old signatures

Discussion in 'NOD32 version 2 Forum' started by yeah but, Aug 8, 2005.

Thread Status:
Not open for further replies.
  1. yeah but

    yeah but Guest

    i know eset are releasing more old signatures at the moment, and today has seen some more added http://www.nod32.ch/en/news/update.php#CurVersion but some of these are like 5 years old(!), eg ethan.bb http://www.sophos.com/virusinfo/analyses/wm97ethanbb.html (added by sophos in 2000).

    why are they being added now? i know there was a HUGE update just before the deadline for the av-comparative test, and hopefully that will help gain some ground on kav, etc. but where are these samples coming from that are so old? and why the decision now to include them?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The question could be reversed - why AV testers still include such old samples in their tests :)
     
  3. vee

    vee Registered Member

    Joined:
    May 29, 2005
    Posts:
    34
    Location:
    Zagreb, HR
    well to unswer unreversed question (I am sure, Marcos, you'll get some interesting answers from AV testers ;)): I think the whole "families" of viruses are added, so we can see Ethan from "grand, grand, grand father" to Ethan Junior being added... as with others... I don't mind it.

    Regads,
    vee
     
  4. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    I'm sure there are vulnerable machines out there... I just recently found a client's machine running Windows ME with more than 60 updates left to apply... luckily, the ower was a relatively safe surfer, but their grand-children were beginning to open their machine to virtual pastures it wasn't really equipped to safely navigate... I'm sure they would have been FAR from happy to find that their newly purchased NOD32 might have been an open door to some 5 year old virus - but more importantly to me - I might have pronounched the machine "clean" - with significant risk that it was anything but!
     
  5. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,818
    Location:
    Innsbruck (Austria)
    Adding older viruses it not just for scoring better in tests; it does also mean (and that is the main goal) more security for the user. As an user I would like to be protected against all malware, also the old ones, if my PC gets infected because e.g. I used an old CD where an old virus is I would like that my AV detects it. Also there are still many sites which offers viruses to download and I do not know what other wants to do with them; I feel safer if my AV is able to detect them too, because the 'health' of my PC is important :D .
    This is what someone could say :p
     
  6. vee

    vee Registered Member

    Joined:
    May 29, 2005
    Posts:
    34
    Location:
    Zagreb, HR
    @IBK
    thank you for the great explanation, someone :p...
    -------------------------------------------------

    and another update 1.1189... i wonder what is that dot spreading virus... old one or new? ;)

    regards,
    vee
     

    Attached Files:

    • 1189.JPG
      1189.JPG
      File size:
      12.5 KB
      Views:
      305
  7. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    No details as yet, but nod32-es.com has it as an update to existing sigs... so do we:

    http://nod32usa.com/nod32-updates/updates/984.html

    regards

    Greg
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Yes, there has recently been a new Bagle outbreak - with the same code and different url, and probably repacked (haven't seen a sample of it yet, just heard something). It's been detected by NOD32 as Bagle.BI since the very beginning, however, a signature was added for the repacked sample to the latest update.
     
  9. actarus9999

    actarus9999 Registered Member

    Joined:
    Aug 4, 2005
    Posts:
    53
    Hello everybody,

    Yesterday evening before sleeping me I had the update 1.1188. But today by waking me and by switching on my PC it has me to rehearse in update 1.1186. Then when I have to click Updates it crossed me in 1.1189.

    Is what that is a bug or I dream?

    Thank for advance for your response.

    Actarus
     
  10. vee

    vee Registered Member

    Joined:
    May 29, 2005
    Posts:
    34
    Location:
    Zagreb, HR
    @actarus9999
    I think it was a dream :)... or a strange bug.

    regards,
    vee
     
  11. wangk0998

    wangk0998 Registered Member

    Joined:
    Oct 23, 2004
    Posts:
    20

    A mysterious dream, I think ...... :D
     
  12. actarus9999

    actarus9999 Registered Member

    Joined:
    Aug 4, 2005
    Posts:
    53
    Time Module Event User
    09/08/2005 07:39:38 Kernel The virus signature database has been successfully updated to version 1.1189 (2005080:cool:.

