losing hope In NOD32

Discussion in 'malware problems & news' started by Oleg, Jul 5, 2005.

Thread Status:
Not open for further replies.
  1. Oleg

    Oleg Registered Member

    Joined:
    Mar 24, 2005
    Posts:
    407
    Location:
    USA
    I am losing hope In NOD32 this Is trojan number 3 NOD32 did not detect.
     

    Attached Files:

    • vir.gif
      vir.gif
      File size:
      34.1 KB
      Views:
      893
    Last edited by a moderator: Jul 5, 2005
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Did it detect it on your system via Hueristics?

    Cheers :D
     
  3. Oleg

    Oleg Registered Member

    Joined:
    Mar 24, 2005
    Posts:
    407
    Location:
    USA
    Do I have to run infected file In order for Hueristics to pick it up?
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I have sent you a Private Message.

    Cheers :D
     
  5. Oleg

    Oleg Registered Member

    Joined:
    Mar 24, 2005
    Posts:
    407
    Location:
    USA
    Reply was send :)
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I have submitted the file to Eset through the Nod32 Control Panel, as per screenshot.

    Cheers :D
     

    Attached Files:

    • Miss.gif
      Miss.gif
      File size:
      40.5 KB
      Views:
      738
  7. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    A dedicated AT is a good second line of defence. Or is this how you detected it?
     
  8. Mr2cents

    Mr2cents Registered Member

    Joined:
    Sep 18, 2004
    Posts:
    497
    I agree. For me, A good anti trojan is just as important as an antivirus. I wouldn't get on the internet without one. I don't even trust kav by itself, although it has near 100% trojan detection. I run boclean and kav together.
     
  9. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    He should be running a dedicated AT for sure. Losing hope in NOD... :rolleyes: Never depend on AV to catch all trojans. :(
     
  10. SexIsGood4U

    SexIsGood4U Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    54
    Losing hope in NOD32...... :eek:

    With service and response like what I have read. I don't think so.... and your right. Never rely on one thing to do everything for you.

    Keep up the service guys... Ya all rock.

    Kindest Regards :D
     
  11. pffft

    pffft Guest

    It seems you really like to get hung up on semantics, to help defend your choice of product. "This is a trojan, NOD32 can't be expected to detect this." (Never mind for now that they advertise trojan detection.)

    So, you call NOD32 an "anti-virus". What is the last virus it caught? Not worm, but virus. Not trojan, but virus.
     
  12. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    To put it politely, absolute bollocks! :)

    For starters, the file in question is really *just* an adware installer, and certainly not a remote access trojan.

    http://www.doxdesk.com/parasite/ISTbar.html

    That said, most of us in the spyware community on a daily basis submit a LOT of files to be tested at Jotti's and elswehere, and I can assure you that in comparison Nod32 does in fact a splendid job, not only on viruses and worms, but increasingly also on trojans and indeed adware.

    And not only through its excellent heuristics but indeed also thanks to its ever growing database of virus/trojan definitions.

    These screenshots from Jotti really mean squat, as they're just about that one file.

    I can show you loads of examples proving the exact contrary. Here are a few randomly chosen results from Jotti and VirusTotal I saw in the last few days or so.

    I collected these in about two minutes looking through a couple of specialist malware research forum threads:

    File: winik.sys
    Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
    MD5 935055fff770f7192e79a0c558d7c2cb
    Packers detected: -
    Scanner results
    AntiVir Found TR/RKit.Agent.Q
    ArcaVir Found Trojan.Rootkit.Agent.Q
    Avast Found Win32:Adware-gen.
    AVG Antivirus Found nothing
    BitDefender Found Trojan.Rootkit.Q
    ClamAV Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    Fortinet Found W32/Agent.Q-tr
    Kaspersky Anti-Virus Found Rootkit.Win32.Agent.q
    NOD32 Found Win32/Rootkit.Q
    Norman Virus Control Found nothing
    UNA Found nothing
    VBA32 Found Rootkit.Win32.Agent.q


    Scan results
    File: 3.zip
    Date: 07/21/2005 18:50:01 (CET)
    ----
    AntiVir 6.31.1.0/20050721 found nothing
    AVG 718/20050719 found nothing
    Avira 6.31.1.0/20050721 found nothing
    BitDefender 7.0/20050721 found nothing
    CAT-QuickHeal 7.03/20050721 found nothing
    ClamAV devel-20050712/20050721 found nothing
    DrWeb 4.32b/20050721 found nothing
    eTrust-Iris 7.1.194.0/20050721 found nothing
    eTrust-Vet 11.9.1.0/20050721 found [Win32.Bambo]
    Fortinet 2.36.0.0/20050721 found [suspicious]
    F-Prot 3.16c/20050721 found nothing
    Ikarus 2.32/20050721 found nothing
    Kaspersky 4.0.2.24/20050721 found nothing
    McAfee 4540/20050721 found nothing
    NOD32v2 1.1174/20050720 found [a variant of Win32/Dumador]
    Norman 5.70.10/20050721 found nothing
    Panda 8.02.00/20050721 found nothing
    Sybari 7.5.1314/20050721 found nothing
    Symantec 8.0/20050720 found nothing
    TheHacker 5.8.2.074/20050720 found nothing
    VBA32 3.10.4/20050720 found [suspected of Backdoor.Win32.Dumador.1]

    File: svchost.exe
    Status:
    INFECTED/MALWARE
    Packers detected: -
    Scanner results
    AntiVir Found BDS/mIRC-1497088.A
    ArcaVir Found Trojan.Door.Mirc-based
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    Dr.Web Found not a virus Program.mIRC.60
    F-Prot Antivirus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found not-a-virus:Client-IRC.Win32.mIRC.60
    NOD32 Found probably unknown NewHeur_PE (probable variant)
    Norman Virus Control Found nothing
    UNA Found nothing
    VBA32 Found nothing

    File: pcs_0029.exe
    Status: INFECTED/MALWARE
    Packers detected: UPX
    Scanner results
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found Trojan.Dloader.OS
    ClamAV Found nothing
    Dr.Web Found not a virus Adware.PaciMedia
    F-Prot Antivirus Found nothing
    Fortinet Found W32/Dloader.AAI-tr
    Kaspersky Anti-Virus Found not-a-virus:AdWare.Pacer.j
    NOD32 Found Win32/Adware.Pacer.J application
    Norman Virus Control Found nothing
    UNA Found nothing
    VBA32 Found AdWare.Pacer.j
     
    Last edited: Jul 24, 2005
Thread Status:
Not open for further replies.