NOD32 has problem..Help me plss

Discussion in 'NOD32 version 2 Forum' started by harisankar98, Feb 4, 2007.

Thread Status:
Not open for further replies.
  1. harisankar98

    harisankar98 Registered Member

    Joined:
    Feb 4, 2007
    Posts:
    7
    NOD32 has a big problem.
    (I dont know if there is any problem with my antivirus settings.If so please help me.)
    I inserted a disc with a virus in it( i knew it has a trojan in it, i did so to check nod32) and opened the folder containing the virus, nod32 made no response.
    Only when i manually scanned the files , it detected the virus.
    but all other antiviruses like AVG pops up a window at the instant when i open the same folder,saying that it has detected a virus and makes it unreadable.
    But with nod32 installed , i tried to run the trojan file from the disc,
    **** ,it worked and nod32 did nothing at all!!!!!!!!!!!!!!
    Tell me if i can fix this by some settings change....
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Did you actually copy the file somewhere so that AMON could scan it for runtime packers and with advanced heuristics? Note that these options work only on newly created files because of a high CPU utilization required for processing.
     
  3. harisankar98

    harisankar98 Registered Member

    Joined:
    Feb 4, 2007
    Posts:
    7
    Marcos,
    i didnt copy the file to my hard drive.
    Actually AVG was able to find the virus presence in disc without manually scanning it( it did notify me when i just opened the folder in the disc)
    Now i tried to copy the file onto my hard drive, then when i tried to paste it, NOD32 told me that it was a virus and moved it to quarantine.
    But is it true that real time scanning in CDs and DVDs is impossible for nod32?
    think, i was able to run the virus from the CD (without copying it to the hard drive)
    What should i do?
     
  4. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    605
    Location:
    Surabaya Indonesia
    i tried the same case and yes nod32 Adavanced Heuristic didnt scan files on CD/DVD. Possible bug ?
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Read it more carefully again, the settings say "Additional options on create" and the description says "Options to use for scanning newly created or modified files". So no, it's not a bug. In the future we'll probably implement a feature that will scan removable media when inserted into a drive.
     

    Attached Files:

  6. harisankar98

    harisankar98 Registered Member

    Joined:
    Feb 4, 2007
    Posts:
    7
    Marcos,
    My AMON has all the options ON and it fails even then.
    and,are you saying that now NOD32 is not capable of scanning removable storage devices on mountingo_O
    If it is, it is a real pity because all other Antivirus i tried like
    AVG,Avast,Kaspersky etc. are capable of doing this.
    The best response was that of AVG . It took less than a second to notify me when i opened the folder containing the virus.
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    The point is, nothing is being "created", move the file from the CD to your system and see AMON bite it ;) :D

    Cheers :D
     
  8. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    605
    Location:
    Surabaya Indonesia
    yes but if we accidentally run some nasty virus then our pc will be infected
     
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    No, because AMON will grab it upon creation.

    Cheers :D
     
  10. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    605
    Location:
    Surabaya Indonesia
    yes if it creates files on hard drive but it still running on memory. i have tried it.
     
  11. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    If the files you are trying to run are:
    a) not runtime packed
    b) not a self-extracting archive
    c) not detected by advanced heuristics ("probably unknown NewHeur_PE virus")
    NOD32's AMON will detect the virus.

    But if either "method" of a,b,c are required, NOD32's AMON will only detect it if the files are being moved/copied (that's why it says "newly created or modified files" in AMON's options).
     
  12. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    605
    Location:
    Surabaya Indonesia
    well maybe in version 3 it will be "fixed" :D
     
  13. harisankar98

    harisankar98 Registered Member

    Joined:
    Feb 4, 2007
    Posts:
    7
    'Trojan horse PSW.Generic3.ALD' is the one with which i tested NOD32 . It had the file name 'Showpass.exe'.
    Hope that NOD32 will add the module in its next version
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Well, in certain circumstances it can take up to 10 secons for advanced heuristics to emulate the code. I don't think there is hardly anyone who wouldn't mind waiting so long before a file is executed. Maybe in the days of 20 GHz CPUs it will be possible ;)

    If you happen to run a malicious file it will most likely register itselfs to the registry so that it's run the next time you start Windows. In such case, the automatic startup file check in NOD32 will detect it and alert you.


    Marcos
     
  15. realitybytez

    realitybytez Registered Member

    Joined:
    Sep 8, 2006
    Posts:
    30
    you can't really think this is an adequate answer! my god, if avg takes less than a second to detect the malware, why would it take nod32 up to 10 seconds?

    the point being made by the original poster is a valid one. if you can execute malware directly from removeable media, and the malware is fully memory-resident (i.e. doesn't need to create new files on the hard drive), then what's to stop a black hat from writing such code that would make it impossible for you to ever restart windows?

    i think this is a far more serious flaw than you're willing to admit. and i'm beginning to wonder if i made a wise decision to install this product on my entire network.
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Because AVG detected it by a standard signature. Unlike AVG, NOD32 uses a sophisticated code emulator that is capable of identifying millions of threats without the need to update. Threats detected by a signature are detected in much less than 0.05 sec :) I can assure you that you didn't make a wrong decission, NOD32 will protect your network perfectly. I cannot tell here any comparison details with other products, but instead I'd suggest you wait for the upcoming tests carried out by www.av-comparatives.org.
     
Thread Status:
Not open for further replies.