NOD32 does not detect Delf.DOQ

Discussion in 'ESET Smart Security' started by esskaysl, May 2, 2008.

Thread Status:
Not open for further replies.
  1. esskaysl

    esskaysl Registered Member

    Joined:
    May 2, 2008
    Posts:
    1
    I was a fan of eset nod32 for various reasons. Recently I have downloaded Eset security trial pack from eset.com. it is working fine with all online threats. Today I have copied one keygen.exe onto CD and lent to my colleague.
    SHOCKED! AVG immediately detects the Delf.DOQ trojan Horse and really i was so ashamed as couple of days back only I argued with him that NOD32 wouldn't miss even a single threat and the AVG etc are bloody waste.

    The updates are proper and I scanned the CD and the file again in NOD32. Clean Chit!!

    Any body ..can u tell me what went wrong.

    ---ESSKAYSL
     
  2. rollers

    rollers Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    439
    Yes, don't mess with keygens
     
  3. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Long story short, NOD32 failed, simple as that.

    Cue the standard answer about how no AV detects 100%, yadda yadda.
     
  4. ASpace

    ASpace Guest

    Why would you need a keygen is the first to ask ? :rolleyes: The fact AVG detects something in this keygen , doesn't make the file real trojan/malware . Submit the file to ESET samples@eset.sk and ESET Labs will check it.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Maybe it's dissapointing for someone to learn that we don't live in a perfect world. It's a matter of fact that every AV misses threats, I could point out thousands of examples where NOD32 is the only or one of 2-3 AV programs to detect a particular threat. Please submit the file with this thread's url in the subject to samples[at]eset.com so that we can confirm or deny that it's an actual threat.
     
  6. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The results received from VirusTotal do not tell if a sample is a false positive or not. We've seen samples detected by many AVs that were actually false positives.
     
  8. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    Well you were wrong... nobody can say this for any decent AV... ALL miss malicious files

    If you consider an antivirus missing 1 sample a "fail", then I suppose ALL AVs fail. You already know that no AV detects 100%... then you should know all AVs miss malicious files and its not the end of the world just because of this and doesn't make the AV bad. Sure, it may have missed a few samples... But then what about the other millions which it can detect then?.. surely this has some significance.


    Why do we keep having these kind of discussions here? We all know the answer... If you suspect NOD did not detect a malicious file, send it to samples@eset.sk and let them decide whether it is malicious or not. If it is confirmed malicious, NOD will add it to its database and protect you from it.
     
  9. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Re solcroft:-he only does it to wind people up and it was you that bit this time!
     
  10. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    ha ha ha... woopsie! The hot weather here in England at the moment is heating my head up a bit I guess!
     
  11. SFC

    SFC Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    33
    And what about http://www.threatexpert.com/ ?
     
  12. jdenton

    jdenton Registered Member

    Joined:
    Apr 25, 2008
    Posts:
    47
    It's been five days. Does NOD32 detect this file yet? o_O
     
  13. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    ThreatExpert does not always provide sufficient information to determine whether a file is malicious or not.
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It looks like an automated system so it's prone to mistakes. Advanced heuristics also analyses the behavior of files it scans.
     
  15. curiousmicrobe

    curiousmicrobe Registered Member

    Joined:
    Feb 17, 2008
    Posts:
    32
    See I love NOD32 to bits. But when I do find a threat that it doesn't detect, I send it to samples@eset.sk, the problem is I never get a reply and some of these missed malwares have since been detected by Kaspersky Online Virus Scanner but still not (after 5 days) by NOD32. :'(
     
  16. ASpace

    ASpace Guest

    With all my respect , but detected by Kaspersky doesn't make the files 100% infected or malicious . I agree with you about the non-reply part , I would really like to see at least automatic message that what was sent have been received
     
  17. jdenton

    jdenton Registered Member

    Joined:
    Apr 25, 2008
    Posts:
    47
    Hi,

    So what makes a file a virus then? I'm just curious because being detected by other AVs doesn't mean its a virus, submitting it to Virustotal doesn't mean its a virus, submitting it to Threatexpert doesn't mean its a virus, and sending it to another company that analyzes and then adds detection for it doesn't mean it's a virus either.

    In short, if Nod32 doesn't detect it, then it's not a virus? o_O
     
  18. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    NO!
    We're just saying...
    If an AV on VirusTotal or Kaspersky detect it, its not necessarily mean its a virus... It may be a virus (we're not denying that), but its also possible its a False-Positives or detections of "greyware"... things where some people may consider it a virus and others may not.

    ThreatExpert does not properly analyze the file... its not possible to say for certain if a file is a virus or not just by checking it using ThreatExpert.

    We're not saying its not a virus. We're just saying the methods mentioned above do not always give a clear indication whether it is malicious or not (depending on the circumstances)
     
  19. jdenton

    jdenton Registered Member

    Joined:
    Apr 25, 2008
    Posts:
    47
    But what if a file was SENT to an antivirus company as well for them to analyze because they didn't detect it either, and they then ADDED detection for it?

    Also, what if the four methods above COMBINED told the user that a file IS a virus?

    Do those still not mean it's a virus?
     
  20. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    501
    Avg detects most of the keygens as trojan,wormsetc,even if they are clean of such threats.
     
  21. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If you mean this one, it seems to be benign:

    AVG - - Delf.DOQ
    CAT-QuickHeal - - (Suspicious) - DNAScan
    eSafe - - suspicious Trojan/Worm
    Fortinet - - Agent.GAU!tr
    Ikarus - - Virus.Win32.Trojan
    McAfee - - potentially unwanted program Generic PUP
    Prevx1 - - Malicious Software
    Sophos - - Troj/Agent-GAU
    Webwasher-Gateway - - Win32.Malware.gen!80 (suspicious)
     

    Attached Files:

    • bar.png
      bar.png
      File size:
      5.4 KB
      Views:
      772
  22. ThomasAdams

    ThomasAdams Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    35
    Location:
    Oregon, USA
    Your only protection that is 100% guaranteed to prevent getting a virus/trojan/malware infection from a keygen.exe program is to actually purchase the software... :rolleyes:
     
  23. pip22

    pip22 Registered Member

    Joined:
    May 25, 2004
    Posts:
    12
    Most keygens are identified as viruses because the security software vendors don't want you to use them (for obvious reasons). I have a keygen that came up clean on Kaspersky, BitDefender, AVG & Comodo. Just switched to a different AV package which flags that same keygen as virus-infected. So very probably it's a "false positive" but taking no chances. I deleted the keygen and the prog it was designed for.
     
Thread Status:
Not open for further replies.