nod32 detection

Hello!

Hey guys can you give some confirmation in here if nod32 can scan through a different approach of a virus. I quote this from another forum where some discussions are made about nod32 and antiviruses that can scan with like this.

--->About NOD32 not being able to scan inside archives, it may not have problems with typical ones like RAR and ZIP whose contents (such as applications) are usually decompressed to disk before being executed. However, there are some self-extracting archives that are “packed” in such a way that when decompressed, they load directly into system memory so in essence, potentially infected files are executed immediately. I believe this poses a serious threat for NOD32 and other anti-virus programs that have the same problem.

--->Of course there won't be problems with typical self-extracting archives like ZIP and RAR but I was talking about the other kinds of self-extracting archives (like LZW or ICE, I think) that decompress to memory directly without writing to disk and we all know that once an application loads into memory, it's as good as executed.

Please help! I'd like to know and confirm it before i make necessary answer to this discussion

Thanks!

 

those programs are called packers which packs a program. common packers are UPX, ASPACK, FSG, etc. NOD32 unpacks them and scans them before the packed files gets loaded into memory so you need not worry. infact NOD32 unpacking support is second to only Kaspersky.

 

Currently, AMON (on-access) monitor doesn't scan files packed with utilities like UPX, ASPack, etc. However AMON detect itw packed malware.
When you use Advanced Heuristic, NOD uses a generic unpacker, so it's able to unpack files that are pàcked with new utilities never known before.

 

They really need to work on this I think. I love how BitDefender and AVK in my tests, found compressed/archived trojans/viruses WITHOUT even clicking on the archive.

To me, thats a better thing, and I wish they'd do that with NOD32. Or at the very least, have an option for it.

 

But what about the self extracting archives that decompress to memory directly...not writing to disk? You can't use Adv heuristics because these are not written to disk. So, I agree this is a real worry.

I don't know what you are talking about when you claim adv heuristics will unpack and scan. How, they are not written to disk so how would I use command line adv heuristics to scan them? Please don't tell me I have to use IMON. I don't use IMON and I expect Eset to understand that a lot of us don't want IMON. We want AMON to have proper powers.

 

Agreed.. Amon is sorely lacking in NOD32. IMON is lacking too, but I feel AMON should be a priority for the product at this point, it seems like its falling behind on the curve.

 

reading from your posts, it seems that this posses a threat for nod users right? This means that i'm not 100% secure for now and might be needing a backup av which could do this.

 

As I had already written in one of the threads, we are going to implement support for AH to AMON. It is likely that it will be introduced with program components 2.000.10.

 

That soon huh? Wow! That is great!!!!!!

 

thank you Sir Carew for pointing out my mistake.