new nod 3.0 didnt find old ardamxx keylogger

Discussion in 'ESET Smart Security v3 Beta Forum' started by markymoo, Oct 22, 2007.

Thread Status:
Not open for further replies.
  1. markymoo

    markymoo Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    1,212
    Location:
    England
    I tried out the new Nod32 3.0 RC1 and had done a whole scan of the drives, came up clean. Later on i was looking at the ports and programs that were open in nod32. It was just with luck that i noticed port 25 open and yahoo smtp uploading to a mailbox. It turned off after 10 secs. It had gone. I thought that strange i have no yahoo and not using port 25. Something was amiss. I rescanned with nod, Nothing. I then downloaded prevx csi free scanner and it had found the ardamaxx scanner 2006 but couldnt remove due to it being free version. I thought wow Nod32 should of found this. Is it because its new 3.0 beta i thought. Hmmmm. Anyway i managed to get rid of it using kaspersky straight away. It found it immediately on bootup after install. No thanks to nod but my keen eye found it. Most would of been none the wiser it was there.
     
  2. ASpace

    ASpace Guest

    You haven't enabled detection for potentially unsafe tools . Eset detect this as such unsafe tool because it is commercial application.

    See , it is detected:

    ardm_keyl.PNG


    By the way , the home page of ardamax must have been hacked because upon opening the index , my ESS (web protection in Passive mode) detected the ANI exploit and IE7 crashed ,no matter mine is updated :D

    hacked_ard.PNG
     
  3. markymoo

    markymoo Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    1,212
    Location:
    England
    well thanks for your info+screenshot, that explains it.

    wow
     
  4. ASpace

    ASpace Guest

    You are welcome! :thumb:
     
Thread Status:
Not open for further replies.