I thought NOD 32 detected everything but

Discussion in 'NOD32 version 2 Forum' started by bbektas, Dec 19, 2004.

Thread Status:
Not open for further replies.
  1. bbektas

    bbektas Registered Member

    Joined:
    Dec 19, 2004
    Posts:
    1
    Well I've got NOD32 (licenced) installed thinking I will be fairly safe. But it has not detected a virus called W32.Gaobot.BIA. I've checked the NOD32.com site to see if the virus is listed there and it was not. Does anybody know anything about this because, when I was away my little brother used the computer and dowloaded something which chaged the dial up properties to dial some number in overseas. I probably will recieve a huge phone bill and very upset with NOD32 for making me believe that it will detect anything.


    :mad: :mad: :mad:
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    No antivirus will detect everything, it takes safe computing also.

    bigc
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
  4. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    Last edited: Dec 20, 2004
  5. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    From time to time I check out the online malware detection site:

    http://virusscan.jotti.dhs.org/

    No product catches all of the viruses. But my own unscientific sampling seems to suggest that NOD32 plus KAV pretty much catch everything. I use them both - especially when I need some verification. Have you verified the virus on virusscan?

    Rich
     
  6. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    There are over 2000 "KNOWN" versions of Agobot/Gaobot and NO antivirus is guaranteed to find them all

    NOD does detect a lot of them and KAV has a generic detection of most agobot varients, but even that misses some of them.

    I have never heard of any AGOBOT changing dial up numbers or acting as a dialler so I assume something else on the computer has done this

    Agobot and all it's varients should be almost harmless if you are fully updated with all windows patches as it uses well known but plugged holes to do it's deeds and unless you actually install it yourself by downloading it from a filesharing program or similar it won't be able to infect you

    One of the big problems with antiviruses is the way that they all use different names for the same virus so it's very possible taht this version is detected by nod but under adifferent name

    Symantec (Norton) is the worst offender for calling viruses by different names
     
  7. Have you submitted your sample to NOD?
     
  8. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    The only antivirus to detect all Agobots are Kaspersky and BitDefender.
    Many packers supported and generic signatures do the trick. There are some isolated samples not covered by this generic signature,but these are covered seperatelly.
    And as someone before me explaind...
    you cannot expect all AVs to detect anything you throw at them.
     
  9. nod32_9

    nod32_9 Guest

    Driving the safest vehicle that $ can buy AIN'T gonna prevent a collision if you drive like a maniac. You are correct when you said that "I will be fairly safe" with NOD32. Take responsibility for your action. Teach the kid how to use the internet. Or better yet, keep him OFF your PC.
     
  10. NOD user

    NOD user Guest

    I've just submitted another win32/agobot variant from a clients laptop to the lab for testing. NOD picks it up as a 'probably unknown NewHeur_PE virus' but only when the settings are maxed out.

    In researching it I fount this site that may be of help or interest.
    http://www.sophos.com/virusinfo/analyses/w32rbota.html

    References to backdoor access permitting just about anything, so I'm not suprised to find dialup numbers changes, or any other thing with this particular variant running from a file called 'wuamgrd.exe'.

     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    That's why it's important to enable the Advanced heuristics, Potentially dangerous applications and Runtime packers options in the on-demand scanner setup. If the trojan was downloaded from the web, IMON would have certainly intercepted it before it could get to the disk provided the client had NOD32 installed and the HTTP scanner in IMON enabled.
     
  12. eisefr

    eisefr Registered Member

    Joined:
    Nov 23, 2004
    Posts:
    153
    Location:
    Germany
    I don't know where you are from.. But in Germany just don't pay that part of the phone bill.... None of those a*****es will make yu trouble when you dont pay their bill... Cause I highly think it is illegal to install software without your permission.. and even more illegal to connect to any expensive phone number.

    Which doesn't mean you should be still carefull with what you are downloading :)
     
  13. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    except it's not the a*****es who will bill you, it is your telcom.
     
  14. Schnitzel

    Schnitzel Guest

    If that's the case, then why aren't these settings default?
     
  15. Gauthreau

    Gauthreau Guest

    I believe it's due to compatability issues with the various software on different computers.

    Neil
     
Thread Status:
Not open for further replies.