NOD32 never seems to detect these

Just want to report/ask why nod32 misses these packed files. I started getting an email every once in a while from what looked like a bot to download a file. I ended up tracing a file to a certain site and the entire site is based on distributing these trojans. I did some searching and i found that they have other themed sites, one warez one free downloads such as a free software site and one ringtones. Every week they change the virus or packer and every week nod32 misses it. I have to submit it and wait a month for detection. It also causes a nasty infection due to many of them including a downloader. Some were variants of vundo. Is there a reason why nod32 misses it? Is there a way to report the site that i traced the file to? It seems when i report it to virustotal, even some free antivirus pick it up or at least mark it as suspicious however nod32 reports it as clean, once submitted manually or through the site it takes another 3-4 weeks to include definitions for.


Also I can report one of the site addresses so you get an idea if Blackspear wants it or whoever.

 

Send suspicious files/sites to support @ eset . com if you have them on your computer or send them to samples @ eset . com if you just found them somewhere

 

Yes I do, however every week they change the variant or packer and every week nod32 misses the new one. Kinda getting tedious.

 

Probably ESET Support know more . Anyway , send the support more information and the files , of course .

 

hello noons,

sounds like an problem we also have... some downloader seems to connect to different sites and download different tTrojans... the Trojans where detected by nod, but it seems impossible to find the downloader.

Its very irritating to get every 5 minutes, or every hour some IMON/AMON alerts...

We've also get an mail, if some client are infected... so now we have approx. 3000 mails with 55.000 infections (one client).

The user have reinstalled his windows, because the operator couldn't locate the downloader

Websites which are connected could be reported, if necessary.

Regards, Meg

 

In such a scenario please complete the following:
Contact your local NOD32 support office and provide them with the following logs:

HijackThis from HERE

Autoruns from HERE

Lookinmypc from HERE

Then run each program and forward the logs by email together with the following:

1. Go to the NOD32 Control Centre
2. Click on Logs
3. Right Click on one of last completed full system scan logs.
4. Click on “Details”
5. Right Click anywhere on the scan log
6. Click on “copy all”
7. Right Click in the replying email to me.
8. Click on “Paste”

This will paste a copy of one of the scans you have completed.

Cheers