NOD fails to detect its own crack as malware

Discussion in 'NOD32 version 2 Forum' started by Zombini, Jul 11, 2006.

Thread Status:
Not open for further replies.
  1. Zombini

    Zombini Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    469
    File: Nod32_Crack(1).exe
    Status: INFECTED/MALWARE
    MD5 fea558abc91220bcb0b54355ccb7a547
    Packers detected: Analyzing...
    Scanner results
    AntiVir Found nothing
    ArcaVir Found Trojan.Proxy.Horst.Bd
    Avast Found nothing
    AVG Antivirus Found Proxy.DUX
    BitDefender Found Trojan.Proxy.Horst.BD
    ClamAV Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found Trojan-Proxy.Win32.Horst.bd
    NOD32 Found nothing
    Norman Virus Control Found nothing
    UNA Found nothing
    VirusBuster Found Trojan.PR.Horst.BY
    VBA32 Found Trojan-Proxy.Win32.Horst.bd

    So much for the 0-day protection.
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    You certainly appear to have an agenda, and I'll ask you to stop trolling.


    ALWIL [undetected]
    CA InoculateIT [undetected]
    CA VET [undetected]
    Doctor Web Trojan.Popuper
    ESET [maybe] a variant of Win32/TrojanDownloader.Agent.AHT
    Fortinet W32/Horst.BD!tr
    Frisk Software [undetected]
    GRISoft Proxy.CKM
    H+BEDV TR/Proxy.Horst.BD
    IKARUS Trojan-Proxy.Win32.Horst.bd
    Kaspersky Lab Trojan-Proxy.Win32.Horst.bd
    McAfee BackDoor-CMQ.dldr
    Microsoft [undetected]
    Norman [undetected]
    Panda Trj/LootSeek.BS
    SOFTWIN [undetected]
    Sophos [undetected]
    Symantec [undetected]
    Trend Micro PAK_Generic.001
    VirusBuster [undetected]

    From this thread:
    Blackspear.
     
    Last edited: Jul 11, 2006
  3. scoopnoggin

    scoopnoggin Registered Member

    Joined:
    Feb 10, 2006
    Posts:
    28
    trolly wanna cracker?
     
  4. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Blackspear and Zombini's results are of different files.
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    They certainly appear the same:
    Cheers :D
     
  6. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Only Kaspersky detects it by same name. If you look at the other vendors results, you will see that either the names of the detected trojans are different, or it is not detected by those vendors, which is why I say they are different files.
     
  7. Ngwana

    Ngwana Registered Member

    Joined:
    Jul 5, 2006
    Posts:
    156
    Location:
    Glasgow, United Kingdom
    What is Zombini's point, to boast?
     
  8. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    possibly to show heusristics aren't all they were promised(or even still claimed by some)to be!
     
  9. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Nothing to see here people - move along. Steve1955 doesn't seem to understand the difference between 3 month ago and zero hour but it's OK he doesn't seem to want to understand...

    Cheers :)
     
  10. Ngwana

    Ngwana Registered Member

    Joined:
    Jul 5, 2006
    Posts:
    156
    Location:
    Glasgow, United Kingdom
    I have no issue with Zombini: What confuses me is that on one thread she is an enquirer with a company that wants to try NOD 32, in another thread she is mocking 0-Day exploit of NOD 32 using File: Nod32_Crack(1).exe, in a different thread she shows how to disable NOD 32 using commands. What is the point?:mad:
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Trolling is the point, nothing more, nothing less.

    Do NOT feed the Trolls.

    Blackspear.
     
  12. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Feed the troll to make it fat and large. :D
     
  13. Mack Jones

    Mack Jones Registered Member

    Joined:
    Jul 9, 2003
    Posts:
    174
    Location:
    France
    Trolling is the point yes...the detection (or the non detection) by NOD could be the point too.
    But I prefer stay on BlackSpears quote...this thread's closed...
     
  14. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Well, I'm guessing that Zombini is not grateful for the fact that NOD32 detects 58% of unknown viruses in the latest AV-comparatives test. Guess (s)he didn't realize the others scored even lesser...

    Like the others say, an angry and somewhat young (if I'm wrong please correct me) troll.

    Off-topic: How did you know Zombini is a she?

    For that matter, all cracks are not necessarily malware (OK It is malware in the ethical sense though).
     
  15. Ngwana

    Ngwana Registered Member

    Joined:
    Jul 5, 2006
    Posts:
    156
    Location:
    Glasgow, United Kingdom
    Unless the person using the 'username' does not know or deliberately trying to mislead, the 'in' part after letter b is female, a remote alternative will be 'small or baby'( for example , bambINo).:D

    Zombie is unisex, but zomb will be male.
     
  16. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    tho posting to this topic wont help, i wanted to quote the above for emphasis.

    software piracy is bad of course, but it doesnt mean every single crack is infected with some malware.
     
  17. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    `snipped comment` -dog
    I would have thought it in Esets interest to detect any and all crack files for nod,in fact there should be an agreement between all the major AV companies to try and include ALL crack files for all programs in their data bases as soon as possible after any crack is released,in my opinion they are as much malware as any virus:-they may not attack your pc but they do indirectly increase software prices
     
  18. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    It seems your the one that doesn't understand how heuristics are supposed to protect against zero hour exploits,or don't want to understand:-especially when they don't do what was promised!
     
  19. ASpace

    ASpace Guest

    :thumb: :thumb: :thumb:
    Agree!
     
  20. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Works exactly as described by ESET on my system...
     
  21. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    I agree too.
    Personally I have no sense of urgency to see cracks added for their own sake - I'm happy that ESET do that on a slow day when they've already got every thing on file that is malicious added...
     
  22. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    It doesn't:- not on yours,mine or anybody's!when they were first introduced they were going to offer protectction against zero day exploits,its quite clear that really they only protect against some,it was mooted that protection against most,if not all zero day exploits ,would be what offered:perhaps this was just sales/advertising jargon and should have been viewed as such!
     
  23. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    I'm sorry you're a bit out of sorts with it - I'm not sure what you've read or where it came from....

    Just a hunch but I'm guessing that the estimates ESET have stated were based on some actual testing and using NOD32 updated to the point prior to the new malwares being release or first discovered - a little different to three months of updates starvation....

    Cheers :)
     
    Last edited: Jul 11, 2006
  24. Zombini

    Zombini Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    469
    A few clarifications are in order before I get kicked off the board :)

     
  25. pc-support

    pc-support Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    285
    Location:
    Edinburgh, UK
    Why not just do a real-world test?

    Take a pc, infect it with as much as you can find, clone the hdd (one for each AV software you want to test) then compare the results....

    You WILL find that NOD does come out tops
     
Thread Status:
Not open for further replies.