Discussion in 'NOD32 version 1 Forum' started by agoretsky, May 1, 2003.
Looks happy in OE (not blocked/detected by ISP, either):
They are available to download from various VX sites for a long time.
Starts getting a little confusing for me here. Clicked on the attachment to try to open it and got bogged down trying to figure out what to open it with, so I gave up on that and just put the file itself inside my "Suspect Files" folder for scanning.
Scanned it with TDS-3 (no alerts)
Got a little out-of-sequence there (or one of my screenshots didn't work right)
Right-click scanned it in that folder with NOD:
(Isn't the (2) in there saying that it did scan two each of the six?)
Checked it with Wormguard
AV/AT's cannot scan in password-protected archives. You hav to unpack the archive (password: open), before you can scan it (if I understand your mail screenshots correctly...)
Anvil - So, what am I doing wrong here?
What does "password is open" mean?
Where do you put the password in?
(It hurts to be this dumb, sometimes! ).
I'm going to run full scans with various things and I'll be back later. Pete
I sure I'll dig out packers out my collection that McAfee can't handle. The thing is want to make a product looking good or bad you simply select the right test set.
BTW did you realised that it is stupid to pack viruses? Why? The packed virus might be undetected in the first instance but if you run such a packed virus it won't infect other files anymore because it got caught by the AV. So basically what you have is an undetected virus dropper that doesn't work anymore.
Packing/Crypting is only a threat to malware which does not infect other files like trojans.
Yes that would be the optimal testing scenario but most av programs do not offer the possibility to disable the string scanning part. So I think this is not a real option.
Well, I'm at a stand-still here until someone decides to step-by-step me through how to go about un-packing the stuff Vamp sent me. I can't seem to find anywhere to put in the password to un-pack them.
Gee, is this why virus-testing is best left to the experts? Pete
He says the archive is pwd protected and that the pwd is "open"
So you need to enter the pwd to unzip his archive.
Where do I - PUT - the password? !!!!!!!!!!!!!
It's a RAR 3.x Archive - you need to expand this with the official WINRAR Expander.
This Archiv Unpacker does ask you to enter a password if you try to extract this Folder or viruses.
Some ZIP Version's (such as INFOZIP) ARE NOT SUPPORTED TO UNPACK THIS This means for instance you can't unpack this with the buildin unpacker from Windows Commander or other Tools.
Thanks, Michael - so I need to get WinRAR Expander? Or Winrar?
I am totally running out of time here - have to be at work by 2.
BTW, did a default scan with GAV to see if it would pick up anything on this as it is now.
BTW, I'm going to do all the rest of this in another thread somewhere - I apologize for hi-jacking this one.
GAV 3 does not scan WINRAR 3.x Archives.
However, i am just about updating now i do not have a lot of time yet to explain sorry
And i think it's not a good idea to distract this thread with GAV things/pictures - it has nothing to do with the NOD32 Forum.
People, you are going very very off topic ......
Yes, they are, How low will you people go to protect NOD.If NOD fails a test, the test was at fault, If NOD misses a virus, it's not a real virus or it's not ITW.
You guys really make NOD look worse than I do, Keep making excuses for this AV, LOL. Every test is wrong, every virus is not real or ITW unless NOD, can pass the test or detect the virus.
"When a virus is reported to us by two or more Reporters, it's a pretty good indication that the virus is out there, spreading, causing real problems to users. We consider such a virus to be 'In the Wild'.
As far as where is 'out there', we like the definition given by Paul Ducklin of Sophos, PLC in his paper 'Counting Viruses':
For a virus to be considered In the Wild, it must be spreading as a result of normal day-to-day operations on and between the computers of unsuspecting users.
This means viruses which merely exist but are not spreading are not considered 'In the Wild'.
Similarly, for a trojan to be considered "In the Wild", it must be found on the computers of unsuspecting users, in the course of normal day-to-day operations. "
Those are ZOO viruses that you downloaded from well known VXers sites. I got every sample and I am sure ESET has too. No need to add them since they failed to spread.
Here you can check for ITW viruses for each month:
NOD32 is able to detect a large number ZOO viruses. So you think every virus that NOD32 detects is ITW? LOL! Funny.
Just a technical question since I'm wondering. How can a PC be infected by a RAR file if the user can't open it? How would the virus execute?
Shhh sig, that would knock the legs out of the whole argument!!
(sounds familiar doesn't it)
I'm wondering Vamp, why do you continue in this thread? Its obvious you use another av (mcafee) and not nod32, you have a blatant dislike for (as you have stated) nod32 users and no doubt nod32 as a program in itself.
I simply wonder why you keep banging your head against a brick wall in the wrong forum to get anyone onside
Separate names with a comma.