NOD32 4.0.437 fails to detect Win32.Vitro?

Discussion in 'ESET NOD32 Antivirus' started by ajones, Aug 15, 2009.

Thread Status:
Not open for further replies.
  1. ajones

    ajones Registered Member

    Joined:
    Aug 1, 2008
    Posts:
    3
    My friend brought his laptop over to me day before yesterday saying it was exhibiting "strange" (read "classic malware") behavior. Even though his system had NOD32 installed and updated (which he bought following my advice), it simply failed to detect the massive Win32.Vitro infestation that had already destroyed most of his system files etc. In fact, from what I read online about how Vitro works, NOD32 may have actually helped spread the infection far and wide throughout his system.

    I tried online scans, downloading AV ISOs... all to no avail. His system had well and truly been destroyed by this POS, and there was nothing to do except format and reinstall. As an added bonus, he ended up losing many important files as well since he didn't have a recent backup. :(

    Now my question is, from what I've read online this is not a new virus. It also seems to be a new and improved variant of Win32.Virut which has been out for quite some time now. So why does NOD32 fail to even detect one of the most dangerous virii prevalent these days?

    In fact, as a test I submitted an infected file from my friend's system to Virustotal and this is the result I got:

    ~Virus Total link removed per Policy.~

    Seems only Avast and GData were able to positively identify the virus, and eSafe at least flagged it as suspicious. What the heck are other AV vendors doing then, huh? o_O This is simply ridiculous, especially when a paid AV is so slow to react to such a devastating infection in the wild. :mad:

    This is the very first time that NOD32 has let me down in over 4 years, but it seems that ESET's now taken to resting on its laurels instead of being the first mover it used to be once upon a time. Frankly, the margin of error is very small nowadays (especially if a customer's precious data is lost), so if this is how things are going to be in the future, it seems I'll have to finally move on to something else myself, and also stop raving about and recommending NOD32 to everyone I come across. Sad, but can't be helped. :(
     
    Last edited by a moderator: Aug 15, 2009
  2. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    Quite simply because there is always a window of time between when a new variant is released into the wild and when an AV company gets a hold of said variant in order to create a detecton method for it. Any of the virut family viruses are extremely destructive and all companies struggle to keep up with it.
     
Thread Status:
Not open for further replies.