question about nod32 scan

Discussion in 'ESET NOD32 Antivirus' started by airplane, Jun 22, 2011.

Thread Status:
Not open for further replies.
  1. airplane

    airplane Registered Member

    Joined:
    Jun 22, 2011
    Posts:
    2
    I was sent an .exe file recently. I used nod32 scanner to scan and it scanned 7 files, not detecting anything. So I opened the .exe and the real-time protection popped up saying some w32 trojan has been blocked and explorerr.exe has been quarantined. Though it was my fault that I should of have known better not to open random .exes, but I'm really confused on why it didn't detect anything during the scan but is able to do so after I opened the file.
     
  2. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
    Many .exe files are compressed for file size. When compressed, the scanner will not be able to see all the components of the file. Once extracted, the scanner can then view all files and processes within the .exe file and locate any malware that may be present. This may explain why the scanner did not detect anything on the initial scan but did pick up the trojan present once the .exe was extracted.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It could have been simply a dropper which dropped files recognized by ESET. The question is whether the exe file did also something else besides dropping the file that was detected or not. If not your computer should be perfectly clean. To make sure, I'd suggest submitting the exe file along with a SysInspector log to ESET for perusal.
     
  4. airplane

    airplane Registered Member

    Joined:
    Jun 22, 2011
    Posts:
    2
    Thanks for the reply guys.

    To mack - I was thinking originally that it might not have scanned all files, but it did report back 7 files scanned - showing some degree of extraction. Maybe it didn't dig deep enough into the file?

    To Marcos - that's very possible. Is there a way then to detect these dropper programs, or do I just have to be more careful next time? Unfortunately I don't have the original program anymore - reinstalled the entire system.
     
  5. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Maybe the dropper has not performed malicious actions, thats may explain the no detection of the file
     
Thread Status:
Not open for further replies.