    09/08/2005 07:38:49 Kernel The virus signature database has been successfully updated to version 1.1186 (20050803).

    08/08/2005 21:40:28 Kernel The virus signature database has been successfully updated to version 1.1188 (2005080:cool:.

    Here is what what is marked in the current events thus there made it was not a dream thus I caught myself for nothing.

    Actarus
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    What update server do you use? Couldn't it be that you (or some application) reverted certain registry values to older ones?
     
  14. actarus9999

    actarus9999 Registered Member

    Joined:
    Aug 4, 2005
    Posts:
    53
    I have used the server www.nod32.com because I have a trial version Marcos.

    Good evening

    Actarus
     
  15. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Ahhhh, but the "update server" is different. Go to NOD32 Control Center --> Update --> Setup --> Location. There is a field with a list of many servers. By default, it says <Choose Automatically>, but if you click the arrow, you can see several different servers that it chooses from, like u1a.eset.com , u3.eset.com , etc.
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It should be set to Choose automatically unless you update from a local mirror.
     
  17. actarus9999

    actarus9999 Registered Member

    Joined:
    Aug 4, 2005
    Posts:
    53
    Marcos I cannot choose of site mirror because I do not know addresses.

    The address is marked in Location : www.nod32.com/nod_eval/

    Good evening

    Actarus
     
  18. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Nah .. :)
     
    Last edited: Aug 9, 2005
  19. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Try installing a fresh trial version from Eset's website. Before you start installation, uninstall NOD32, reboot the machine and delete the program files/eset folder, just in case.

    NOD32 has automatic server selection enabled by default.
     
  20. actarus9999

    actarus9999 Registered Member

    Joined:
    Aug 4, 2005
    Posts:
    53
    Ok Marcos. I go installed a fresh version you are reason.

    Thank you for all.

    Good night

    Actarus
     
  21. actarus9999

    actarus9999 Registered Member

    Joined:
    Aug 4, 2005
    Posts:
    53
    Hello,

    After a fresh version installed, here in my files "Updfiles" :

    lastupd.ver 4ko 10/08/2005

    nod09AA.nup 13ko 01/08/2005

    nod0BDA.nup 53ko 04/08/2005

    nod0FF0.nup 381ko 05/08/2005

    nod1336.nup 5ko 05/08/2005

    nod1555.nup 20ko 01/08/2005

    nod1912.nup 1ko 01/08/2005

    nod2F31.nup 82ko 10/08/2005

    nod445A.nup 2ko 01/08/2005

    nod56BE.nup 1ko 01/08/2005

    nod6DD0.nup 184ko 01/08/2005

    nod7EF2.nup 2885ko 02/08/2005

    upd.ver 4ko 10/08/2005


    It's normal files or no ?

    Please I hope to be clean and without virus.

    Have a good day everybody

    Actarus
     
  22. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    It is hard for me to say for sure, because the names of the .nup files are different than mine. This is normal. What you can do is to look at the upd.ver file with Notepad. Inside you will see information about the different modules, including dates, version numbers and the sizes. Do not look at the names, because those are different, but look at the sizes.

    If you do not see any error message in the Event Log, but see successful completions, you should be OK.
     
  23. actarus9999

    actarus9999 Registered Member

    Joined:
    Aug 4, 2005
    Posts:
    53
    Hi Alglove,

    I thank you I have just looked inside the EVENT LOG and it is marked successfully updated for all my definitions of virus thus I think that it is good also. Ouf I was afraid of going back up again the time but there I notice that I advance now I have just passed there is half an hour to the version 1.1191.

    Good night.

    Actarus
     
Thread Status:
Not open for further replies.