Personal Antivirus

Discussion in 'ESET NOD32 Antivirus' started by tokatee, Jul 29, 2009.

Thread Status:
Not open for further replies.
  1. tokatee

    tokatee Registered Member

    Joined:
    Mar 5, 2009
    Posts:
    10
    Location:
    Holstebro, Denmark
    I was surfing on a networked computer downtown yesterday and ran across a site that was just bad. I went home and intention visited the site to see what would happen. I was hit by the Scareware program Personal Antivirus, and it installed 3 trojans. I was just curious, nothing more. It was a breeze to clean up with Malwarebyte's Anti Malware. I reported the site(s) in question to McAfee's SiteAdvisor, and in less than 12 hours the site(s) were no longer accessible online. Thanks McAfee...

    Some very big concerns are at question here...like why did my NOD32 v4 fail to detect one of the most well known Scareware programs in the entire world? And why did I pay for NOD32 v4 in the first place? I really don't need an AV program if it fails to do the job.
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    did you report the site to Eset too? Was the networked computer affected by this bad site? If not why not? What version Nod32 and what definitions? You pay for the AV to protect to the best of its abilities but not against everything and anything that is out there
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    There's no security solution that would protect you against every single threat. Neither blocking urls would help as a lot of malware exploits the Fast Flux mechanism. Relying on tools aimed at infection removal rather than on detection of not yet running malware is not a good idea either.

    Personal AV is one of the infamous rogue AVs that are modified very frequently and tested against detection before they are released by their authors. Even though detection is usually added quickly, you shouldn't rely solely on the AV and expect it to catch everything. Here are some hints that might help you avoid getting infected in the future:

    1, do not use an administrator account for daily tasks, especially for browing the Internet (on Vista, keep UAC on)
    2, keep your antivirus and operating system up to date
    3, use a sandbox tool when browsing the Internet
    4, do not visit suspicious sites nor run suspicious files
    5, download software only from trusted sites

    If you come across a suspicious file or site, submit / report it to ESET by emailing it to samples[at]eset.com. For instructions about submitting files, read this KB article.
     
  4. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    We have clients being slammed by this several times a week...MalwareBytes always cleans it up very nicely.
     
  5. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Cleaned my sister-in-law's laptop of Personal AntiVirus with Malwarebytes.
    MBAM had no problems finding or cleaning that crap up.
     
  6. kinwolf

    kinwolf Registered Member

    Joined:
    Oct 19, 2006
    Posts:
    271
    That scareware has a notoriously low detection rate among all AV vendor. I don't know why though.
     
  7. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    This is alarming. PAV has been around for what now..over 6 months? 9 months? It creates the same entries in the registry...and even easier to detect..creates the same program installation folder in C:\Programs and Files.

    It's an easy one to clean up...for over 6 months now I can do it by hand..by memory. If a person can do it..errrmmm....and MalwareBytes has been mopping it up with no problems for many months now, why can't an AV?

    We has 2x more calls yesterday about it slipping past NOD on clients..and I just received 1x more this morning..slipped past NOD.
     
  8. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Personal Antivirus is an example of a rogue AV program that is frequently modified to evade detection. As we see, new versions are usually detected by not more than 2-3 AVs.
     
  10. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Agreed, if a Removal Guide is required, then it's 100% Rogue
     
  11. Edward_Stream

    Edward_Stream Registered Member

    Joined:
    Jul 28, 2009
    Posts:
    18
    what will it be the best solution for a personal anti virus. i mean is there one with a great balance of low resources consuption but with hig rate of detection?
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Since the author seems to test the application until it's undetected by almost all AV programs and then releases it, I'm not sure you'll find such an AV. It's easier to detect it using certain mechanisms when it has already installed on a computer and that's when certain programs are able to find infection on the system whilst most AVs still cannot. On the other hand, these programs likely don't provide as good proactive protection against viruses and other threats as antivirus programs do.
     
  13. Edward_Stream

    Edward_Stream Registered Member

    Joined:
    Jul 28, 2009
    Posts:
    18
    i used the last version of eset and it all seemed to be ok. i mean all was working fine. why when i instaled another av it appeard that i had viruses. does eset have o problem with detection?
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    No AV detects 100% of all threats. What one detects, the others may miss and vice-versa. You'd better submit any undetected suspicious files in a password protected archive to samples[at]eset.com to exclude the possibility of the file being false positive.
     
Thread Status:
Not open for further replies.