eset virus that does not recognize

Discussion in 'ESET NOD32 Antivirus' started by giuliomerola, May 13, 2008.

Thread Status:
Not open for further replies.
  1. giuliomerola

    giuliomerola Registered Member

    Joined:
    May 13, 2008
    Posts:
    2
    My nod32 has stopped working after downloading this file: :mad:
    ht tp://www.freefilehosting.net/download/....
    As was possible? I had to format my PC and install new windows, as defend with this virus which does not recognize eset?
    :doubt:
     
    Last edited by a moderator: May 14, 2008
  2. krypton_harsh

    krypton_harsh Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    84
    and neither does it detects this virus..... password " infected "

    Link to malware removed
     
    Last edited by a moderator: May 14, 2008
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please read TOS before you post a reply. Posting links to malware is not permitted here.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I have tried to download it, but the web protection prevent me from doing so - it was detected as a potentially unsafe application.
     
    Last edited: May 14, 2008
  5. alloucho

    alloucho Registered Member

    Joined:
    Dec 26, 2007
    Posts:
    145
    I have downloaded the file. It´s a zipped archiv which contain a variant of Bagle Virus. As always nod32 has a big problem with variants of this virus.
    "TrojanDownloader.Bagle.op.tgat" as detected by Twister Antivirus.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Are you sure? I was unable to download it with unsafe applications enabled, the web access protection has always quarantined the file.
     

    Attached Files:

  7. alloucho

    alloucho Registered Member

    Joined:
    Dec 26, 2007
    Posts:
    145
    File Information:
    File Name: Eusing Free Registry.zip
    File Size: 687 kilobytes
    Upload Date: May 13, 2008 06:41 PM PST
    Accessed: 11 time(s)
     

    Attached Files:

  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    We both have shown that the file is detected by both AVs :)
     
  9. giuliomerola

    giuliomerola Registered Member

    Joined:
    May 13, 2008
    Posts:
    2
    Marcos is wrong:thumbd: if the file get through skype or MSN or programs p2p nod32 is killedo_O:
     
  10. Philippe_FR22

    Philippe_FR22 Registered Member

    Joined:
    Sep 6, 2007
    Posts:
    249
    Hello,
    I don't think so ! Real time access protection will intercept the threat (if no cmd line set up in MSN / Skype for downloaded file scanning).
     
  11. demonio

    demonio Registered Member

    Joined:
    Oct 21, 2007
    Posts:
    48
    Nsafe applications that are detected only by "IMON", files from p2p, msn, etc. .. are scanning "Amon"

    What the variety of beagle (Win32/Bagle.OR) I sent to Eset Saturday, May 10, 2008, 15:29
    every five days a new variety of beagle and out, like the one sent to Eset today (Wednesday May 14 2008 13:06)

    Best Regards
     
    Last edited: May 14, 2008
  12. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hi, web access module works differently like real-time (more sensitivity,...).
     
  13. Philippe_FR22

    Philippe_FR22 Registered Member

    Joined:
    Sep 6, 2007
    Posts:
    249
    Hello,
    I tried to download the file mentionned above to test NOD32.
    Once I authorized site access (because ZA pro prohibited it as it was known to be unsafe), I downloaded the archive and internet monitoring feature detected the threat and terminated connexion. It seems that zip archive header was modified by ESET (probably to unable unzip feature) however, I tried to unzip archive (using IZarc freeware). IZarc notified me that zip archive header was corrupted but succeeded in unzipping the exe file. NOD32 intercepted the threat and it was quarantined...

    So :
    -> Internet monitoring detected the virus and ESET modified ZIP header (without removing virus exe file)
    -> When unzipping (IZarc succeeded even if header was corrupted), real time monitoring caught the virus and quarantined it...

    I have to test once again to validate that virus file was not removed inside zip archive...


    Regards
     
Thread Status:
Not open for further replies.