nod 32 v 3 vs. w32/niya-c and zlob

I'm a computer consultant and try to keep my laptop as secure as possible. I have a flash drive that is used to load spyware and malware tools on clients' computers. Several weeks ago I inserted it into my laptop and got a rude surprise! Something Sophos calls W32/Niya-C found its was onto my flash drive and when Windows ran autorun.inf, Niya-C came to visit. Nod32 detected it but did not entirely stop it. It detected "ftp34.dll" and almost immediately after that all my icons changed and all my file associations got corrupted. What saved me was a scheduled Acronis backup and I was able to resurrect my system.

I set out to better protect myself by removing NOD32 and replacing it with eset's security suite. I used the Blackspears.xml settings file and then tweaked it for maximum protection while still allowing me to use incoming remote desktop sessions.

I have also seen client systems where I previously installed NOD32 and set it to maximum protection, still come in with nasty ZLOB infestations.

Am I missing something in my settings? Help!

My laptop is an XP Pro SP2 fully patched. Browser IE7. P 4 2.0GHZ, 2 GB RAM, Eset smart security. At the time of the mishap I had NOD32 verion 3 with the latest available update, with protection set to max.

 

ronjor,

I think it's safe to say that we all care more about what is ESET is going to do to provide us with protection, than about the same tired old excuses.

 

It's not an excuse. In the first place, malware should not get through the first layer of defense which is common sense of the user. This means the user should avoid visiting warez/porn/underground sites that often contain malicious code. A blind belief in an antivirus program stopping any malware is false, there is no such program in the world that can detect all threats.
The second layer is the operating system which should be always kept up to date to prevent security wholes from being exploited which could be another mean for malware to get into your computer.
The third layer is the antivirus program itself supported by a decent firewall. Regular updates ensure that newly discovered threats and their future variants would be detected.
Despite all defence layers, there's still a chance for malware to infect your computer. Bear in mind that being logged with administrator rights gives potential malware the rights to do virtually anything with your computer, thus any security company strongly recommends that you log on with admin rights only when necessary (ie. when installing programs).

If you suspect that your computer has been infected even though ESET AV / ESS doesn't report anything, please download ESET SysInspector, run it, create a log (menu File -> Save log) and send it to samples[at]eset.com with "SysInspector log" or the url from Wilders' dealing with your issue in the subject.

 

Not an excuse from ESET but as a consultant you can do yourself a favor if you learn how to use ESET SysInspecor - pretty good utility . I know that threat and remember how Sophos call it . The problem comes from the fact that ESET detect only ftp34.dll , however the malware seems to contain other files which may not perform malicious actions but what they do is annoying and not pleasant for the user .

You need to remove the files (you can find them with ESET SysInspector) and use this program to recover the "EXE" file extensions the worm corrupts:
ESET Italy have one , which work fine
More here: http://www.nod32.it/tools/fixexe.php

 

Hello,

Have you considering disabling the autorun functionality on your computer?

I have found this to be the best way to avoid accidental execution of malicious AUTORUN.INF-deployed malware.

Regards,

Aryeh Goretsky