Nod32 Unable to detetect this spyware

Discussion in 'NOD32 version 2 Forum' started by matthew_eli, Nov 24, 2005.

Thread Status:
Not open for further replies.
  1. matthew_eli

    matthew_eli Registered Member

    Joined:
    Nov 24, 2005
    Posts:
    4
    Hi, i'm italian and i'm using NOD32 antivirus: i've a problem: i've download a self-extracting archive and i scan this file with NOD32, but it detects anything.

    My question is why?

    And i've another question: why nod32 doesn't detect the virus contained in my thunderbird inbox that Kaspersky detects as "Win32.Bagle.eb"?

    sorry for my english...;-)
     

    Attached Files:

  2. Urn

    Urn Guest

    No AV is perfect, and no av will detect 100% of all malwares... thats why :)

    You should submit the files to eset: samples@eset.com
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'll check it tomorrow, maybe it's corrupted and non-functional as this TD is normally detected generically.
     
  4. matthew_eli

    matthew_eli Registered Member

    Joined:
    Nov 24, 2005
    Posts:
    4
    Thanks for the reply, i've submitted the file(run.exe 66Kb) and i post the image of the scan of the thunderbird's mail backup: NOD32 doesn't manage to find the Win32.Bagle.eb that Kaspersky find(i made an on-line scan). NOD32 seems to not manage to reach the last level of the archive (.pcv is a simple zip renamed by mozbackup). Kaspersky scan a total of 288 file, NOD32 only 72, why?

    I scan all file extensions

    thanks
     

    Attached Files:

    • scan.jpg
      scan.jpg
      File size:
      133.8 KB
      Views:
      20
  5. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    There's no reason to detect malware within a mailbox file. The malware can be dangerous when you try to run the file.
    IMON will detect the malware before it reach your mail inbox. Maybe you're using an account that use SSL and that's the reason IMON didn't detected it.
    Anyway, if you try to run de worm, AMON will detect this and your system will not be infected.

     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    NOD32 has detected all Bagle variants heuristically. Only Outlook Express' dbx files and MS Outlook's pst files can be scanned on demand.
     
    Last edited: Nov 25, 2005
  7. matthew_eli

    matthew_eli Registered Member

    Joined:
    Nov 24, 2005
    Posts:
    4
    Ok, thanks for the reply!:rolleyes:
     
  8. matthew_eli

    matthew_eli Registered Member

    Joined:
    Nov 24, 2005
    Posts:
    4
    I see that the build 1.1305 detects the virus in run.exe file: thanks eset for the good job!
     
  9. WaterDoor

    WaterDoor Guest

    Kaspersky Online File Scanner detected 'Trojan.Win32.StartPage.afb' in a patch executable but NOD32 did not react to it.

    NOD32 v2.5 (1.1305)

    Have submitted the file to Eset for analysis...
     
  10. WaterDoor

    WaterDoor Guest

    Eset have added 'Win32/StartPage.ABP' trojan to the virus signature database: 1.1307 [20051128]

    Fast work!
     
Thread Status:
Not open for further replies.