Does NOD32 Personnel Agree With (Virus Test by GEGA IT-Solutions)??

Discussion in 'NOD32 version 1 Forum' started by agoretsky, May 1, 2003.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Looks happy in OE (not blocked/detected by ISP, either):
     

    Attached Files:

  2. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    No!


    They are available to download from various VX sites for a long time.



    Technodrome
     
  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Starts getting a little confusing for me here. Clicked on the attachment to try to open it and got bogged down trying to figure out what to open it with, so I gave up on that and just put the file itself inside my "Suspect Files" folder for scanning.

    Scanned it with TDS-3 (no alerts)
     

    Attached Files:

  4. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Got a little out-of-sequence there (or one of my screenshots didn't work right)
     

    Attached Files:

  5. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Right-click scanned it in that folder with NOD:

    (Isn't the (2) in there saying that it did scan two each of the six?)
     

    Attached Files:

  6. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Checked it with Wormguard
     

    Attached Files:

  7. _anvil

    _anvil Guest

    @spy1

    AV/AT's cannot scan in password-protected archives. You hav to unpack the archive (password: open), before you can scan it (if I understand your mail screenshots correctly...) :)
     
  8. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Anvil - So, what am I doing wrong here?

    What does "password is open" mean?

    Where do you put the password in?

    (It hurts to be this dumb, sometimes! :p ).

    I'm going to run full scans with various things and I'll be back later. Pete
     
  9. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    I sure I'll dig out packers out my collection that McAfee can't handle. The thing is want to make a product looking good or bad you simply select the right test set.

    BTW did you realised that it is stupid to pack viruses? Why? The packed virus might be undetected in the first instance but if you run such a packed virus it won't infect other files anymore because it got caught by the AV. So basically what you have is an undetected virus dropper that doesn't work anymore.

    Packing/Crypting is only a threat to malware which does not infect other files like trojans.

    wizard
     
  10. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Yes that would be the optimal testing scenario but most av programs do not offer the possibility to disable the string scanning part. So I think this is not a real option.

    wizard
     
  11. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Well, I'm at a stand-still here until someone decides to step-by-step me through how to go about un-packing the stuff Vamp sent me. I can't seem to find anywhere to put in the password to un-pack them.

    Gee, is this why virus-testing is best left to the experts? :D Pete
     
  12. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello,

    He says the archive is pwd protected and that the pwd is "open" ;)
    So you need to enter the pwd to unzip his archive.
     
  13. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Where do I - PUT - the password? !!!!!!!!!!!!!
     
  14. xor

    xor Guest

    It's a RAR 3.x Archive - you need to expand this with the official WINRAR Expander.
    This Archiv Unpacker does ask you to enter a password if you try to extract this Folder or viruses.

    Some ZIP Version's (such as INFOZIP) ARE NOT SUPPORTED TO UNPACK THIS This means for instance you can't unpack this with the buildin unpacker from Windows Commander or other Tools.

    Michael
     
  15. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Thanks, Michael - so I need to get WinRAR Expander? Or Winrar?

    I am totally running out of time here - have to be at work by 2.

    BTW, did a default scan with GAV to see if it would pick up anything on this as it is now.
     
  16. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    BTW, I'm going to do all the rest of this in another thread somewhere - I apologize for hi-jacking this one.

    Later. Pete
     
  17. xor

    xor Guest

    GAV 3 does not scan WINRAR 3.x Archives.
    However, i am just about updating now i do not have a lot of time yet to explain sorry ;)

    And i think it's not a good idea to distract this thread with GAV things/pictures - it has nothing to do with the NOD32 Forum.

    Michael
     
  18. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    People, you are going very very off topic ......
     
  19. Vampirefo

    Vampirefo Guest

    Yes, they are, How low will you people go to protect NOD.If NOD fails a test, the test was at fault, If NOD misses a virus, it's not a real virus or it's not ITW.

    You guys really make NOD look worse than I do, Keep making excuses for this AV, LOL. Every test is wrong, every virus is not real or ITW unless NOD, can pass the test or detect the virus.
     
  20. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    "When a virus is reported to us by two or more Reporters, it's a pretty good indication that the virus is out there, spreading, causing real problems to users. We consider such a virus to be 'In the Wild'.

    As far as where is 'out there', we like the definition given by Paul Ducklin of Sophos, PLC in his paper 'Counting Viruses':

    For a virus to be considered In the Wild, it must be spreading as a result of normal day-to-day operations on and between the computers of unsuspecting users.
    This means viruses which merely exist but are not spreading are not considered 'In the Wild'.

    Similarly, for a trojan to be considered "In the Wild", it must be found on the computers of unsuspecting users, in the course of normal day-to-day operations. "



    Technodrome
     
  21. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Those are ZOO viruses that you downloaded from well known VXers sites. I got every sample and I am sure ESET has too. No need to add them since they failed to spread.



    Technodrome
     
  22. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Here you can check for ITW viruses for each month:
    http://www.wildlist.org/WildList/

    NOD32 is able to detect a large number ZOO viruses. So you think every virus that NOD32 detects is ITW? LOL! Funny.


    Technodrome
     
  23. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Just a technical question since I'm wondering. How can a PC be infected by a RAR file if the user can't open it? How would the virus execute?
     
  24. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    Shhh sig, that would knock the legs out of the whole argument!!
    (sounds familiar doesn't it) ;)
     
  25. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    I'm wondering Vamp, why do you continue in this thread? Its obvious you use another av (mcafee) and not nod32, you have a blatant dislike for (as you have stated) nod32 users and no doubt nod32 as a program in itself.


    I simply wonder why you keep banging your head against a brick wall in the wrong forum to get anyone onside o_O
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.