NOD32 - Pls Explain

Discussion in 'NOD32 version 2 Forum' started by Albinoni, Mar 16, 2006.

Thread Status:
Not open for further replies.
  1. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    Heres the link from the Ewido forum section, but how on earth this happened and how on earth NOD32 didn't stop it in the first place.

    Sorry I am completely puzzled here.

    https://www.wilderssecurity.com/showthread.php?t=124224

    I did a full scan with NOD a few days ago in Safe Mode nothing found all clean, did the same with MS Antispyware, Adaware Pro 1.06, Spybot S&D and again all showed clean and its only Ewido that has come up with this.

    Now is Ewido wrong perhaps a bug in the updates ow whatever.

    I have saved the log file and I feel like sending it to Eset and see what they have to say about this.

    But like I said I'm using one of the best AV software out there and by rights this should not of happened.
     
  2. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    hi there,

    was Ewido set to quarantine the files? if so, you could upload some to jotti and see if any other scanners find anything.

    my gut feeling is that they are FPs by Ewido, especially with most of them being flagged as Dropper.VB.lu

    do you have Ewido set to use heuristical analysis? i used to but it gave to many FPs so i stopped using it.

    cheers, lee
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please refrain from making conclusions that AV X is worse than AV Y because it did not detect a file picked up by the other one. NO AV in the world detects 100% of all threats, take it as a matter of fact that will never change. If we were to bash AVs here then I could post here hundreds or even thousands of screenshots showing that other big AVs missed threats detected by NOD32 and vice-versa.

    If you come accross a suspicious file not detected by NOD32, just send it to samples[at]eset.com for further analysis.
     
  4. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    Could you please submit/scan some of these samples at jotti's online malware scan and/or VirusTotal. By doing this, if it's valid detections (which I think it is, see peter's post), it should be added to most AV-vendors defs (since all samples uploaded there are also distributed to AV-vendors).

    Edit: It could be that you will find it in Ewido's quarantine, restore it for the time being and upload it at the beforementioned sites, then delete it again.
     
  5. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    Marcos, who is to say that I'm bashing or ridiculing NOD32 and saying this AV X is better than that AV Y, sorry but I think you have got your facts totally wrong here. I use NOD32, love it, also reccomend it to everyone I know and personally to me its still the best AV out there on the market. Yes I do reealise that no other AV out there on the market is 100% and this goes with all of them.

    But what concerns me is that when Ewido has picked up 162 threats which is a hell of a lot than what is going on, is Ewido at fault here or NOD ? Another thing is my PC has been running fine and I've never had any probs with it.

    If you were in my shoes I'm sure you would be concerned as well or wouldn't you, and finally I'm not here to cause a flaming war.

    Anyhow I will submit this to jotti and see what happens if not to NOD32 support.
     
  6. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    Yes Ewido was set to quarantine the files.

    I thought Ewido was suppose to be the NOD32 or KAV of Anti Malware/Trojans scanners ?

    Alot if not 90% were dropper VB's

    Now the other thing is I have deleted all the files from Qurantine but did have them saved onto notepad, not sure now if I can still send them to jotti for analysis?
     
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    IMHO you have gotten the cart before the horse. You have a thread going concerning one program which you linked to above where you have a log for review but no way of knowing if there indeed were badware files since you have deleted the quarantine :blink:

    In regards to support threads....it would be best to continue discussion of possible FP's with the culprit program before questioning why ABC program did not catch them also....items we will never have proof of because they have been deleted :ouch:
     
  8. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    I stand/sit corrected, looking at the Total Virus screenshot in the other thread (link above) a lot of scanners do detect these as a threat.
    I also stand by what Marcos says in that no AV in the world detects 100% of all threats.
     
  9. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    NOD32 - v.1.1447 (20060316)
    Virus signature database updates:
    ... Win32/TrojanDropper.VB.LU
     
  10. Ga1tar

    Ga1tar Registered Member

    Joined:
    Apr 11, 2004
    Posts:
    118
    Location:
    U.K
    Despite all the hard work that the AV guys put in too make our machines safe, one should never loose sight of the fact that errors will occur. Do not loose sight of the human factor here, where mistakes are made surely common sense should take over. Looks like we have become too reliant on others instead of always remaining vigilant when online.
     
Thread Status:
Not open for further replies.