NOD32 never seems to detect these

Discussion in 'NOD32 version 2 Forum' started by noons, Apr 27, 2007.

Thread Status:
Not open for further replies.
  1. noons

    noons Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    115
    Just want to report/ask why nod32 misses these packed files. I started getting an email every once in a while from what looked like a bot to download a file. I ended up tracing a file to a certain site and the entire site is based on distributing these trojans. I did some searching and i found that they have other themed sites, one warez one free downloads such as a free software site and one ringtones. Every week they change the virus or packer and every week nod32 misses it. I have to submit it and wait a month for detection. It also causes a nasty infection due to many of them including a downloader. Some were variants of vundo. Is there a reason why nod32 misses it? Is there a way to report the site that i traced the file to? It seems when i report it to virustotal, even some free antivirus pick it up or at least mark it as suspicious however nod32 reports it as clean, once submitted manually or through the site it takes another 3-4 weeks to include definitions for. o_O


    Also I can report one of the site addresses so you get an idea if Blackspear wants it or whoever.
     
    Last edited: Apr 27, 2007
  2. ASpace

    ASpace Guest

    Send suspicious files/sites to support @ eset . com if you have them on your computer or send them to samples @ eset . com if you just found them somewhere
     
  3. noons

    noons Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    115
    Yes I do, however every week they change the variant or packer and every week nod32 misses the new one. Kinda getting tedious.
     
  4. ASpace

    ASpace Guest

    Probably ESET Support know more . Anyway , send the support more information and the files , of course .
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Several speculative posts removed on how Eset conducts their private business.

    Once again, this is the support forum for Eset products and not a gathering place for rumors, innuendos, and gossip.
     
  6. Megachip

    Megachip Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    243
    hello noons,

    sounds like an problem we also have... some downloader seems to connect to different sites and download different tTrojans... the Trojans where detected by nod, but it seems impossible to find the downloader.

    Its very irritating to get every 5 minutes, or every hour some IMON/AMON alerts...

    We've also get an mail, if some client are infected... so now we have approx. 3000 mails with 55.000 infections (one client).

    The user have reinstalled his windows, because the operator couldn't locate the downloader :(

    Websites which are connected could be reported, if necessary.

    Regards, Meg
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    In such a scenario please complete the following:
    Contact your local NOD32 support office and provide them with the following logs:

    HijackThis from HERE

    Autoruns from HERE

    Lookinmypc from HERE

    Then run each program and forward the logs by email together with the following:

    1. Go to the NOD32 Control Centre
    2. Click on Logs
    3. Right Click on one of last completed full system scan logs.
    4. Click on “Details”
    5. Right Click anywhere on the scan log
    6. Click on “copy all”
    7. Right Click in the replying email to me.
    8. Click on “Paste”

    This will paste a copy of one of the scans you have completed.

    Cheers :D
     
Thread Status:
Not open for further replies.