Graybird Trojan

Discussion in 'NOD32 version 2 Forum' started by 75160515, Oct 4, 2006.

Thread Status:
Not open for further replies.
  1. 75160515

    75160515 Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    12
    Re: Nod's Weak Points

    I must say that u don't really know its weakpoint.
    Its worst weak point is its small virus def (or library).
    I have used it for a month, then i threw it away. My PC became the home for trojans.NOD is fast, OH,yes, Just fast.While others are searching for more malwares that they do not contain, Nod only depends on its engine. That's dangerous.
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re: Nod's Weak Points

    You talk about small amount of virus definitions, then you talk about your system becoming infected with Trojans (plural, as in more than one). What's the name of these "Trojans" that NOD32 missed?

    Blackspear.
     
  3. 75160515

    75160515 Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    12
    Re: Nod's Weak Points

    graybird
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re: Nod's Weak Points

    NOD32 detected it heuristically as a variant of Win32/Hupigon

    Blackspear
     
  5. 75160515

    75160515 Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    12
    Re: Nod's Weak Points

    I don't think you really know the greybird. Since I was infected, I have learnt a lot about grey bird.
    Do you know why Kaspersky and Rising have to add a lot of " a variant of win32/hupigon"s to their def? You may say they are not smart. But you don't know how different between every editon of greybird.Do the "a variant of win32/hupigon"s that NOd32 can detect really mean all? In China, many professional programmers change different greybirds in different ways only to avoid being detected, such as packing or re-coding. I never think NOd's ability of unpacking is good. And after recoding, how can NOD still report that it is a variant?
    Nod32 is good only for its ability of heurisitic scanning. In addition, do you really know the weak points of heurisitic scanning? When one got the information for NOD32 that there was an virus on the MBR and that was only a wrong detection, what would he do? Believe NOD or not? To risk losing all the data or not?
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re: Nod's Weak Points

    I know it enough to know that NOD32 continually detects Graybird as a “variant” heuristically.


    Because their heuristic engine is not as good as Eset’s, and this has been confirmed by www.av-comparatives.org


    No, however I can say “the greater majority” of this particular trojan are detected heuristically, according to Vgrep


    I’m pretty certain Eset will disagree with you on this one.


    That’s what “Heuristics” are all about ;) :D


    I'll agree with you on how good its heuristics are, and this is only one strength that NOD32 has.


    Ask support or ask here in the “Official NOD32 Support Forum”.

    Cheers :D
     
  7. 75160515

    75160515 Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    12
    Re: Nod's Weak Points

    What happened?
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Re: Nod's Weak Points

    Just to show that NOD32's detection of Hupigon is not that bad, quite the contrary (it's not the only sample, we've got dozens of such):

    HEUR/Malware (AntiVir)
    Win32:Hupigon-JM (Avast)
    suspicious (Fortinet)
    probably a variant of Win32/Hupigon (NOD32v2)
    Suspicious file (Panda)
    suspected of Backdoor.Hupigon.41 (VBA32)

    Should the trolling go on, we'll resort to closing the thread.
     
  9. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Re: Nod's Weak Points

    If detections 49/100 is the same as “the greater majority”, it's OK. :D

    Best regards,
    Firefighter!
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Re: Nod's Weak Points

    915 samples out of 1200 detected here. The rest is pending for more detailed analysis, most of them are non-functional samples.
     
  11. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Re: Nod's Weak Points

    76.25 % :D :D But anyway, those non-functional samples can't be detected at all so perhaps it's about 96 % or more. :p
     
  12. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I think this matter has been dealt with enough, saying you are going to change your antivirus because it missed a single infection (and no proof of this has been presented), is like saying my car got a flat tyre so I'm never buying that brand of car again; you are going to go through every brand really fast, and back around to the first even faster :rolleyes:.

    This thread has run its course.

    Closed ~ Blackspear.
     
Thread Status:
Not open for further replies.