No detection of TR/Vundo.Gen ?

Discussion in 'NOD32 version 2 Forum' started by basti, Oct 24, 2006.

Thread Status:
Not open for further replies.
  1. basti

    basti Registered Member

    Joined:
    Jul 28, 2006
    Posts:
    48
    Does NOD detect TR/Vundo.Gen bei Signatures, by Heuristik or not at all ? Why does NOD have still such problems with the detection of Trojans?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    NOD32's ThreatSense detects Virtumonde as variants of Conhook. We do not detect the packer as some others might do as we do not want NOD32 produces any FPs just because of packer detection.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Or you mean this one? NOD32 has not missed a single Busky dll I've seen so far:

    TR/Vundo.Gen (AntiVir)
    suspicious (Fortinet)
    a variant of Win32/TrojanDownloader.Busky.AZ (NOD32v2)
    Troj/Busky-Gen (Sophos)
     
  4. basti

    basti Registered Member

    Joined:
    Jul 28, 2006
    Posts:
    48
    Yep, the first and the second one
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    As I say, NOD32 has detected all variants I've run into. Here's another one:

    TR/Vundo.Gen (AntiVir)
    suspicious (Fortinet)
    probably a variant of Win32/TrojanDownloader.Busky.AZ (NOD32v2)

    Could you send those files to support @ eset.com with a link to this thread to make sure we talk about the same threats?
     
  6. basti

    basti Registered Member

    Joined:
    Jul 28, 2006
    Posts:
    48
    Yep, i will do so.

    Btw. You have exceeded your stored private messages quota ;)
     
  7. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    basti, NOD32 improved a lot in Trojan detection. It missed one very rarely. ;)
     
  8. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006

    so nod32's trojan detection is improving all the time?
     
  9. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    yes lodore. ;) They add many defs for them and thanks to their AH almost all future variants and other unknown Trojans are detected right away. :)
     
  10. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006

    ideal!

    I thought it was.

    hopefully soon I will have nod32. I probably will use comodo firewall. the hard part is i want one real time antispyware payed and dont know which one to buy.
     
  11. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    NOD is going to improve this thing also... version 2.7 is the first step (See here )

    Version 3.0 I think will be very good at detecting spywares so in my oppinion there is no need for a stand-alone app for these threats. ;)

    I have NOD32 and Ad-Aware free and everything worked great till now. :)
     
  12. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006

    sounds great. and btw im not complaining about the long delay for 2.7 and 3.0.

    its worth the wait because it wont be buggy when it comes out unlike bitdefender 10 and kav 6.0 IMO.

    im gonna use that cheaper counterspy offer in the next few days. and then in december buy nod32 and use it with comodo. simple as.
     
  13. robertemendez

    robertemendez Registered Member

    Joined:
    Nov 30, 2006
    Posts:
    2
    I had the following infection in two places as detected by Ad-Aware (free):

    Win32.TrojanDownloader.ConHook​
    C:\Windows\System32\gpupgae.dll​

    I scanned it with NOD32 2.5 w/virus definition # 1889 in safe mode, but NOD32 couldn't detect it at all. o_O

    I can't email it to support since Ad-Aware deleted it upon boot up. Any reason why this wasn't detected?

    ~removed Adaware log as per this Announcement....Bubba

    * The restriction on posting unsolicited HijackThis logs also applies to unsolicited ASviewer (Autostart Viewer), Spybot S&D, Ad-aware and other similar product logs.
     
    Last edited by a moderator: Nov 30, 2006
  14. Get

    Get Guest

    Either because it's a false positive or because the AV that detects everything has yet to be invented. :)
     
  15. ASpace

    ASpace Guest

    @robertemendez

    Hi , as far as I know , Ad-Aware se has Quarantine and no infected is deleted , it is just copied there . Can you check if this is true and if so , upload that file to VirusTotal www.virustotal.com

    I ,however , doubt it is real infection but it won't hurt to check . Thanks ;)
     
  16. robertemendez

    robertemendez Registered Member

    Joined:
    Nov 30, 2006
    Posts:
    2
    Get,

    Well, I can guarantee you it wasn't a false-positive!

    So you mean to tell me that NOD32 isn't the end-all!? ;)

    The reason I ask is that other people have brought this up in other posts (https://www.wilderssecurity.com/showthread.php?p=875629 and at http://www.geekstogo.com/forum/lofiversion/index.php/t82827.html) earlier this month and way back in 12/2005 (respectively), and I thought that ESET would've added it to the virus definitions (or whatever magic they do to identify it and its variants).

    Don't get me wrong... I love ESET compared to Symantec and McAfee. I'm just curious - that's all.

    HiTech_boy,

    I checked the quarantine and all I saw was the cookies and registry entries that it removed - not the actual file itself. Sorry.
     
  17. Get

    Get Guest

    Yes, I'm sorry, but that's what I was trying to do :(. Btw, there are more than 1 win32/trojandownloader.conhook and Nod recognizes some of them ( win32/trojandownloader.conhook.B, -.C and -.D as far as I know). When you have the -.Z-variant I would suggest some patience. :D
     
  18. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    mmm Conhook ;)
     
    Last edited: Nov 30, 2006
  19. ASpace

    ASpace Guest

    There are lots of generic detections ;)
     
  20. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Yeah, those aren't listed.
     
  21. Get

    Get Guest

    Saw that one coming. :ninja:
     
  22. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    I'd link to others if they had link friendly searches..
    Sorry, please don't hate me :p
     
  23. Get

    Get Guest

Thread Status:
Not open for further replies.