NOD32 Didn't Stop Well Known WIN32 Downloader! WHY?

Discussion in 'NOD32 version 2 Forum' started by mliving, May 30, 2007.

Thread Status:
Not open for further replies.
  1. mliving

    mliving Registered Member

    Joined:
    May 30, 2007
    Posts:
    3
    WHY DID NOD32 FAIL TO STOP THIS WIN32 DOWNLOADER TROJAN?
    - trojan adware.w32.expdwnldr -​


    This is NOT a new TROJAN, in fact it's over three (3) years in the wild, and I would have expected NOD32 to be able to stop this trojan in it's tracks the moment it tried to attack the PC.

    I DO NOT believe NOD32 operated as promised or advertised. I KNOW NOD32 FAILED because I spent several hours manually removing this trojan and the downloading bombs it laid all over this PC.

    So what is eset going to do to ensure I don't have to spend several hours of my billable time cleaning up messes like this on my NOD32 "protected" PCs in the future?

    I am NOT impressed AT ALL. In fact in all the years I used Norton I NEVER once had any of my PCs nailed like this. NEVER!

    A very dissatisfied customer!

    mliving
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Please provide the "NOD32 Event Logs" from that system, as well as the last scan log.

    Blackspear.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    According to the description I've found on the web, it looks like a downloader for a rogue antivirus program. I haven't seen a case when this downloader was undetected by NOD32. However, bear in mind that no AV is 100% perfect and each misses more or less threats. If you come across a suspicious file not picked up by NOD32, send it to samples[at]eset.com for analysis.

    The rogue antivirus only pretends to find viruses on your pc and lures you into buying it in order to remove infection. It has no other purpose like spying or damaging files on your disk.
     
  4. gjmveloso

    gjmveloso Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    26
    Dont spend your time sending samples to ESET. :(

    I sent more than twenty samples in a month and ESET didn`t update the database and today NOD32 don`t detect any sample, well-known as Banker family.
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    This has been answered multiple times. Please see the ANSWER provided in the Frequently Asked Questions - FAQs thread under the heading of "Submitting samples and suspicious files to ESET."

    Blackspear.
     
  6. ASpace

    ASpace Guest


    Who knows what did you submit .When I send something , it is added really soon . Undetected real threats are always added soon , crap may not be added.
     
  7. gjmveloso

    gjmveloso Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    26
    I sent some brazilian quickly spread malwares who steals sensitive information using keylogging techniques and ESET don`t use this to improve detection of Banload/Banbra/Banker. I cant undestand buts OK
     
  8. martosurf

    martosurf Registered Member

    Joined:
    Aug 24, 2006
    Posts:
    29
    Hello,

    I used avast! antivirus for 3 years and I like it very (VERY) much, but I have to admit NOD32 is far superior, not only superior than avast! which is itself a great product, but NOD is superior -to my understanding- to all other solutions out there, including F-Prot and Avira which has the better heuristics engine I have seen.

    I think it's a **** to become infected with a virus/malware but as Marcos said there's no antivirus/antimalware solution that can be 100% effective, besides that I find really difficult that so old malware just slips behind NOD without being noticed.

    On the other side, if you don't trust NOD sure you can go and try any other solution because you know antiviruses are like shoes: there's no one that fits for all but allways there's one that fits you.

    Just keep in mind getting out of NOD you will be giving your back to one of the most excellent reliable malware protection solutions existing today in the market, a beautiful crafted piece of code with large chunks of Assembler which makes it the most fast and versatile solution out there.

    The only complaint I could have with ESET now I'm a fully customer is it's archaic GUI, it stinks. Of course after little playing a get confident with it but that's because I'm a power user, I still think this GUI isn't for everyone and that's a major drawback with this solution. That I am a power user and I can feel at home with this prehistoric GUI after little player doesn't mean I would not like a more fancy and 'ergonomic' GUI. In fact, F-Secure 2007 and Norton IS 2007 GUIs are both excellent and I think ESET should follow those steps.
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    GUI has completely changed with ESS. If you want to try out ESS beta, see the thread https://www.wilderssecurity.com/showthread.php?t=174235 ;)
     
  10. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    I have a question.

    Why is that old post still touted as "the" answer to such questions, when, judging from posts in this forum, there are obviously many people who find the policy unsatisfactory?

    Is it a subtle hint for us to "deal with it", since that's the way things are and will be?
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Because this is the answer and it is the way ESET handle submissions.

    They handle a customer with an infected system very differently, priority is given in such an instance.

    Cheers :D
     
Thread Status:
Not open for further replies.