More stuff missed by the supposed "100%" NOD?

Discussion in 'ESET NOD32 Antivirus' started by Wolfie138, Apr 29, 2011.

Thread Status:
Not open for further replies.
  1. Wolfie138

    Wolfie138 Registered Member

    Joined:
    May 3, 2009
    Posts:
    23
    just ran another scan this morning, NOD found Kryptik in my IE temp files. It was in the same place i found it back in March, so i'm not sure if i got reinfected, or NOD didn't clean it properly last time?
    Anyway, i did a bit google and decided to d/l StopZilla as that was advertised as cleaning/removing Kryptik. it's just (so far) kicked out two infections for "SecurityMasterAV" ~ why didn't NOD find these?
    *edite* and 5 counts of dialer.nunci
     
  2. kC_

    kC_ Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    452
    youl find that nothing is 100%
    Best to learn how to browse safely & use some common sense online :rolleyes:
     
  3. tony_m

    tony_m Eset Staff Account

    Joined:
    Nov 22, 2010
    Posts:
    239
    Hi Wolfie138,

    Can you please paste here the log generated by Stopzilla?

    Thank you.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I doubt it was advertised this way or it would be same like advertising another security product as best at cleaning / removing the NewHeur_PE stuff which is a pure advanced heuristics detection.

    The best course of action would be to submit all suspicious files to ESET for perusalas as per the instructions here.

    Posting a screenshot with the detection might shed little light as well.
     
  5. Wolfie138

    Wolfie138 Registered Member

    Joined:
    May 3, 2009
    Posts:
    23
    this is the only log thing i can get from StopZilla, i assume that's what you meant?

    Information Internet ExplorerSiteguard 2011-04-29 15:14:09 Inspecting registered Internet Explorer toolbars
    Information Registry enforcer 2011-04-29 15:14:03 Inspecting registered Explorer bars
    Information Registry enforcer 2011-04-29 15:14:02 Inspecting WinLogon notification handlers and modules loaded by WinLogon
    Information Registry enforcer 2011-04-29 15:14:00 Inspecting WinSock registry (LSP Chain)
    Information Registry enforcer 2011-04-29 15:14:00 Inspecting registered Browser Helper Objects (BHOs)
    Block/Extraction NT Service enforcer 2011-04-29 15:13:56 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 15:13:46 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 15:13:34 Disabled service: messenger -
    Information Process enforcer 2011-04-29 15:13:32 Starting process watcher
    Block/Extraction NT Service enforcer 2011-04-29 10:08:04 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 10:08:04 Disabled service: messenger -
    Block/Extraction Pop-up blocker 2011-04-29 10:05:57 Extracted package Cookies (Not Restorable)
    Block/Extraction Pop-up blocker 2011-04-29 10:05:48 Extracted package Dialer.Nunci
    Block/Extraction Pop-up blocker 2011-04-29 10:05:48 Extracted package SecurityMasterAV
    Block/Extraction NT Service enforcer 2011-04-29 10:03:56 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 10:03:56 Disabled service: messenger -
    Information Registry enforcer 2011-04-29 10:00:02 Inspecting WinSock registry (LSP Chain)
    Information Registry enforcer 2011-04-29 10:00:01 Inspecting WinLogon notification handlers and modules loaded by WinLogon
    Information Registry enforcer 2011-04-29 10:00:00 Inspecting WinSock registry (LSP Chain)
    Information Registry enforcer 2011-04-29 10:00:00 Inspecting WinLogon notification handlers and modules loaded by WinLogon
    Block/Extraction NT Service enforcer 2011-04-29 10:00:00 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 10:00:00 Disabled service: messenger -
    Information Registry enforcer 2011-04-29 09:59:57 Inspecting WinSock registry (LSP Chain)
    Information Registry enforcer 2011-04-29 09:59:56 Inspecting WinLogon notification handlers and modules loaded by WinLogon
    Information General 2011-04-29 09:59:52 Completed system scan.
    Block/Extraction NT Service enforcer 2011-04-29 09:59:51 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:59:51 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:49:06 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:49:06 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:48:06 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:48:06 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:47:11 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:47:11 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:47:02 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:47:02 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:46:26 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:46:26 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:46:19 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:46:18 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:44:29 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:44:29 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:33:58 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:33:58 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:33:56 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:33:56 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:33:54 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:33:54 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:33:53 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:33:53 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:33:43 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:33:43 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:24:58 Disabled service: messenger -
    Block/Extraction NT Service enforcer 2011-04-29 09:24:58 Disabled service: messenger -
    Information General 2011-04-29 09:24:22 Started system scan.
    Block/Extraction NT Service enforcer 2011-04-29 09:24:13 Disabled service: messenger -
    Information Internet ExplorerSiteguard 2011-04-29 09:24:09 Inspecting registered Internet Explorer toolbars
    Information Registry enforcer 2011-04-29 09:24:09 Inspecting registered Explorer bars
    Information Registry enforcer 2011-04-29 09:24:08 Inspecting WinLogon notification handlers and modules loaded by WinLogon
    Information Registry enforcer 2011-04-29 09:24:07 Inspecting WinSock registry (LSP Chain)
    Information Registry enforcer 2011-04-29 09:24:07 Inspecting registered Browser Helper Objects (BHOs)
    Block/Extraction NT Service enforcer 2011-04-29 09:23:59 Disabled service: messenger -
    Block/Extraction Process enforcer 2011-04-29 09:23:53 Suppressing module from startup (C:\Documents and Settings\Killer Wolf.PURGATORI\Start Menu\Programs\Startup\PowerReg Scheduler.exe)
    Block/Extraction NT Service enforcer 2011-04-29 09:23:48 Disabled service: messenger -
    Information Process enforcer 2011-04-29 09:23:45 Starting process watcher
    Information Registry enforcer 2011-04-29 09:21:13 Inspecting WinSock registry (LSP Chain)
    Information Registry enforcer 2011-04-29 09:21:11 Inspecting WinSock registry (LSP Chain)
    Information Registry enforcer 2011-04-29 09:20:48 Inspecting WinLogon notification handlers and modules loaded by WinLogon
    Information Registry enforcer 2011-04-29 09:20:48 Inspecting WinSock registry (LSP Chain)
    Information Registry enforcer 2011-04-29 09:20:42 Inspecting WinSock registry (LSP Chain)
    Information Registry enforcer 2011-04-29 09:20:40 Inspecting WinLogon notification handlers and modules loaded by WinLogon
    Information Registry enforcer 2011-04-29 09:20:38 Inspecting WinSock registry (LSP Chain)
    Information Registry enforcer 2011-04-29 09:20:35 Inspecting WinLogon notification handlers and modules loaded by WinLogon
    Information Registry enforcer 2011-04-29 09:20:33 Inspecting WinSock registry (LSP Chain)
    Information Registry enforcer 2011-04-29 09:20:24 Inspecting WinLogon notification handlers and modules loaded by WinLogon
    Information Registry enforcer 2011-04-29 09:20:19 Inspecting WinSock registry (LSP Chain)
    Information Registry enforcer 2011-04-29 09:19:47 Inspecting WinLogon notification handlers and modules loaded by WinLogon
    Block/Extraction Registry enforcer 2011-04-29 09:19:32 Deleted registry value system in hklm\software\microsoft\windows nt\currentversion\winlogon
    Information Registry enforcer 2011-04-29 09:19:31 Inspecting WinSock registry (LSP Chain)
    Information Internet ExplorerSiteguard 2011-04-29 09:19:10 Inspecting registered Internet Explorer toolbars
    Information Registry enforcer 2011-04-29 09:19:10 Inspecting registered Explorer bars
    Information Registry enforcer 2011-04-29 09:19:10 Inspecting registered Browser Helper Objects (BHOs)
    Information Process enforcer 2011-04-29 09:19:09 Starting process watcher
     
