NOD32 not detecting...

Discussion in 'NOD32 version 2 Forum' started by winx5, Jan 17, 2006.

Thread Status:
Not open for further replies.
  1. winx5

    winx5 Registered Member

    Joined:
    Jan 14, 2005
    Posts:
    26
    1. I sent four suspicious samples to Eset 04.01.06, and some days later, only two of these were added to signatures.
    I submitted the two still undetected samples to Jotti now, as NOD32_Not_Detecting_040106.rar

    http://img16.imageshack.us/img16/8781/nod32notdetecting0401062zc.th.png

    2. Some time in early December, my computer got infected with some HEAVY malware, which made my computer unusable. It disabled some functions in Explorer, TaskManager and deleted some vital Windows files I believe.
    I fiddled a lot with different security progs to resolve the problem, and had to reinstall Windows to completely fix the damage.
    I ran F-secure Blacklight, and it didn't find any hidden processes or files...
    UNTIL after the scan finished, I clicked the button "Show all processes", I saw a process named FILE01.exe, with the modules FILE02.dll and rundl123.dll. I managed to kill the process with IceSword I believe. :ninja:
    I think these files run with some kind of Rootkit privileges, and NOD32 doesn't detect these to date... :doubt:
    I uploaded these files now to Jotti as NOD32_Not_Detecting_070106.rar

    http://img493.imageshack.us/img493/8461/nod32notdetecting0701064bf.th.png

    3.I am VERY happy with NOD32 in every way, and I will stick with it for years to come, no doubt! :thumb:
    But out of curiosity, I trialled AVG today, to see how it was. I scanned my computer, and it found two spyware exe's: Adware Generic.BVV and Adware Generic.IIZ.
    I really like the way AVG detected these two exe's with Generic detection.
    I submitted these samples to Jotti as NOD32_Not_Detecting_Spyware_samples.rar
    Is it possible to add a Generic detection feature like this to NOD32 in the future?

    http://img369.imageshack.us/img369/2645/nod32notdetectingspywaresample.th.png

    Can Happy Bytes or Marcos please reply to this thread? I am especially concerned about point 2, and I would like to know what kind of files they are...

    Thank you very much!
     
  2. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    If you want to send samples to ESET for analysis, you can do it from within the NOD32 control Center.
    Open Control Center --> NOD32 System Tools --> Quarantine -->
    Submit for analysis --> follow the prompts and fill in the details.
     
  3. winx5

    winx5 Registered Member

    Joined:
    Jan 14, 2005
    Posts:
    26
    NOD32 User,

    Thx, I know.
    I've already done it both ways. :)
     
  4. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    NOD32 indeed detect many Adware heuristically and generically.
     
Thread Status:
Not open for further replies.