old signatures

i know eset are releasing more old signatures at the moment, and today has seen some more added http://www.nod32.ch/en/news/update.php#CurVersion but some of these are like 5 years old(!), eg ethan.bb http://www.sophos.com/virusinfo/analyses/wm97ethanbb.html (added by sophos in 2000).

why are they being added now? i know there was a HUGE update just before the deadline for the av-comparative test, and hopefully that will help gain some ground on kav, etc. but where are these samples coming from that are so old? and why the decision now to include them?

 

The question could be reversed - why AV testers still include such old samples in their tests

 

well to unswer unreversed question (I am sure, Marcos, you'll get some interesting answers from AV testers ): I think the whole "families" of viruses are added, so we can see Ethan from "grand, grand, grand father" to Ethan Junior being added... as with others... I don't mind it.

Regads,
vee

 

I'm sure there are vulnerable machines out there... I just recently found a client's machine running Windows ME with more than 60 updates left to apply... luckily, the ower was a relatively safe surfer, but their grand-children were beginning to open their machine to virtual pastures it wasn't really equipped to safely navigate... I'm sure they would have been FAR from happy to find that their newly purchased NOD32 might have been an open door to some 5 year old virus - but more importantly to me - I might have pronounched the machine "clean" - with significant risk that it was anything but!

 

Adding older viruses it not just for scoring better in tests; it does also mean (and that is the main goal) more security for the user. As an user I would like to be protected against all malware, also the old ones, if my PC gets infected because e.g. I used an old CD where an old virus is I would like that my AV detects it. Also there are still many sites which offers viruses to download and I do not know what other wants to do with them; I feel safer if my AV is able to detect them too, because the 'health' of my PC is important .
This is what someone could say

 

@IBK
thank you for the great explanation, someone ...
-------------------------------------------------

and another update 1.1189... i wonder what is that dot spreading virus... old one or new?

regards,
vee

 

No details as yet, but nod32-es.com has it as an update to existing sigs... so do we:

http://nod32usa.com/nod32-updates/updates/984.html

regards

Greg

 

Yes, there has recently been a new Bagle outbreak - with the same code and different url, and probably repacked (haven't seen a sample of it yet, just heard something). It's been detected by NOD32 as Bagle.BI since the very beginning, however, a signature was added for the repacked sample to the latest update.

 

Hello everybody,

Yesterday evening before sleeping me I had the update 1.1188. But today by waking me and by switching on my PC it has me to rehearse in update 1.1186. Then when I have to click Updates it crossed me in 1.1189.

Is what that is a bug or I dream?

Thank for advance for your response.

Actarus

 

@actarus9999
I think it was a dream ... or a strange bug.

regards,
vee

 

A mysterious dream, I think ......

 

Time Module Event User
09/08/2005 07:39:38 Kernel The virus signature database has been successfully updated to version 1.1189 (2005080.

09/08/2005 07:38:49 Kernel The virus signature database has been successfully updated to version 1.1186 (20050803).

08/08/2005 21:40:28 Kernel The virus signature database has been successfully updated to version 1.1188 (2005080.

Here is what what is marked in the current events thus there made it was not a dream thus I caught myself for nothing.

Actarus

 

What update server do you use? Couldn't it be that you (or some application) reverted certain registry values to older ones?

 

I have used the server www.nod32.com because I have a trial version Marcos.

Good evening

Actarus

 

Ahhhh, but the "update server" is different. Go to NOD32 Control Center --> Update --> Setup --> Location. There is a field with a list of many servers. By default, it says <Choose Automatically>, but if you click the arrow, you can see several different servers that it chooses from, like u1a.eset.com , u3.eset.com , etc.

 

It should be set to Choose automatically unless you update from a local mirror.

 

Marcos I cannot choose of site mirror because I do not know addresses.

The address is marked in Location : www.nod32.com/nod_eval/

Good evening

Actarus

 

Nah ..

 

Try installing a fresh trial version from Eset's website. Before you start installation, uninstall NOD32, reboot the machine and delete the program files/eset folder, just in case.

NOD32 has automatic server selection enabled by default.

 

Ok Marcos. I go installed a fresh version you are reason.

Thank you for all.

Good night

Actarus

 

Hello,

After a fresh version installed, here in my files "Updfiles" :

lastupd.ver 4ko 10/08/2005

nod09AA.nup 13ko 01/08/2005

nod0BDA.nup 53ko 04/08/2005

nod0FF0.nup 381ko 05/08/2005

nod1336.nup 5ko 05/08/2005

nod1555.nup 20ko 01/08/2005

nod1912.nup 1ko 01/08/2005

nod2F31.nup 82ko 10/08/2005

nod445A.nup 2ko 01/08/2005

nod56BE.nup 1ko 01/08/2005

nod6DD0.nup 184ko 01/08/2005

nod7EF2.nup 2885ko 02/08/2005

upd.ver 4ko 10/08/2005


It's normal files or no ?

Please I hope to be clean and without virus.

Have a good day everybody

Actarus

 

It is hard for me to say for sure, because the names of the .nup files are different than mine. This is normal. What you can do is to look at the upd.ver file with Notepad. Inside you will see information about the different modules, including dates, version numbers and the sizes. Do not look at the names, because those are different, but look at the sizes.

If you do not see any error message in the Event Log, but see successful completions, you should be OK.

 

Hi Alglove,

I thank you I have just looked inside the EVENT LOG and it is marked successfully updated for all my definitions of virus thus I think that it is good also. Ouf I was afraid of going back up again the time but there I notice that I advance now I have just passed there is half an hour to the version 1.1191.

Good night.

Actarus