NOD missed Zlob

Discussion in 'NOD32 version 2 Forum' started by omegac, Dec 2, 2006.

Thread Status:
Not open for further replies.
  1. omegac

    omegac Registered Member

    Joined:
    Dec 2, 2006
    Posts:
    7
    I have NOD32, and today got infected by Zlob, I keep AMON and IMON on all the time, so can't see how this happened. My database is 1897 (20061201).

    Even after I was infected, I scanned with NOD and it didn't find anything, I ran Spybot which found and identified it but didn't remove it, so I bought Webroot's Spy Sweeper which detected it.

    I am really confused as to how this got in, can anyone advise me what I may need to tweak, as NOD seems to function fine for the vast majority of cases, detecting virus in e-mails and on websites.

    TIA
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Make sure you have the HTTP scanner enabled in IMON. By using cracks you account for getting infected.
     
  3. omegac

    omegac Registered Member

    Joined:
    Dec 2, 2006
    Posts:
    7
    I have "enable HTTP checking" ticked.....Is this ok?

    I am not sure I understand what you mean in the second part of your reply, could you clarify please.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It means that IMON will block the websites with fake codecs, but in order to be fully protected against new Zlobs you must refrain from using cracks as they usually have Zlob embedded.
     
  5. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    In other words, is your NOD 32 license legitimate?
     
  6. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Doesn't NOD32 catch all Zlob variants or was it another recent malware?
    Argh I can't remember ...
     
  7. DavidCo

    DavidCo Registered Member

    Joined:
    Jul 9, 2005
    Posts:
    503
    Location:
    UK
    Does not have to be Nod32.
    Just that zlob is generally associated with cracks:)
     
  8. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Stration ;)
     
  9. omegac

    omegac Registered Member

    Joined:
    Dec 2, 2006
    Posts:
    7
    Thanks guys, my version of NOD is registered, and I don't have any cracks, though I was trialling various shareware software this morning to do with video editing.

    So basically I am non the wiser, I assumed that if I downloaded some rogue shareware NOD would pick it up, but I now need to assume that anything from a less than well know site could infect my NOD protected Pc?

    Cheers
     
  10. ASpace

    ASpace Guest


    No , NOD32 is excellent (one of the best) products . However , no product can detect 100 % of all the crap out there . Since you visit such sites and download software , I would suggest you add McAfee Site Advisor to your list of protection tools (free browser add-on which checks sites you visit and informs you if they can send you spam , if they contain malicious downloads,if they use browser exploits,if they link to other mal sites ... ) Site Advisor works with IE and Firefox :thumb:
     
  11. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    No AV protects you 100% all the time, it can't be done.
    I suggest that you surf safe, don't visit any crack/porn sites etc. and you'll be just fine. NOD32 is capable of detecting a large amount of new malware before any signature has been released, but it doesn't make you immune to new threats.

    Common sense is your best weapon.
     
  12. ASpace

    ASpace Guest

  13. omegac

    omegac Registered Member

    Joined:
    Dec 2, 2006
    Posts:
    7
    Thanks guys....I will look into the other suggestions. I usually use Firefox, but had strayed into IE today.

    As for visiting the porn sites, you would be calling an ambulance, not IT support if I did that at my age :rolleyes:

    Thanks again, have a good evening.
     
  14. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Sorry, I was just listing some general sites where you will most likely run into some nasty malware :D
    I wasn't saying that you visit them or anything like that.
     
  15. omegac

    omegac Registered Member

    Joined:
    Dec 2, 2006
    Posts:
    7
    No need to apologise Brian, I was just joking, I appreciate all the input from everyone here....
     
  16. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Alternatives to SiteAdvisor are Scandoo, CallingID and Link Scanner Lite/Pro(my favourite)
     
  17. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    No slant here towards NOD but i think the entire AV industry needs to improve it detection for these malware. The security cleaning forums are absolutely full of these infections. And there are many ways to catch this infection not just 'Cracks'!.

    The other day while browsing, one link led to another and saw a chance to view 'JLO':blink:. Well i couldn't turn that down could I!:D . Clicked another link and it said that i was missing a codec and knowing is was a nasty in waiting, clicked off the popup box. A few moments later, it started trying to download anyways but i didn't care because i was running 'Bufferzoned'. Cleaned the Zone and all is well. Bad news is, i never did get to see 'JLO'!:thumbd:
     
  18. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    if you check NOD 32 signatures, lots of Zlobs variants are added each day
    But you hit the point: sandbox HIPS are the best option for this kind of threat
     
  19. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Zlob has a new variant ready every hour or less :eek:
     
  20. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    The same can be said for Strations, Lineage trojans and others of this kind
     
  21. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    And a lot of these variants are tested against up-to-date AV solutions to make sure they have some survival time... :D
     
  22. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    As soon as eset find a new zlob-transmitting site they add a block to it, so if you have IMON enabled with the "website access blocking" you can't even access most of the zlob-transmitting sites. That's one of the best protective features I've seen so far against these zlobs, as they release so many new variants of zlob every day each one different from the last you can't rely on the generics of any antivirus to detect all of them, as far as I know Nod32 is the only AV that blocks access to known zlob websites.

    Londonbeat
     
  23. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
    Is "website access blocking" a new feature? I never renewed NOD32 2.5 as I didn't ever get a renewal price email. I'm running AVS now.
     
  24. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    No, it has been around for a while.

    Cheers :D
     

    Attached Files:

  25. cerBer

    cerBer Registered Member

    Joined:
    Jul 29, 2006
    Posts:
    81
    If you do all that(especially, if you have scripts disabled in your browser and are behind router or other firewall), then you generally do not need NOD32 or any other antivirus - except for scanning email attachments and downloaded files - in which case free online scanner would most likely do.

    The only case I can remember common sense was of no help was Blaster infecting PC's during startup, due to bug in ZoneAlarm(and maybe, some other firewalls too).
     
Thread Status:
Not open for further replies.