into installing it.

I enabled all the heuristics, and unwanted/unsafe settings and ran NOD32.. It said everything was clean.. Ran Malware Bytes, and it found some stuff left over from it..

This looks bad since I am rolling out 2,000 copies and lobbied to get NOD32 in the door, and Symantec out.

Unfortunately our proxy is just a basic squid, and we are in the infancy of bringing this place into a secure environment with a Websense like solution that will possibly block redirects to malware sites..

Still This is not an unknown problem please add detection for AV360.. Trust me I have used NOD32 for a long long time.. Implemented NOD32 into a small school district, and am now doing it for several State Agencies. I really hate seeing what I get in the door fail, but understand nothing is a kill everything solution.

I am just having a hell of time with these AV2008,AV2009, and now AV360 programs getting through Internet Explorer and onto our machines.. We are trying desperately to get everything on par with a private sector like environment. Hard to undo 10-15 years in the eight months I have been there.



PLEASE REFERENCE
http://myreader.co.uk/msg/102018335.aspx

 

Unfortunately, an AV with 100% malware detection is utopia. The malware authors don't sleep and they continually develop their creations to avoid detection by AV programs. I'll quote VirusTotal: "Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. You may become a victim of misleading advertising, if you buy such a product under those premises."

 

Hello Bradtech, unfortunately as Marcos said, no AV is perfect :/

If you glance at the update list for ESET, they add fake AV variants nearly every update, it's just really bad luck to come across one not detected, and the best thing if you can manage to get the undetected files, is to submit them.

To clear up though, they are not in the "PUA" category, they are actual threats.

 

Yes, I brought this up, and understand that these individuals are up all night figuring out ways to get past Eset, Symantec, Kaspersky. I left out Mcafee because everything does get past them..

Anyhow I just thought I would bring this up here hoping that an ESET rep or someone sees this, and hopefully we can get a def signature out for AV360. I am not knocking ESET NOD32 at all, and I never went with ESET on the notion it would catch everything. I know it catches more over a span of my career testing it, Symantec, and Mcafee.

Trust me, I am IMPRESSED and an avid supporter of NOD32.. It is just my mentality to want to contribute, get the word out, and hopefully touch base in the official ESET forum because I do not want to see ESET look bad in the eyes of others who are not as versed, or understandable *higher ups not technical *.

 

I would also like to add that I have researched this, and found Kaspersky, and Symantec have let this one get past also. I am looking at implementing a Systems based or Restricted Site policy for known parasites.. Especially this raunchy AV2008/2009/360 series..

*NOD has defeated AV2009* the one that does a fake BSoD and Windows boot up.. I installed NOD32, and it caught it, and defeated it.. Symantec 10 with current updates failed to defeat it.

 

You can't really speak of AV360 at "it", like it's one thing, when today alone many many variants will have been created.

ESET adds detection as it finds them/as samples are submitted, again, you can't refer to it as "I hope ESET can add detection", because it is plural here not singular.

Just clearing that up anyway you can help via http://kb.eset.com/esetkb/index?page=content&id=SOLN141

 

As elapsed says, it's not a matter of a particular one variant which uses similar files. If it was so, most AVs would already detect them with a generic signature. It's a neverending fight with malware writers where's one ahead of the other. There will be some improvements in this regard in the future, but this will require a completely different approach to detection than the one most AVs currently use.

 

Ppl oughta stop depending on Av's to protect against spyware

 

NOD32 is a security package which protects against both. People need to realize I posted this not to bash NOD32, rather to let people know about this.. I sent out an email this morning instructing the Tier 2 Technicians to compress Spyware, and email it in if NOD32 misses it, and also how to submit various files..

 

A360 is really no different from XPAntivirus2009, 2008, etc. It's been out for many months already.
Check out all the aliases that this same family of trojans runs under...
http://en.wikipedia.org/wiki/Rogue_software

These people pushing out these rogues are releasing several new variants per day...staying ahead of most of the antivirus brands.

As much as I've loathed Symantbloat over the past several years, I've noticed their new, light 2009 product is doing very well against these rogues. That new "pulse" updating..where it gets updated malware defs every 15 minutes, seems to help quite a bit in staying ahead of these constantly morphing rogue variants.

Scroll down, that's just a partial list of the names. I've come across nearly 50% of those with our business clients..on their networks. 95% of our clients are running EAVB on their networks.

I've cut down infections quite a bit by implementing UTM appliances on the networks of many clients, replacing their traditional NAT routers. Been using Untangle for most of those. It has additional virus scanning, as well as a good AntiSpyware module. Scanning of traffic is done at the gateway, so zero performance hit to the clients by having additional scanning done.

It's great for schools also, as it helps in content filtering compliance.