Question about virus updates

Discussion in 'ESET NOD32 Antivirus' started by Missileman, Feb 27, 2008.

Thread Status:
Not open for further replies.
  1. Missileman

    Missileman Registered Member

    Joined:
    Jan 12, 2008
    Posts:
    11
    First let me say I'm not a troll and have no intention of starting a war, but i am now very concerned.

    I received a Bank of America phish last week. I wasn't busy so I decided to see how much trouble I could give them while having the phish site taken down. I had the site down in about one hour so it was a success, but here's the issue. They were trying to have people download a new "security certificate" for their banking. I downloaded the file and scanned it. NOD32 V3 or 2.7 both reported it clean. I upload the file to VirusTotal and only 3 saw it but all showed it new and unknown. I then right clicked it and submitted it to Eset. I also went to CastleCops and used their list to submit the sample to all the AV companies. I received a lot of replies. The big K AV came back in 10 minutes confirming a rootkit/trojan info stealer and the update was in place. The next morning I had several more confirmations. Nothing from Eset. I keep getting several updates a day from NOD, but it still scans the file and says it is clean.

    Here's the real problem. It has been over a week and it still scans the file and reports it as clean. I resubmitted/rescanned it today at TotalVirus and now 26/32 show it as a Rootkit/Trojan. NOD still shows it as clean. I realize the lab is busy and I'm sure they are working hard, but it has been over a week. Obviously this is a real trojan and not a false positive. I am concerned about this as my confidence in my protection is now gone. I have been a confident NOD32 user for many years, but now I am starting to research other AV alternatives. I feel this is far to long to not get a detection of a real threat by Eset. With my confidence gone I am feeling very shaky surfing the net now even though V3 is looking very good with this last patch/download.

    Am I wrong in my thinking? Should I be this concerned. I am an "avid" anti spam/exploit person and research and report every spam/exploit that I receive. I always felt fairly safe roaming the seedier side of the net, but now I'm fearful. I use a sandbox and take all the precautions to prevent a problem, but this issue has really shaken me.

    Somebody boost my confidence back up.
     
  2. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    4,799
    Location:
    New York City
    Did you follow the instructions from Eset's website?:
    Also see:
    https://www.wilderssecurity.com/showpost.php?p=860087
     
    Last edited: Feb 27, 2008
  3. Missileman

    Missileman Registered Member

    Joined:
    Jan 12, 2008
    Posts:
    11
    Actually I did the zip password. with text background file. (That has become the standard way mostly). I also did a right click > advanced > submit with backgound notes and contact email (twice). I also submitted it through VirusTotal as well. They surely got the file more then once.

    Still no reponse - no detect.

    I just rescanned with latest updates - no detection. I also did another Right Click submission.

    I'll wait and see, as no system is perfect and things fall through the cracks. It's just that this crack is turning into a chasm. I still think NOD32 is a good AV. No AVs are perfect so it becomes a matter of personal trust in your chosen AVs abilities.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    Please PM me your email address so that I can check the samples mailbox and track it down.
     
  5. Missileman

    Missileman Registered Member

    Joined:
    Jan 12, 2008
    Posts:
    11
    PM sent as requested
     
  6. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,535
    Location:
    Sweden
    Worrying indeed...
     
  7. Missileman

    Missileman Registered Member

    Joined:
    Jan 12, 2008
    Posts:
    11
    After resending the file yesterday (to the same addresses as the first times) the file is being detected as a rootkit this morning. I don't know where the breakdown happened, but it did. Things like this I guess are bound to happen when dealing with the huge number of suspicious files they get everyday.

    Thanks Marcos for following up on this.
     
  8. viruscraft

    viruscraft Registered Member

    Joined:
    Sep 22, 2007
    Posts:
    114
    It is always a problem.

    It has happened for many times that I use ThreatSense.Net to send a unknow virus detected by nod32 as NewHeur_PE to ESET but no responses.

    It has happened for many times that I use ThreatSense.Net to send a infected files came from my computer to ESET but no responses.

    Sometime I even doubt if the ThreatSense.Net really works.
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    ThreatSense.NET mainly provides statistical information that helps us react quickly to fast spreading malware. NewHeur_PE samples are of low importance as the user is already protected against threats detected heuristically. Only in case it's a false positive we fix it promptly.
     
  10. viruscraft

    viruscraft Registered Member

    Joined:
    Sep 22, 2007
    Posts:
    114
    Thanks Marcos!

    I know you treat the sample according to its' risk level.
    But NOD32 need a signature in order to clean (not delete) the file infected by NewHeur_PE in the case of it can be clean.
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    If it's actually a file infecting virus, then yes, we'd need to receive a couple of such infected files so that we know more precisly how the virus alters files.
     
  12. viruscraft

    viruscraft Registered Member

    Joined:
    Sep 22, 2007
    Posts:
    114
    Thanks again,mate:)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.