nod32 fails to detect virus Heur.Downloader

Discussion in 'ESET NOD32 Antivirus' started by Superman20, Dec 26, 2007.

Thread Status:
Not open for further replies.
  1. Superman20

    Superman20 Registered Member

    Joined:
    Dec 24, 2007
    Posts:
    39
    I previously had nod32 version 3 (build 621) and it started acting wierdly, I noticed that the display at the top of the screen (main menu) i.e. the green part which says nod32 was missing. Also I ran a scan and suprisingly it took only 10 mins to complete (usually 40 mins). I did a clean uninstall (including registry) and reinstalled. However the same problem occured. As a last resort I removed it and installed Kaspersky antivirus 7 and ran a complete system scan. The scan yielded 3 trojans which were supposedly removed by nod32 and also 2 new threats (not previously detected by nod32):

    virus Heur.Downloader (detected in C:\System Volume Information\_restore{CCCDEC69-6F0A-4A1F-93EF-1FB499906871}\RP260\A0057110.exe).

    Trojan.Win32.Qhost.tk (deteded in C:\System Volume Information\_restore{CCCDEC69-6F0A-4A1F-93EF-1FB499906871}\RP250\A0056198.exe/AutoPlay/autorun.cdd)

    I would be grateful if the above threats could be added to the virus definitions
     
    Last edited: Dec 26, 2007
  2. THE_BAD_BOY

    THE_BAD_BOY Registered Member

    Joined:
    Nov 15, 2007
    Posts:
    40
    Hello those treats are on system restore .. please turn off system restore then restart your pc when pc start back again turn on system restore then run a fuu system scan again with Ess/EAV
     
  3. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    609
    Location:
    Surabaya Indonesia
    Every AV will missed malware sometimes. You could send samples to samples[at]eset.com. :D
     
  4. ASpace

    ASpace Guest


    If the above was everything that Kaspersky detected , it was harmless unless you use System Restore or Eset Antivirus has already killed them (in SR it was just a copy)
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,408
    Remember that it was detected heuristically so there's a bigger chance it could be a false positive. The best would be if you could compress the file, protect the archive with the password "infected" and send it to samples[at]eset.com for analysis.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.