NOD detects NO msdos virus ???

Discussion in 'NOD32 version 2 Forum' started by Shaman, Oct 26, 2004.

Thread Status:
Not open for further replies.
  1. Shaman

    Shaman Guest

    Hi

    On this virus collectio site : link removed as against forum T&C you can test NOD detection... It seems it detects NO old ms dos virus !!! (all settings to high)
    It missed some trojan, some downloaders...

    Is nod so good every body says it ?

    I'm very desapointed, i love nod, but this time it's easy to see it has many flaws...
     
    Last edited by a moderator: Oct 26, 2004
  2. Shaman

    Shaman Guest

    Also i forgot to mention, all files there are harmless unless you rename them with the proper extension, they are no risk.
     
  3. rumpstah

    rumpstah Registered Member

    Joined:
    Mar 19, 2003
    Posts:
    486
    I have gone through that site (a while ago). If you rename the files with .bat or .com NOD32 picks them up pretty quick. ;)

    Without the proper extension, they are harmless.

     
  4. Shaman

    Shaman Guest

    Other testing :
    irc worms : detect very poor !!!! almost nothing detected
    My god...
     
  5. Shaman

    Shaman Guest

    I use IMon for detection, and all files are scanned...
    is renaming them changing something for detection ?

    Thx for ur replay anyway !
     
  6. Shaman

    Shaman Guest

    My appologies !!!!!!
    After renaming dos virus with .com extension, nod finaly detects them !!!!
    But why did not imon detects them with 'scan all files' enabled o_O
     
  7. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Shaman

    DO NOT post links to viruses

    It is against the forum terms & conditions
     
  8. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    I clicked on a few of those and IMON detected them.


    Time Module Object Name Virus Action User Info
    10/26/2004 16:41:43 PM IMON file http://edit Darv virus connection
    terminated
    10/26/2004 16:41:24 PM IMON file http://edit probably unknown COM.EXE virus
    connection terminated
    10/26/2004 16:39:32 PM IMON file http://edit 3E virus connection terminated
    10/26/2004 16:39:06 PM IMON file http://edit probably unknown
    CRYPT.TSR.COM.EXE.BOOT virus connection terminated
    10/26/2004 16:38:36 PM IMON file http://edit 5Lo virus connection terminated
    10/26/2004 16:37:59 PM IMON file http://edit 2Up virus connection terminated
     
    Last edited: Oct 26, 2004
  9. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    Also tried a few of those.

    Time Module Object Name Virus Action User Info
    10/26/2004 16:57:58 PM IMON file http://edit IRC-Worm.Desire
    Win32/Dire.A worm connection terminated
    10/26/2004 16:57:26 PM IMON file http://edit IRC-Worm.Debat
    mIRC/generic worm connection terminated
    10/26/2004 16:57:22 PM IMON file http://edit IRC-Worm.Debat?x=10&y=14
    mIRC/generic worm connection terminated
    10/26/2004 16:56:38 PM IMON file http://editIRC-Worm.Allegro.a Allegro.A
    worm connection terminated
    10/26/2004 16:56:08 PM IMON file http://editIRC-Worm.Ale.14190
    Irc-Worm.Ale.14190 worm connection terminated
    10/26/2004 16:55:45 PM IMON file http://edit IRC-Worm.Adrenaline?
    IRC-Worm.Adrenaline.A worm connection terminated
     
  10. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    What version of Nod32 are you using, version 2.12.3?

    Cheers :D
     
  11. rumpstah

    rumpstah Registered Member

    Joined:
    Mar 19, 2003
    Posts:
    486
    I sent about 630 samples of those files to Eset when I thought it was not detecting them. Support explained that they are harmless until they have the proper extension (and that they are detected). Sure enough, putting a .com or .bat on the end makes them pop up fast! ;)

     
  12. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Gotta love a fast pop up, kinda reminds of Jack in the box :)

    :D :cool: :D :cool: :D
     
  13. shaman

    shaman Guest

    Hi Blackspear

    i use latest version 2.12.3. I find strange that even if all files are scanned they are only detected if the extension is correct. Also some files are not recognized even with proper extension (mostly irc scripts, downloaders or packed files)...
     
  14. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    You had posted, "it detects NO old ms dos virus", also "they are only detected if the extension is correct". As I posted before, I tried a few and they were detected by the HTTP scanner and the connection terminated.

    Time Module Object Name Virus Action User Info
    10/26/2004 16:41:43 PM IMON file http://edit Darv virus connection
    terminated
    10/26/2004 16:41:24 PM IMON file http://edit probably unknown COM.EXE virus
    connection terminated
    10/26/2004 16:39:32 PM IMON file http://edit 3E virus connection terminated
    10/26/2004 16:39:06 PM IMON file http://edit probably unknown
    CRYPT.TSR.COM.EXE.BOOT virus connection terminated
    10/26/2004 16:38:36 PM IMON file http://edit 5Lo virus connection terminated
    10/26/2004 16:37:59 PM IMON file http://edit 2Up virus connection terminated

    Are you using the NOD HTTP scanner with all options marked?
     
  15. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    This is no different than AMON not detecting something until there is an attempt to open it, it is harmless in its current form, change that form and AMON springs into action...

    Hope this helps...

    Cheers :D
     
Thread Status:
Not open for further replies.