Security Shield

Discussion in 'ESET NOD32 Antivirus' started by beethoven, Jun 14, 2012.

Thread Status:
Not open for further replies.
  1. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Does NOD protect against Security Shield fake AV Virus and if so, where could I check that? Is there a list of detected threats?
     
  2. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    the update log is here
    Security shield is in the list.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    ESET is very good at detecting rogue AVs proactively and reacts immediately to newly emerging variants.
     
  4. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    thanks for the link - I had forgotten where to find it.

    As for the inclusion, that's what I had expected. What I don't understand is that this morning on one of the pc, the fake shield popped up without NOD getting active. When I ran a scan, it immediately alerted to the malware in operating memory and cleaned it by deleting.

    Now in this case it was bloody obvious that something is wrong, so my colleague called me but without the fake shield appearing, what would have happened? Was this not yet active despite showing up?
     
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  6. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    thanks Siljaline,

    I actually used SuperAntispyware (showing only cookies and 1 FP) and mbam first without result but it was Nod that actually picked up the item in memory when I initiated a scan and cleaned it. What baffles me though is that I had to start a scan to get action when the malware obviously had somehow been downloaded by the user. Why did the real-time protection from NOD (my resident AV) not kick in when that happened?
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Because real-time protection doesn't perform memory scans. Memory is scanned during startup scans which are run upon a computer startup and after an update as well as during on-demand scans. I'd bet the file is now detected by all protection modules as well.
     
  8. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Ok - Let me see if I understand this now and please correct me if I am wrong:

    The person logged on that morning and his system was clean as the start-up scan did not alert. He then opened his email and possibly went surfing and either way caught this virus. The virus appeared on the screen and a that stage only was in memory.

    Did it do anything at that point?

    My colleague noticed the fake alert and called me and we disconnected the pc and cleaned it. NOD's scan deleted the item from memory and further scans have not shown up anything.

    Is it likely that the pc is clean now? At what point would the malware have installed more deeply? Would that have happened if the colleague had clicked on one of the options (Remove all threats now / continue unprotected). If he had done so, would the real-time protection of NOD have kicked in?
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I don't think that rogue AVs carry out dangerous actions. Many of them even don't register in the run keys and merely create a shortcut on the desktop and wait until the user clicks on it. Even then they only display some fancy gui with misleading warnings or errors.
     
Thread Status:
Not open for further replies.