NOD missed W32.Bagle.dg

A few minutes ago I've opened a mail infected with W32.Bagle.dg.
It was all right for NOD who doesn't detected it .(confirmed at jotti and virustotal)
I sent it to eset and switch to Kaspersky.Now I am safe.Sorry for them.

 

One sample missed and you switched AV just because of that? Sorry,but that's stupid.

 

I agree. If you are looking for an AV that will never let you down, good luck. No AV catches 100% of anything. I have had NOD running on my machine for quite some time and I've never had it miss anything. But, that doesn't mean it won't happen. You switch to Kav and you'll have a time or two that it misses as well.

Also, why were you opening an email that you did know what it contained? If you get an email from someone you don't know, don't open it. If it has an attachment, delete it.

 

A new update is going to be released shortly.

 

One sample missed=your PC infected.
It is not what I want from my antivirus!
Maby is all right for you.

 

As Capp Just said:

So good Luck trying to find One!!

Cheers,

 

As I said, no AV (including Kaspersky) catches 100% and these 2 are the best AV's on the market.

Also, again why did you open an email with content unknown to you?

 

Not 100% but 99,88%.
I knew the message was infected (recived infected mails before from the same sender) but I just want to test NOD being almost sure it will find something on that one.Unfortunately I was wrong.

 

I don't think I ever did that as long as I have been on the web. It's just too dangerious.

 

Did you check https://www.wilderssecurity.com/showthread.php?t=98086 ? NOD32 detected a Baglke variant before Kaspersky did.

 

An other example.
Go to xxx.A dangerous site.NOD will say nothing.Kaspersky 2006 will say "The requested URL Please, no links to crack and keygen sites is infected with Trojan-Downloader.JS.IstBar.u virus".
I am not a kaspersky fan and I am not advertising them.I just want to be well protected even if I go to dangerous sites or open dangerous e-mails.That's why we use antivirus protection.
And I want NOD to become better,learning from his competitors.
Nothing personal.Just my opinion.

 

I assume Downloader.JS is a pure reference to a website with a trojan. If the trojan downloaded is detected by NOD32, then you can feel safe.

 

BTW NOD does not detect Trojan-Downloader.JS.IstBar.U....
I've sent a sample to ESET.
Repeat : just want you to get better and better...(even the best ?)
Best regards.

 

Well on a happier note, I can say that NOD IMON intercepted Win32/Bagle CM worm. I deleated it but cannot find info about it in NOD's virus description data base and I wouldn't mind reading up on it.

 

KAV or any AV will eventually disappoint you I"m afraid. Both KAV and NOD are rated Advanced + you might want to investigate what that means but good luck with KAV.

 

Ugly nothing is perfect.. Not even KAV

I would stay with NOD32 if I were you but it depends also on your Browsing habbits and how GOOD your computer is

KAV is better than NOD32 in some points and NOD32 is better than KAV in some points... just choose the points that suites you best

 

Regarding Trojan-Downloader.JS.IstBar.U, it seems to be only a script that probably doesn't even download a thing. I didn't fiddle around it much, I only checked the code briefly, ran it and nothing happened - no new files were created. Maybe it's just a false positive from KAV; Cool Daddy will hopefully have a look at it when he gets over cold.

 

that's like pulling the trigger of a gun while looking down the barrel - thinking to yourself that you're REALLY sure it's empty - you only need be wrong ONCE... what a ridiculous way to act...

 

Like Clint Eastwood in Dirty Harry "I know what your thinkin. Did he fire five bullets or six?"

 

A new variant fresh today. Now on virus radar.

 

I agree. ugly, don't cry about being infected when it happened because of your ignorance..

 

That is not the point.
The fact is I (you) can get infected even without being ignorant(personaly I belive I'm far from being ignorant).And we are talking here about viruses (worms) ITW !

 

Well, if you were wanting to test to see if NOD32 would catch it, why didnt you save the attachment somewhere, open NOD and scan the file.

Going back to the gun analogy, that would be like checking to see if the gun has any bullets in it by firing it while looking the barrel, instead of checking the chamber.

If Kav identifies something as a baddie, and it is a useless file that, in fact does nothing, what is the point in marking it? I would rather an Av (such as nod) tell me of a bad file or url when I access it, rather than tell me "This could be a bad file, we'll name it some scary sounding trojan downloader and quarantine it for you..." when it is nothing.

My whole point is, don't ditch NOD32 just because of one missed file. If that is the case, here in the near future you are going to be looking for an AV better than Kav because it missed one too.

We are not picking on your nor trying to disreguard your concern, trust me. We have tons of users here that are satisfied NOD32 and KAV users.

 

Guys,

please refrain from personal attacks. Yes, NOD32 didn't detect those Bagles proactively, but now that advanced heuristics (or rather the engine) has been improved all future variants should be detected (unlike many other big layers who must rely on signatures).

The new tonight's outbreak is a very good example, more than 10 000 samples per hour detected as NewHeur_PE. Detection by name was added to the last update 1.1227.

 

This won't be popular here, but you have to be confident in the AV you are using. If you are not, then you should switch, which you did because you have to be able to sleep at night. But maintain your NOD licence because when something gets by KAV which will happen eventually, you will have a good alternative at hand.