NOD32 Business has missed two threats in the past two weeks

We have had two different computers infected with the Win32/Olmarik.TDL4.trojan over the past two weeks. At least one was caused by a user clicking a link in an email. NOD32 is unable to remediate this threat in any way. I have to rely on other company tools to remove the infection. Even the standalone Eset malware remover for this trojan does not find it.

Why isn't nod32 able to catch and/or remediate this infection? I have the exchange agent installed on the exchange server, and all of the clients are up to data with mail scanners active. How is this getting missed?

 

I'd suggest emailing ESET's viruslab as per the instructions here and providing them with the scan log.

 

OK, i have exported the offending email the user said that they got the trojan from, and have sent that and the logs to eset for analysis. Meanwhile, i am trying to find out how to protect from this going forward.

 

Don't give users admin rights on systems, run DEP in OptOut mode, enable SEHOP, upgrade to Windows 7 and Nod32 v5 if possible, run a WSUS server to verify that OS/Office updates are being installed, and come up with a mechanism to get software updates to the major infection vectors pushed to systems (Acrobat, Flash, Java, etc).