Is my PC infected

Discussion in 'ESET Smart Security' started by koentin, Mar 5, 2008.

Thread Status:
Not open for further replies.
  1. koentin

    koentin Registered Member

    Joined:
    Mar 5, 2008
    Posts:
    11
    Last year I downloaded 3wPlayer on my PC. http://en.wikipedia.org/wiki/3wplayer Right after that realised what it was.At the time I had Nod32 v 2.7
    the scan did not detect any threats.Now i have eset 3.0.642.0 it still does not find any threats in the 3wPlayer.exe which i still keep on the hard drive.I did online scans with other av software and 3 of them found trojans.
    Three days ago submitted the file for analysis but no response so far.
    What is the problem? 3wPlayer is well known by now, why is not detected from eset? I would like to contact Eset for this matter but don't know how.
    And I dont think I can trust my PC now.

    Any help is appreciated!
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    support [at] eset.com and attach a link to this thread.
     
  3. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hi, what's the name of detected malware?
     
  4. koentin

    koentin Registered Member

    Joined:
    Mar 5, 2008
    Posts:
    11
    Eset virus detection [merged in]

    I can't find my post from yesterday. It was about eset not detecting threats in 3wplayer.exe, fail which i have saved on the hard drive.I did submited the fail for analisys 4 days ago.Today's scann did not show anithing again so i decided to execute the file and see the reaction ( anyway i did the same last year so I new what to expect ). This time eset blocked the trojan on the execution:) The question is why the malware is not detected when scanned? Are there more settings in eset for scanning files which I do not know about? Here is a copy of the scan log

    06/03/2008 19:02:23 D:\Programes\3wPlayer-1.5.0.0-setup-0593.exe 1 0 0 Completed
     
    Last edited: Mar 6, 2008
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    I've merged your new thread with the one from yesterday.
     
  6. koentin

    koentin Registered Member

    Joined:
    Mar 5, 2008
    Posts:
    11
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Are you positive that the files are not detected during installation? Detection was added in one of the recent updates.
     
  8. papa33600

    papa33600 Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    77
    I can confirm that web access protection does not detect it as a threat whereas for example bitdefender does.
     
  9. koentin

    koentin Registered Member

    Joined:
    Mar 5, 2008
    Posts:
    11
    It is not detected with on demand scaner but is detected and blocked during installation of the application.
     
  10. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Did you turn on all objects and metods in ThreatSense on-demand setup?
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Right, this is how it works. We do not usually detect installers as such as it could produce false positives on clean installers.
     
  12. papa33600

    papa33600 Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    77
    Does not make feel very safe... Why this file seemingly containing trojans is not detected by the web access protection whereas for example a file like
    EvID4226Patch223d-en is detected as malware while it is not?
     
  13. papa33600

    papa33600 Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    77
    Well, for instance, ardamax keylogger installer is detected.
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's possible to detect certain installers as long as you are very sure it won't produce false positives. I've seen a bunch of droppers detected by some other AVs, but there were a couple of clean installers among them as well.
     
  15. papa33600

    papa33600 Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    77
    level of detection could be a user setting
     
  16. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    And then what? Force users to decide the lesser evil between false positives and inferior detection? How would that be a better idea than what ESET is trying to do now: less false positives AND better detection?

    In this case NOD32 blocked the trojan and no harm was done. I'm not sure what more to ask for from an antivirus software in terms of protection.
     
  17. papa33600

    papa33600 Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    77
    Was it so stupid to (just) suggest that? There is such an option in Kaspersky...
     
  18. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    And in many other products. Just because it's there, doesn't mean it's a good idea. I think it's common sense to say that aiming for a fine-tuned heuristics algorithm that combines low FPs with high detection is better than taking the easy way out and forcing users to choose one or the other.
     
  19. papa33600

    papa33600 Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    77
    I agree with your point of view.
    But there are already more user settings in ESS than in any other similar product. You can choose what type of malware is detected, enable heuristitics, advanced heuristics, set the cleaning level, etc... So, to get a fine-tuned antivirus product, you have to make choices anyway.
     
  20. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    I agree, but my point was that users shouldn't be forced to choose between FPs and inferior detection. NOD32 has a smorgasbord of options, but none that actually force you to make that choice. This is more than I can say for some other products whose heuristics are acceptably effective only at the price of a flurry of FPs.

    ESET really needs to resolve the CPU throttling problem that their advanced heuristics have with large and/or extensively obfuscated files. But other than that, I'm perfectly happy with the default options right out of the box - only things I had to change were the proxy server settings, and the logging options because I don't want to accumulate log files for 90 days.
     
  21. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Do you mean legitimate software repacked/bundled with trojans?
    Does this depend on the support of a specific installer (i.e. unpacking the installer)?
    Thanks :)
     
  22. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    If ESET continues to code the core of the AV engine in assembler (do they do this still?), it will be very difficult to optimize the code of the emulator without breaking things. Specially, it's very difficult to take advantage of multi-core or whatever form of TLP if you develop in asssembler or so I've been told.
     
  23. wiak

    wiak Registered Member

    Joined:
    Sep 10, 2006
    Posts:
    107
  24. koentin

    koentin Registered Member

    Joined:
    Mar 5, 2008
    Posts:
    11
    Just uploaded the file and here is the result from virustotal:

    EC: Removed Virus Total results.
    Please read this announcement
    . Thank you.
     
    Last edited by a moderator: Mar 7, 2008
  25. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,736
    Location:
    New York City
Thread Status:
Not open for further replies.