nod32 3.0.621 disabled by trojan

Discussion in 'ESET NOD32 Antivirus' started by alloucho, Dec 30, 2007.

Thread Status:
Not open for further replies.
  1. alloucho

    alloucho Registered Member

    Joined:
    Dec 26, 2007
    Posts:
    145
    Today my pc was infected by a trojan named "Trojan-Downloader.Win32.Bagle.hh". nod32 v.3.0621 was not able to detect it.
    after a reboot, nod32 don´t load anymore. when i opened the control center, it was totally empty, blank. so i have installed kaspersky, which detected this trojan with the above name.
    i believed, i was secure with nod32, but now...o_O
    :thumbd: :thumbd: :thumbd:
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Every AV misses something, I could prove the same with KAV if I used a different set of samples. If you come across a threat that is not detected, compress it, protect the arcive with the password "infected" and send it to samples[at]eset.com
     
  3. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Also, since bagle is usually an attachment to an e-mail, I would inform whom ever opened that attachment to be somewhat more cautious.

    Bubba
     
  4. meschubert

    meschubert Registered Member

    Joined:
    May 29, 2007
    Posts:
    46
    Location:
    Manhattan Beach, CA
    But some are better than others. I guess that is what we spend all this time looking for.
     
  5. alloucho

    alloucho Registered Member

    Joined:
    Dec 26, 2007
    Posts:
    145
    Here a screenshot of the nod32 control center i get after a reboot.:ouch:
     

    Attached Files:

    • jpeg.jpg
      jpeg.jpg
      File size:
      51.2 KB
      Views:
      1,204
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,763
    Location:
    Texas
    Do a repair install.
     
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Just cuirious if you are having definition update issues or has someone altered the default schedule regarding updates ?

    It appears you are ~ 15 updates behind.

    Latest is NOD32 - v.2757 (20071230)

    Bubba
     
  8. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I had a virus get through on nod32V2 with blackspear settings,how ever I do a lot of downloading and was not running any other realtime protection along side just windows firewall.A back up on demand scan got it.I believe If I was using something of lesser quality I may have been Infected more often .Do i still use nod you bet I do just added a realtime spyware/malware for some more layered protection.
     
  9. ASpace

    ASpace Guest


    2740 is the default signature version that comes with the installer file of build 3.0.621
    Most likely it has never been updated
     
  10. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Very true ;)
    Appears as much :eek:
     
  11. zorbis

    zorbis Registered Member

    Joined:
    Dec 23, 2007
    Posts:
    27
    just wondering here...who knows if u wud have experienced the same sort of problems with version 2.7...just a little thing in the back of my head..thats all.
     
  12. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,763
    Location:
    Texas
    That may be correct or maybe not. Version 3 as well as Version 2 update upon installation if you enter your license details while installing.

    If they don't update, you will get a warning.
     
  13. alloucho

    alloucho Registered Member

    Joined:
    Dec 26, 2007
    Posts:
    145
    Here is another screenshot on onother pc infected by the same trojan.
    nod32 is here up to date: v2757o_O
     

    Attached Files:

    • jpeg.jpg
      jpeg.jpg
      File size:
      53.6 KB
      Views:
      1,131
  14. nodyforever

    nodyforever Registered Member

    Joined:
    Oct 30, 2007
    Posts:
    549
    Location:
    PT / Lisbon
    The Eset must walk guarding the viruses for her, the updating does not do corresponding sense to the number of samples that are sent, besides when we subject some archive for the Eset we are not warned if this one is or not a virus and it was put itself in the database.


    The Trojan Bagle as it was said here in the forum is able to do so that the ekern.exe is finished and the Eset is not acting in the most correct way for with the users who order samples and have not any answer of turn.


    Please do from knots a few innocent dogs that do not understand of anything and what we like implicating.
     
    Last edited: Dec 30, 2007
  15. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I do no about v2 being disabled from trojan but If virus database is out of date I will get a warning to update by
     
  16. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    I'm not sure I understand what your trying to say. Would you consider reposting? I know that english is not your first language but I don't understand the references to knots, filing cabinets and dogs.
     
  17. alloucho

    alloucho Registered Member

    Joined:
    Dec 26, 2007
    Posts:
    145
    same quote found here from same member.
    https://www.wilderssecurity.com/showthread.php?p=1150534
     
  18. nodyforever

    nodyforever Registered Member

    Joined:
    Oct 30, 2007
    Posts:
    549
    Location:
    PT / Lisbon
    Editing post :)
     
  19. nodyforever

    nodyforever Registered Member

    Joined:
    Oct 30, 2007
    Posts:
    549
    Location:
    PT / Lisbon
  20. poutine

    poutine Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    371
    Location:
    England or Quebec
    Whatd'ya mean you dont understand filing cabinets and dogs, its part of NOD isnt it ?? :D Sorry you just made me laugh a bit, needed that.
    Thanks also nodyforever !! I did understand properly though in the end. ;)
     
  21. kolesar

    kolesar Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1
    27-Dec-2007 = nightmare for me.
    I am using Windows XP.
    First i couldn't download Security Update for Windows XP (KB890859) &
    Security Update for Windows XP (KB931784) &
    Definition Update for Windows Defender - KB915597 (Definition 1.24.5054.0).
    Second i couldn't run and later reinstall my security program NOD32,
    KASPERSKY,PANDA,PC-Cillin,.. then i installed Spybot's Search and Destroy
    but some bug or what erased exe-files and after all online NOD32,
    KASPERSKY,PANDA,PC-Cillin,.. didn't found nothing.
    Pleas help me.
     
  22. Muscle

    Muscle Registered Member

    Joined:
    Aug 11, 2006
    Posts:
    15
    In my experience, NOD32 is really bad in finding Bagle viruses compared to other scanners like Kaspersky. It's takes some time for Eset to update their signatures with the latest Bagle variants.

    This happened with all variants that I have seen:
    -Trojan-Downloader.Win32.Bagle.ft
    -Trojan-Downloader.Win32.Bagle.fx
    -Trojan-Downloader.Win32.Bagle.hi (still undetected by Nod32)
    -Trojan-Downloader.Win32.Bagle.hh (still undetected by Nod32)
     
  23. ASpace

    ASpace Guest

    @Muscle

    May be (just a guess) they want to update/develop one generic signature instead of pushing new signatures for each and every new variant every day ?
     
  24. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    If I was ESET, I'd create signatures (even simple CRC32 of files) for these samples and later work on the generic detection. Having undetected samples leaves a sour taste.
     
  25. meschubert

    meschubert Registered Member

    Joined:
    May 29, 2007
    Posts:
    46
    Location:
    Manhattan Beach, CA
    I have to agree. Working on the "big picture" is great and probably has a lot to do with why NOD32 is lighter than other scanners; however, it little comfort to those who get infected in the meantime. I don't remember all these issues popping up in the forum with V2.7 so I am wondering if Eset is spread too thin.

    It seems that Eset should be able add the newest signatures while working on the longer term solution and then remove them as they are no longer needed. Not doing so is undermining my confidence in this product and making me wonder if hourly updates and a little more scanning time is a better way to go.

    I'll probably stick it out with NOD32 for now, but if this continues, I'm going to take a good look at KAV V8 when it is released. I hope Eset is not just being "hard headed" about their methodology. It would hate to see it damage the product's popularity.
     
Thread Status:
Not open for further replies.