NOD missed W32.Bagle.dg

Discussion in 'NOD32 version 2 Forum' started by ugly, Sep 20, 2005.

Thread Status:
Not open for further replies.
  1. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    A few minutes ago I've opened a mail infected with W32.Bagle.dg.
    It was all right for NOD who doesn't detected it o_O .(confirmed at jotti and virustotal) :oops:
    I sent it to eset and switch to Kaspersky.Now I am safe.Sorry for them. :'(
     
  2. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    One sample missed and you switched AV just because of that? Sorry,but that's stupid.
     
  3. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    I agree. If you are looking for an AV that will never let you down, good luck. No AV catches 100% of anything. I have had NOD running on my machine for quite some time and I've never had it miss anything. But, that doesn't mean it won't happen. You switch to Kav and you'll have a time or two that it misses as well.

    Also, why were you opening an email that you did know what it contained? If you get an email from someone you don't know, don't open it. If it has an attachment, delete it.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    A new update is going to be released shortly.
     
  5. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    One sample missed=your PC infected.
    It is not what I want from my antivirus!
    Maby is all right for you.
     
  6. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    As Capp Just said:
    So good Luck trying to find One!! :blink:

    Cheers,
     
  7. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    As I said, no AV (including Kaspersky) catches 100% and these 2 are the best AV's on the market.

    Also, again why did you open an email with content unknown to you?
     
  8. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    Not 100% but 99,88%.
    I knew the message was infected (recived infected mails before from the same sender) but I just want to test NOD being almost sure it will find something on that one.Unfortunately I was wrong. :'(
     
  9. Carver

    Carver Guest

    I don't think I ever did that as long as I have been on the web. It's just too dangerious.
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
  11. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    An other example.
    Go to xxx.A dangerous site.NOD will say nothing.Kaspersky 2006 will say "The requested URL Please, no links to crack and keygen sites is infected with Trojan-Downloader.JS.IstBar.u virus".
    I am not a kaspersky fan and I am not advertising them.I just want to be well protected even if I go to dangerous sites or open dangerous e-mails.That's why we use antivirus protection.
    And I want NOD to become better,learning from his competitors.
    Nothing personal.Just my opinion.
     
    Last edited by a moderator: Sep 20, 2005
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I assume Downloader.JS is a pure reference to a website with a trojan. If the trojan downloaded is detected by NOD32, then you can feel safe.
     
  13. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    BTW NOD does not detect Trojan-Downloader.JS.IstBar.U....
    I've sent a sample to ESET.
    Repeat : just want you to get better and better...(even the best ?)
    Best regards.
     
  14. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Well on a happier note, I can say that NOD IMON intercepted Win32/Bagle CM worm. I deleated it but cannot find info about it in NOD's virus description data base and I wouldn't mind reading up on it. :)
     
  15. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    KAV or any AV will eventually disappoint you I"m afraid. Both KAV and NOD are rated Advanced + you might want to investigate what that means but good luck with KAV. :)
     
    Last edited: Sep 20, 2005
  16. Ugly nothing is perfect.. Not even KAV ;)

    I would stay with NOD32 if I were you but it depends also on your Browsing habbits and how GOOD your computer is :)

    KAV is better than NOD32 in some points and NOD32 is better than KAV in some points... just choose the points that suites you best ;)
     
  17. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Regarding Trojan-Downloader.JS.IstBar.U, it seems to be only a script that probably doesn't even download a thing. I didn't fiddle around it much, I only checked the code briefly, ran it and nothing happened - no new files were created. Maybe it's just a false positive from KAV; Cool Daddy will hopefully have a look at it when he gets over cold.
     
  18. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    that's like pulling the trigger of a gun while looking down the barrel - thinking to yourself that you're REALLY sure it's empty - you only need be wrong ONCE... what a ridiculous way to act...
     
  19. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Like Clint Eastwood in Dirty Harry "I know what your thinkin. Did he fire five bullets or six?"
     
    Last edited: Sep 20, 2005
  20. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    A new variant fresh today. Now on virus radar. :)
     
  21. rawr

    rawr Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    128
    Location:
    Illinois, U.S.A
    I agree. ugly, don't cry about being infected when it happened because of your ignorance..
     
  22. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    That is not the point.
    The fact is I (you) can get infected even without being ignorant(personaly I belive I'm far from being ignorant).And we are talking here about viruses (worms) ITW !
     
  23. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Well, if you were wanting to test to see if NOD32 would catch it, why didnt you save the attachment somewhere, open NOD and scan the file.

    Going back to the gun analogy, that would be like checking to see if the gun has any bullets in it by firing it while looking the barrel, instead of checking the chamber.

    If Kav identifies something as a baddie, and it is a useless file that, in fact does nothing, what is the point in marking it? I would rather an Av (such as nod) tell me of a bad file or url when I access it, rather than tell me "This could be a bad file, we'll name it some scary sounding trojan downloader and quarantine it for you..." when it is nothing.

    My whole point is, don't ditch NOD32 just because of one missed file. If that is the case, here in the near future you are going to be looking for an AV better than Kav because it missed one too.

    We are not picking on your nor trying to disreguard your concern, trust me. We have tons of users here that are satisfied NOD32 and KAV users. :)
     
  24. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Guys,

    please refrain from personal attacks. Yes, NOD32 didn't detect those Bagles proactively, but now that advanced heuristics (or rather the engine) has been improved all future variants should be detected (unlike many other big layers who must rely on signatures).

    The new tonight's outbreak is a very good example, more than 10 000 samples per hour detected as NewHeur_PE. Detection by name was added to the last update 1.1227.
     

    Attached Files:

    Last edited: Sep 21, 2005
  25. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    This won't be popular here, but you have to be confident in the AV you are using. If you are not, then you should switch, which you did because you have to be able to sleep at night. But maintain your NOD licence because when something gets by KAV which will happen eventually, you will have a good alternative at hand.
     
Thread Status:
Not open for further replies.