nod32 fails to detect virus Heur.Downloader

Discussion in 'ESET NOD32 Antivirus' started by Superman20, Dec 26, 2007.

Thread Status:
Not open for further replies.
  1. Superman20

    Superman20 Registered Member

    Joined:
    Dec 24, 2007
    Posts:
    39
    I previously had nod32 version 3 (build 621) and it started acting wierdly, I noticed that the display at the top of the screen (main menu) i.e. the green part which says nod32 was missing. Also I ran a scan and suprisingly it took only 10 mins to complete (usually 40 mins). I did a clean uninstall (including registry) and reinstalled. However the same problem occured. As a last resort I removed it and installed Kaspersky antivirus 7 and ran a complete system scan. The scan yielded 3 trojans which were supposedly removed by nod32 and also 2 new threats (not previously detected by nod32):

    virus Heur.Downloader (detected in C:\System Volume Information\_restore{CCCDEC69-6F0A-4A1F-93EF-1FB499906871}\RP260\A0057110.exe).

    Trojan.Win32.Qhost.tk (deteded in C:\System Volume Information\_restore{CCCDEC69-6F0A-4A1F-93EF-1FB499906871}\RP250\A0056198.exe/AutoPlay/autorun.cdd)

    I would be grateful if the above threats could be added to the virus definitions
     
    Last edited: Dec 26, 2007
  2. THE_BAD_BOY

    THE_BAD_BOY Registered Member

    Joined:
    Nov 15, 2007
    Posts:
    40
    Hello those treats are on system restore .. please turn off system restore then restart your pc when pc start back again turn on system restore then run a fuu system scan again with Ess/EAV
     
  3. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    605
    Location:
    Surabaya Indonesia
    Every AV will missed malware sometimes. You could send samples to samples[at]eset.com. :D
     
  4. ASpace

    ASpace Guest


    If the above was everything that Kaspersky detected , it was harmless unless you use System Restore or Eset Antivirus has already killed them (in SR it was just a copy)
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Remember that it was detected heuristically so there's a bigger chance it could be a false positive. The best would be if you could compress the file, protect the archive with the password "infected" and send it to samples[at]eset.com for analysis.
     
Thread Status:
Not open for further replies.