bad detection rate for trojans?

Discussion in 'ESET NOD32 Antivirus' started by Gelangweilt, Oct 26, 2009.

Thread Status:
Not open for further replies.
  1. Gelangweilt

    Gelangweilt Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    15
    i recently ran a scan of ADAware Pro and i was shocked ow many Trojans were found in archives on my PC.
    See attached screenshots.
    I was wondering why ESET did not detect any of them?
    ESET is also configured to scan archives and so i dont know why this anto virus program cant find stuff a freeware program can find.
    i checked the results with Virus Total Online website and they were real (unfortunately).

    Are my settings wrong or is Eset just bad at detecting Malware / trojans?

    Greets,
    Gelangweilt
     

    Attached Files:

  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    How do you know that the files are actually malicious? What if they are just a sort of data or configuration files created by the trojans or even false positives? Have you submitted them to ESET for analysis per the instructions here? Even if they were actually functional missed samples, remember that no AV protection has 100% detection of malware. If you installed EAV on a computer protected by Adaware it might find malware undetected by Adaware.
     
  3. Gelangweilt

    Gelangweilt Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    15
    Currently i have both scanners installed:
    AdAware Pro 8.1 and EAV 4.0.67

    I didnt submit them to Eset, as i deleted them in AAW Pro already.
    I will do next time.

    Anyway i was wondering, as some files which contained the trojans were on my HDD already a few months....
     
  4. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    Mabe you did not have your archive scanning set properly in NOD32, and thats why it missed them ?
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You call them trojans, but what if they were just benign data or configuration files, or even false positives from Adaware? At least knowing the file names and their location would shed a little light.
     
  6. Gelangweilt

    Gelangweilt Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    15
    i am 100% postive archive scanning was ON, as i could see the files in the archive during scanning.
    There were showing up at the scan progress window.
     
  7. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    There is a test site I use, that has 100's of trojans directly linked to download files.Every one I have clicked on so far, Eset has cought :doubt:

    Those are the names in that list in your screen shot of the trojans ? i'll find them on the site and see if my NOD32 misses them then.
     
  8. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    The heuristics cought this one:

    Untitled.png
     
  9. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    Signatures cought this one:

    Untitled.png
     
  10. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    Not enough info about the trojan.downloader and I can't find the firefox one in the list, but you get the point.
     
  11. Gelangweilt

    Gelangweilt Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    15
    Thanks for the effort.
    Can you let me know where that site is so i can check myself?
    Not that i doubt your results, but maybe my setup is messed up or some setting is wrong?
     
  12. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
  13. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,920
    Location:
    U.S.A.
    Gelangweilt, because you are a new member, please review the Terms of Service policy you agreed to, when signing up. We don't want inexperienced visitors to download something that can damage their computers and that is why, posting links to malware are not allowed in this forum. It's also the reason why ccomputertek covered the URL in the images.

    ccomputertek, thanks for abiding by the TOS! :thumb:
     
  14. Gelangweilt

    Gelangweilt Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    15
    Thanks to both of you.
    Sorry for asking for that website.
    Eicar was detected on normal http, the SSL one was not detected.
     
  15. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,920
    Location:
    U.S.A.
    Gelangweilt, no problem! As you post more, the Private Message feature of this site will become available to you, thus being able to discuss things in private with other members.

    I don't use ESET, but my AV detects the SSL eicarcom2.zip, as soon as the download process starts. Hopefully, Marcos or someone else will respond soon.

    JR
     
  16. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    :thumb:



    Are you using NOD32 4.0 with SSL checking enabled ?
     
  17. Gelangweilt

    Gelangweilt Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    15
    I thought it was, but it wasn't.
    just tried again and it worked.

    from the setting in https.png i was assuming it was on.
    until i checked the protocol setup in https2.png, where SSL was disabled.
     

    Attached Files:

  18. Gelangweilt

    Gelangweilt Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    15
    Can you tell me when i can use the PM feature?
    In the TOS it won't say exactly when a new user will get this feature.
    only that a mod can assign it or when limits are reached (which are not specified...)

    Cheers,
    G
     
  19. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,920
    Location:
    U.S.A.
    Gelangweilt, I have PM'ed you.
     
Thread Status:
Not open for further replies.