  6. Wolfie138

    Wolfie138 Registered Member

    Joined:
    May 3, 2009
    Posts:
    23
    Sigh. Another issue : Stopzilla conflict?

    Since putting Stopzilla on, NOD no longer auto starts when i fire up the machine. does anyone know anything about this? the "start automatically" box is still ticked, and when i select it from start menu it starts fine.

    TIA
     
  7. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Re: Sigh. Another issue : Stopzilla conflict?

    Very possible they have a conflict yes.

    Are you running both in Real-time? If you are then turn off stopzilla's Real-time protection.
     
  8. AdamL

    AdamL Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    116
    Location:
    France/Fife
    Re: Sigh. Another issue : Stopzilla conflict?

    Why give your threads such provocative titles? :rolleyes:
     
  9. Wolfie138

    Wolfie138 Registered Member

    Joined:
    May 3, 2009
    Posts:
    23
    Re: Sigh. Another issue : Stopzilla conflict?

    what's provocative, i was wondering it they do conflict.

    meantime, * did a NOD scan, it found a trojan fragment or something in IE Temp, that it had found int the past. * i downloaded Stopzilla and did some Windows updates. since then, i seem to have been * swarmed. SZ found a dozen or so items NOD didn't. next boot/scan it found more. then i noticed NOD wasn't in my system tray, thought it was a SZ conflict, more scans w/ those and malabyteware found a disable.update * thing, i downloaded (from googleing) ComboFix, that failed to activate, reboot scan and 21 more items. ran CCleaner etc rebooted and teh mouse-judder over my system tray has gone but NOD still doesn't appear, i've just fired off a full SZ scan and it's found 2 instances of Cognac, GASF and System Tool 2011 - it supposedly removed Cognac on the last scan, according to the log.

    i'm getting allsorts that's slipping past everything and not getting cleaned, it seems. i thought using a router would prevent a lot of this, according to guys at work?

    any help/advise would be much appreciated regarding cleaners/cleaning etc.

    cheers
     
    Last edited by a moderator: Apr 30, 2011
  10. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Re: Sigh. Another issue : Stopzilla conflict?

