Lost faith in NOD32! Uninstalling

Discussion in 'ESET NOD32 Antivirus' started by berryracer, Jun 16, 2008.

Thread Status:
Not open for further replies.
  1. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE
    I always used to think i'm safe when my friend told me to do this test...he sent me a RAR file which contained an 8 months old Virus.

    Upon receiving that RAR file, I scanned it with NOD32, says it's clean.

    So I right click on the virus after extraction and scanning again, says it's clean.

    I did not ru the EXE as my fiend told me it would destroy my system I just scanned it with NOD32.

    So I sent the file to www.virustotal.com

    and here is the result!!!!

    ~VirusTotal and\or Jotti link removed per Policy....Bubba~

    Uninstalling NOD32 right now and installing Kaspersky FTW
     
    Last edited by a moderator: Jun 16, 2008
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It seems you're refering to an Ardamax installer. NOD32 actually detects its files after extraction so the question is whether you have actully tested it and ran it in a safe environment. Otherwise your posts sounds like bashing to me. Nevertheless, you should take into account that no AV is perfect and none detects 100% of all threats. There are thousands of cases when NOD32 is the only or one of very few AVs to detect a particular threat. In case, I don't think that NOD32 failed to detect actual threats, you'd better test it or send the file to samples[at]eset.com so that we could have a look at it.
     
  3. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Not trying to be an ass but at the point when you "lost faith" or went from feeling "safe" to not feeling "safe" has NOD's 'protection' level changed? Only 1 file was scanned, how can that be indicative of how NOD detects malware overall?
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I even assume that the file is an installer and the keylogger itself would be detected and neutralized upon extraction. AFAIK, Ardamax has encrypted files included in the installer, hence they are not scanned internally.
     
  5. swami

    swami Registered Member

    Joined:
    Mar 24, 2006
    Posts:
    167
    You want to loose faith in Kaspersky? Just send your email.
     
  6. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE
    Not willing to take that chance mate. Kaspersky / ZASS FTW


    I just waster 30 dollars last month I guess! Will never recommend NOD32 to anyone now after I was a die hard fan! used to swear by it


    ~VirusTotal and\or Jotti link removed per Policy....Bubba~
     
    Last edited by a moderator: Jun 16, 2008
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Even if an antivirus misses one or several threats (which is not the case of your file and NOD32 BTW, unless you prove the opposite which has not happened yet), it's not a reason to ditch the AV. It may miss a threat, but you can shortly get infected by another threat that your new AV would miss, but which would be detected by the previous AV. I'd say that when changing AVs frequently one can get infected easier than when staying with one AV.
     
    Last edited: Jun 16, 2008
  8. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE
  9. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE
    Im gonna run this virus on a test machine which has nod32 latest version on it and see the results...

    and just an FYI guys....this virus is 8 months old!

    8 MONTHS OLD!! what kinda weak AV is NOD32 that it can't catch an 8 months old virus?! this is really shamful
     
  10. Big Apple

    Big Apple Frequent Poster

    Joined:
    Aug 22, 2006
    Posts:
    724
    Don't get this point at all. If I were to change AV several times a day........I don't see why I would get infected easier, as long as I change trustworthy AV's.
     
  11. berryracer

    berryracer Suspended Member

    Joined:
    Jan 24, 2008
    Posts:
    1,640
    Location:
    Dubai, UAE

    Dude don't u see it ? The ESET staff don't know how to defend their trust worthy NOD32 anymore! they are resorting to deleting links that show how bad their AV is man! so what do u expect?

    Pure unprofessionalism
     
  12. The_Duality

    The_Duality Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    276
    Location:
    Liverpool, UK
    The links were deleted as per the FORUM POLICY. And not by an Eset employee if you took the time to bother reading the edit message at the bottom of you post.

    I love the way that you are posting over at notebook review about your link being removed - when you never even took the time to read the forum policy before you post.

    Move along guys - he has already made up his mind. Nothing to see here but a troll.

    For the record - I don't use NOD32.
     
  13. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Chances are about 99-out-of-100 that you didn't have NOD set correctly to have it "catch" the keylogger installer:

    6/12/2008 12:28:02 AM Real-time file system protection file C:\Documents and Settings\Steven Yevchak\Desktop\setup_akl.exe a variant of Win32/KeyLogger.Ardamax application NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Program Files\Eraser\Eraser.exe.

    6/12/2008 1:13:15 AM Real-time file system protection file C:\Documents and Settings\Steven Yevchak\Desktop\setup_akl.exe a variant of Win32/KeyLogger.Ardamax application NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Program Files\CyberScrub Privacy Suite\CSPSeraser.exe.

    C:\Documents and Settings\Steven Yevchak\Desktop\setup_akl.exe » NSIS » PDM.exe - a variant of Win32/KeyLogger.Ardamax application

    C:\Documents and Settings\Steven Yevchak\Desktop\setup_akl.exe » NSIS » AKV.exe - a variant of Win32/KeyLogger.Ardamax application

    When I first began testing for detection of ArdaMax ( http://www.misec.net/forum/board/THGuard/1213034745 ), I did not have NOD32 set up to alert on "Potentially unwanted" or "Potentially unsafe" applications - and NOD never picked up on it.

    When I did finally set NOD to alarm on the above, it picked it up and disposed of the threat - so the reason for non-detection initially was my incorrect use of NOD.

    I'm pretty sure you (and your "friend") experienced the same thing. Pete
     
  14. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    If and\or when you decide to try Nod again, feel free to ask for support if the need arises. Until that time We'll bring this thread to a close for very obvious reasons to the casual observer, given at this present time you no longer have a need for Nod32 support.

    Bubba
     
    Last edited: Jun 16, 2008
Thread Status:
Not open for further replies.