Question about virus updates

First let me say I'm not a troll and have no intention of starting a war, but i am now very concerned.

I received a Bank of America phish last week. I wasn't busy so I decided to see how much trouble I could give them while having the phish site taken down. I had the site down in about one hour so it was a success, but here's the issue. They were trying to have people download a new "security certificate" for their banking. I downloaded the file and scanned it. NOD32 V3 or 2.7 both reported it clean. I upload the file to VirusTotal and only 3 saw it but all showed it new and unknown. I then right clicked it and submitted it to Eset. I also went to CastleCops and used their list to submit the sample to all the AV companies. I received a lot of replies. The big K AV came back in 10 minutes confirming a rootkit/trojan info stealer and the update was in place. The next morning I had several more confirmations. Nothing from Eset. I keep getting several updates a day from NOD, but it still scans the file and says it is clean.

Here's the real problem. It has been over a week and it still scans the file and reports it as clean. I resubmitted/rescanned it today at TotalVirus and now 26/32 show it as a Rootkit/Trojan. NOD still shows it as clean. I realize the lab is busy and I'm sure they are working hard, but it has been over a week. Obviously this is a real trojan and not a false positive. I am concerned about this as my confidence in my protection is now gone. I have been a confident NOD32 user for many years, but now I am starting to research other AV alternatives. I feel this is far to long to not get a detection of a real threat by Eset. With my confidence gone I am feeling very shaky surfing the net now even though V3 is looking very good with this last patch/download.

Am I wrong in my thinking? Should I be this concerned. I am an "avid" anti spam/exploit person and research and report every spam/exploit that I receive. I always felt fairly safe roaming the seedier side of the net, but now I'm fearful. I use a sandbox and take all the precautions to prevent a problem, but this issue has really shaken me.

Somebody boost my confidence back up.

 

Did you follow the instructions from Eset's website?:

Also see:
https://www.wilderssecurity.com/showpost.php?p=860087

 

Actually I did the zip password. with text background file. (That has become the standard way mostly). I also did a right click > advanced > submit with backgound notes and contact email (twice). I also submitted it through VirusTotal as well. They surely got the file more then once.

Still no reponse - no detect.

I just rescanned with latest updates - no detection. I also did another Right Click submission.

I'll wait and see, as no system is perfect and things fall through the cracks. It's just that this crack is turning into a chasm. I still think NOD32 is a good AV. No AVs are perfect so it becomes a matter of personal trust in your chosen AVs abilities.

 

Please PM me your email address so that I can check the samples mailbox and track it down.

 

PM sent as requested

 

Worrying indeed...

 

After resending the file yesterday (to the same addresses as the first times) the file is being detected as a rootkit this morning. I don't know where the breakdown happened, but it did. Things like this I guess are bound to happen when dealing with the huge number of suspicious files they get everyday.

Thanks Marcos for following up on this.

 

It is always a problem.

It has happened for many times that I use ThreatSense.Net to send a unknow virus detected by nod32 as NewHeur_PE to ESET but no responses.

It has happened for many times that I use ThreatSense.Net to send a infected files came from my computer to ESET but no responses.

Sometime I even doubt if the ThreatSense.Net really works.

 

ThreatSense.NET mainly provides statistical information that helps us react quickly to fast spreading malware. NewHeur_PE samples are of low importance as the user is already protected against threats detected heuristically. Only in case it's a false positive we fix it promptly.

 

Thanks Marcos!

I know you treat the sample according to its' risk level.
But NOD32 need a signature in order to clean (not delete) the file infected by NewHeur_PE in the case of it can be clean.

 

If it's actually a file infecting virus, then yes, we'd need to receive a couple of such infected files so that we know more precisly how the virus alters files.

 

Thanks again,mate