Eset's AVs did not detect W32/Azero.A & B :(

Discussion in 'ESET Smart Security' started by overwhz, Dec 5, 2008.

Thread Status:
Not open for further replies.
  1. overwhz

    overwhz Registered Member

    Joined:
    Dec 5, 2008
    Posts:
    2
    I've try 3 different Eset's AVs (ESS, EAV and NOD 32 version 2.7) with today virus definition (3665). Unfortunely all of Eset's AVs did not detect this worm.
    Another AVs has detected it since July 2008.

    Here's the proof : ~Removed per Policy~


    I wonder if the virus sample that Eset user has submitted never get attention from Eset engineer?
     
    Last edited by a moderator: Dec 5, 2008
  2. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380
    u took the effort to go through different versions of ESET to proof that it couldnt detect the worm?

    wow.... can help and try different versions of other popular antivirus ?
    thanks in advance...
     
    Last edited by a moderator: Dec 5, 2008
  3. nonoise

    nonoise Registered Member

    Joined:
    Jun 6, 2008
    Posts:
    322
    thats kind of worrying, i hope there aren't many other infections in the wild for eset...
     
  4. overwhz

    overwhz Registered Member

    Joined:
    Dec 5, 2008
    Posts:
    2
    Yes I did. I always using 2-3 other popular AV to check & crosscheck if I got a new kind worm/virus. Sometimes if I have time, I make a simple reverse engineering and disassemble it as far as I can do to see the routines.

    And I've checked with K** (manualy edited) and the files desktop.sysm detected contain Trojan.Downloader.Win32.VB.iri

    I've see the policy from ronjor, first of all I'm sorry, I don't know the rules. I'm not bashing or curse NOD32, EAV or ESS.

    But, how to prove the AV detected a threat or not (without screenshoot)?
    Please enlight me :)
    I'm kinda newbee in this forum.

    Thanks in advance. :D
     
  5. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Hi overwhz,

    No need to prove that either way.

    If in future you come across any other thing that you believe needs analysis with a view to adding detection (or removal in the case of a suspected false positive) the suggested procedure is:-
    Upload a sample to http://www.virustotal.com
    ZIP or RAR archive the sample and password protect with 'infected'
    Email to samples[AT]eset.com with a to the point informative subject and include as much information as possible e.g. how you came across the sample, where it can be downloaded from and any other relevant information you may have at your disposal and also include a link to the related thread here at the ESET Support Forum if you have posted about it.

    Whilst it is rare to receive a direct response from ESET regarding sample submissions they have released a public statement of appreciation and perspective regarding the submission of samples and signature updates which is linked here: https://www.wilderssecurity.com/showpost.php?p=198429&postcount=18

    HTH

    Cheers :)
     
Thread Status:
Not open for further replies.