    *
    Using a router will only prevent direct attacks on your IP address. Or more accurately, the NAT and SPI features of the router. However you gain no extra protection for websites you visit or email you download, e.g. traffic you allow into your computer.

    NOD is an excellent protector, but nothing is 100% perfect - if NOD was perfect then no other AV solutions would be available as nothing else would sell. NOD is still the best, in my personal and our corporate view. There's various options available to you:

    • Scanning with NOD is safe mode
    • Removing the HD and attaching it as a slave to another computer, and scanning it from there
    • Running a scan with MBAM or ComboFix or one of the other Online scanning engines
    • Wipe and reinstall (brutal, but guaranteed)


    In any case, I would completely clear out ALL your temporary files - the windows temp folder in your profile, the Temporary Internet Files folder, etc. Less places for things to hide and less files for the AV to scan during your cleanup.

    Make sure you keep your computer up to date. That's Windows Update, Java Updates, Acrobat updates - all of which are vectors for attack. And if you're using Vista or Win7, keep UAC switched on (however annoying it is).



    Jim

    PS EDIT: Not that it helps you, but my boss just phoned me - today he's been infected with "Win 7 Home Security", which slipped past NOD32 *and* PrevX. So now I've got a removal job to do, and as he's 300 miles away it could be tricky.
     
    Last edited by a moderator: Apr 30, 2011
  11. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  12. Wolfie138

    Wolfie138 Registered Member

    Joined:
    May 3, 2009
    Posts:
    23
    Re: Sigh. Another issue : Stopzilla conflict?

    cheer Jim

    I've booted Safe and run Stopzilla (it said nothing found yet listed two occurrences of Cognac!), MalwareBytes (nothing found) and i'm currently doing a NOD.
    when i was browsing afrer being told i had another infection i d/l ComboFix as one message board suggested. it failed to open properly, i got a load of messages about a missing pif, and later when i scanned using Stopzilla again it lister something found in the combofix folder that had appeared on the C drive, so i'm not impressed there! *edit* just looking at the bit about it on Major Geeks, seems a powerful tool and says not to use it unless supervised. i'd best leave that for the mo, but i'm downloading the other stuff.
    i've been horribly lax keeping my XP updates done, and funnily enough all of this has started from Fri, when i restarted it all - go figure!
    i don't d/l much off the net but everything i do is scanned by not and usuall Malwarebytes. i use Zone Alarm as a firewall too. NOD seems hot for viruses, but i'm very nonplussed at so many trojans springing up. the thing that annoys me about NOD in particular is they tout teh "not missed a virus in 10 years" type thing on the renewal forms etc - seems between us we can dispel that claim!
    is there any tool you'd recommend to block incoming trojans?
    TIA
     
    Last edited: Apr 30, 2011
  13. yongsua

    yongsua Registered Member

    Joined:
    Feb 9, 2011
    Posts:
    474
    Location:
    Malaysia
    Re: Sigh. Another issue : Stopzilla conflict?

    Use Sandboxie when browsing.It is an isolator to isolates a program from your real computer.Here the link is:http://www.sandboxie.com/
     
  14. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Joined 2 related topics.
     
  15. tanstaafl

    tanstaafl Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    207
    Re: Sigh. Another issue : Stopzilla conflict?

    You don't keep your system up to date and you're surprised/angry when you get infected with something? No sympathy here...

    Wrong. Rogue Antivirus programs are NOT viruses, they are programs that YOU allow to install on your computer through ignorance.

    You can get infected by these rogue AV crapware through infected ads on your banks website, sot it has nothing to do with WHERE you go or what you download.

    I agree that the bastards that write these things are really creative and I can understand how Grandma gets infected, but if you're smart enough to frequent these forums you should be smart enough to figure out how to keep from getting infected - at least, after the first time.

    You already have the tool you need - it is called your BRAIN.

    1. Learn how to use your computer properly, and keep it up to date.

    2. Learn what your real/running Antivirus/Antimalware pop-ups look like so you can recognize the FAKE ones, and

    3. Learn how to close those fake pop-ups without getting infected if/when you encounter them (ie, CTRL-SHIFT-ESC and kill them using the process manager).

    It also helps to run using a LIMITED user account, but thats a pain in XP. Using a VM or some other kind of virtualization technique (sandboxie, etc) for online stuff is the best way.
     
  16. Engineeringfun

    Engineeringfun Registered Member

    Joined:
    Apr 8, 2011
    Posts:
    48
    Location:
    Australia
    =.= Facepalm

    StopZilla is a rogue! Not useful for anything, it's false positives and 'detection rates' are false!

    Rated red on WOT and Siteadvisor...
     
  17. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    Re: Sigh. Another issue : Stopzilla conflict?


    provovative titles :eek: what you mean like "Zilla Does NOD":cautious: or "The Secret Confessions of Zilla and NOD side by side" :shifty: or for the Dutch people it could even be "The NOD Light District" :p
     
Thread Status:
Not open for further replies.