simple homepage hijacker missed by NOD

Discussion in 'ESET NOD32 Antivirus' started by vtol, Mar 9, 2011.

Thread Status:
Not open for further replies.
  1. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    that is a simple one an should be caught by NOD... ...but does not. fortunately it is only a homepage hijacker for web browsers

    File Name : stPage.exe
    File Size : 16384 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : 5096414628facf862e974dddbd5f8ea9
    SHA1 : 287a451ec965eb4e6cd982c57e67e959ae437f2f

    all this shiny new interface for v5 does not help if the detection keeps going down the drain. and cloud does not help with it when being offline. please get the core to improve on the detection rate!
     
  2. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,737
    Location:
    New York City
  3. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    I am well aware of how to submit samples - please do not just rush a post for the sake of posting
     
  4. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,737
    Location:
    New York City
    Drop the attitude. I was only trying to help. What's the point of your original post if you don't want Eset to fix it? The purpose of this forum is to receive help with a problem.
     
  5. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    no attitude here. and I clearly mentioned "please get the core to improve on the detection rate!". as NOD missed such simple malware, which is known in the cloud (a.k.a. public virus detection tools) since a while and could have been picked up.
    hence it is not problem with the software but the efficiency, which is not going to improve with sample submission.

    there is concern that the surface is getting polished for v5 to achieve a better marketing but the core keeps falling behind in detection, as it has been since v4. this simple malware being missed is just another indicator.

    perhaps on another occasion I should also mention that I am literate and know how to make use of the forum search feature...
     
  6. ESS474

    ESS474 Registered Member

    Joined:
    Jan 13, 2010
    Posts:
    201
    Location:
    S?o Paulo (Brazil)
    I used ESET by long time but after see version 5 i decided for change for Avira. ESET is light but never innovates in nothing, then no wait version 5 for resolve all problems with malware why no will.
     
  7. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,737
    Location:
    New York City
    To be fair, you should also point out malware that Eset catches that no one else does.
     
  8. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    that is the job it is being paid for
     
  9. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,737
    Location:
    New York City
    Last edited: Mar 9, 2011
  10. yongsua

    yongsua Registered Member

    Joined:
    Feb 9, 2011
    Posts:
    474
    Location:
    Malaysia
    So sorry to hear about your issue but no AVs can detect all the malware.Besides,all AVs have their own PROS and CONS and may you able to mention one perfect av vendor to me?No.Cause non of them are perfect and they are still far from perfect too.I think you should submit the sample to ESET Lab.Your submission will kindly appreciated.Thanks.
     
    Last edited: Mar 10, 2011
  11. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    I guess, Eset NOD lab is doing its best to provide subscribers the best protection that it can offer... but it is not God...mind you, even angels could not protect us all the way from all evils in the world. So the best that we can do is to have several layers of multiple protections.

    Eset lab especializes in detecting viruses and your problem mentioned here are something like spyware related, so you know what I mean. Isn't it? :cool:

    And by the way, do you already have the link of that shiny v5?
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I don't understand this frustration, especially if it's a trivial startpage VB malware that has been submitted by 3 people (including 1 AV company) from all around the world. Having stronger heuristics for StartPage malware might result in high FP ratio as it is nothing unusual that even legit sw contains code for changing the home page and offers the user to set it by enabling the appropriate option / check box.
    Anyways, a detection for this particular file will be added to the next update.
     
  13. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    don't think there is anything silly pointing to failing parts of a product you bought, one would perhaps do so for a car or facility alarm system, whatever test results being published about that particular product. if you do not the vendor would see no reason to improve the product and the consumer will have to live with the problem forever.

    from my perspective it would be silly to sit tight and be happy that a product is failing.
     
  14. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    https://www.wilderssecurity.com/showthread.php?t=294574

    and I do not know what you mean - NOD is not supposed to deal with spyware but viruses only? well, that is being promoted as the products key benefits:
    sounds like you are user who is 100% satisfied with the product. I am not, I prefer it to evolve and provide a better protection - as obviously the other side is faster, more flexible and more creative in developing threats
     
  15. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    is not frustration, is being shocked that such simple piece of code was not detected. startpage hijackers are common since the early days and a possible high FP is kind of lame. but pointed in the right direction - it does not ask by showing option / check box to change the homepage and that separates it from a legit apps.

    however the point is not it being a homepage hijacker, it is the simplicity of the code slipping by NOD.
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It is obvious that there are and will always be certain threats that slip through antivirus protection no matter if heuristics, HIPS, behavior blocker, cloud, etc. is used and continually being improved. This concerns any AV vendor, be it ESET, Microsoft, Kaspersky, Antivir, Avast, Malwarebytes, etc. (even the sample in question was missed by other famous AV vendors).
    Every AV vedor strives for providing as best protection as possible and minimizing the gap between a new malware variant is created and detection / recognition is added.

    If one finds a new piece of potential malware, we strongly recommend submitting it to ESET per the instructions here. If a malicious nature of the file is confirmed, detection should be added to the next update. Not every suspicious file poses a (high) risk; one should take into account the prevalence (this particular sample was submitted only by 3 people worldwide), the triviality of the sample (e.g. if batch files, autorun.inf or simple scripts are used that can be used in a very similar way by legit applications which prevents vendors from making generic detections without producing more-less serious FPs) and, the last but not the least, the functionality of the sample (even payload downloaded by malware can be corrupted and non-functional or the sample could be a junk data/config file used by malware).
     
  17. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    As I wrote, a detection was added and will be included in the upcoming update. It is not possible to generically detect every application that changes the home page in prefs.js, in such case we'd detect Firefox as well.
     
  18. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
    Are you serious? You base such a decision on screenshots of a beta product that's not even been released?
     
  19. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    I could spend all day, every day, at every Anti-Virus forum, complaining about the hundreds of samples that they miss. Many of the samples having only the slightest modification made to them, to break the majority of signatures, both specific and generic.

    But that would be a futile waste of time and not tell the AV companies anything that they already don't know.

    The days of an AV detecting and protecting a PC from almost everything are long gone.
     
  20. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    point being - do not use AV as it cannot protect?
     
  21. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    I didn't say that I'm 100% satisfied with NOD32 but in my experience it could always detects something that others coudn't.

    I understand your concern and by what you mean, but I could not solely rely on an Anti-virus program that promises to detects every malwares in cyberspace, especially spywares. Even after running the on-demand antivirus scanner/s my Antispyware scanners will always detects spywares or something that an antivirus misses.
     
  22. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'd say - use security software to minimize the risk of getting infected. One will never reduce the risk to absolute zero under any circumstances.
     
  23. ESS474

    ESS474 Registered Member

    Joined:
    Jan 13, 2010
    Posts:
    201
    Location:
    S?o Paulo (Brazil)
    No need for test for see "What is nothing new in version 5" (Parental Control/HIPS and Cloud). The big useless Parental Control, HIPS is a old feature in world and i no need it, Cloud only works with internet connection, the result no will be different of some others products or you think ESET will be agressive now? ESET will always works for 0% of false positives and with it will missed a lot of malwares as you can see in this thread.
     
  24. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    791
    Location:
    India
    Before seeing how HIPS/Behavior blocker is implemented. Making decisions about the product may not lead to correct choice IMO...

    b/W HIPS is very good and Effective solution to fight with zero day viruses provided if its implemented in a intelligent way to reduce unnecessary pop-ups.
     
  25. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Just curious as to when you last used Eset?
     
Thread Status:
Not open for further replies.