Nod32 - not finding virus?

Discussion in 'NOD32 version 2 Forum' started by Emniman, Sep 27, 2004.

Thread Status:
Not open for further replies.
  1. Emniman

    Emniman Registered Member

    Joined:
    Sep 27, 2004
    Posts:
    12
    Hi peeps.

    Well just curious why nod 32 couldent find this virus.
    (not sure its a virus doh)

    Downloaded a file and scaned it with nod32 and it was clean
    but 2 be sure it was clean i did a online scan and jikes
    guess i was surprised when it told me this:

    BitDefender 7.0 09.27.2004 -
    ClamWin devel-20040822 09.27.2004 -
    F-Prot 3.15a 09.27.2004 security risk or backdoor
    Kaspersky 4.0.2.24 09.28.2004 VirTool.Win32.Allinwon
    McAfee 4394 09.22.2004 -
    NOD32v2 1.879 09.27.2004 -
    Norman 5.70.10 09.24.2004 -
    Panda 7.02.00 09.27.2004 -
    Sybari 7.5.1314 09.28.2004 VirTool.Win32.Allinwon
    Symantec 8.0 09.27.2004 -
    TrendMicro 7.100 09.26.2004 -


    btw sry for my poor english.
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Emniman, welcome to Wilders.

    Can you please ZIP that file and send it to samples@nod32.com

    Let us know how you go...

    Cheers :D
     
  3. Emniman

    Emniman Registered Member

    Joined:
    Sep 27, 2004
    Posts:
    12
    Thnx for the fast response.

    Iv sent the file and lets see what they have 2 say.
    Will tell u how it goes.
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thanks for that...

    Cheers :D
     
  5. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    could u tell me the details of the file you downloaded?

    it looks as thought the other AV's have only picked it up as a possible,
    so your probably safe.

    do u have a firewall, if so is there any new suspicious outbound traffic?
    somtimes trojan downloaders behave like this, a file is downloaded that sends out requests for the rest of the file[eg in 2 or more parts, 2 try an beat detection] u could check the firewall logs if u have already deleted it.

    ive heard of similar false positives though latlely with webroot software[windows washer and other pros]
     
  6. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    after a bit of investigating that file "VirTool.Win32.Allinwon" is a virus generator,
    not tech a virus, its classed as spyware/maleware. if it came with a program that has an end user agreement, pros such as adaware probably wont pick it up, for legal reasons.

    check your task manager for a running process "aiw.exe"
    kill this task if present.
    then search with explorer for the same file and delete.

    this file is quite old an should have been detected if that is what it really is.
     
  7. Emniman

    Emniman Registered Member

    Joined:
    Sep 27, 2004
    Posts:
    12
    Thnx peeps for the info.
    Havent got any mail from nod32 yet.

    Yepp iv got a fire wall - one software and one hardware - :)
    but i havent executed the file yet b/c i didnt know what virus/trojan it was.

    that file i downloaded was a simple exe file - found it on a forum and some said it was a virus in it and some said it wasnt - so i downloaded the file 2 see for my self and in that way it is - what this file does? - i havent got a clue - :)
     
  8. Emniman

    Emniman Registered Member

    Joined:
    Sep 27, 2004
    Posts:
    12
    Just a little update - with the newest pattern 1.881 so finds Nod32 the virus.
    :D

    Keep up the good work Eset.
     
  9. se7engreen

    se7engreen Registered Member

    Joined:
    Feb 6, 2004
    Posts:
    369
    Location:
    USA
    Along the same lines, I submitted a file to http://virusscan.jotti.dhs.org/ for analysis and NOD32 was the only scanner that didn't pick up the trojan. The malware was TrojanDropper.Win32.Kuang, so yesterday I submitted to Eset and I was pleasantly surprised to see that today NOD32 now detects this. At present, I'm only trialing this AV, but if the response is always this quick I just might get the 2 yr license that I've been considering.
     
  10. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Good to see the results Emniman and Se7engreen...

    Thanks for keeping us up to date...

    Cheers :D
     
Thread Status:
Not open for further replies.