some threats

Discussion in 'ESET NOD32 Antivirus' started by aerialrave, Jul 12, 2009.

Thread Status:
Not open for further replies.
  1. aerialrave

    aerialrave Registered Member

    Joined:
    Jul 2, 2009
    Posts:
    31
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    You have malware on the machine you need to get rid of?
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It sounds like Avira detected some crack. But are cracks supposed to be detected by all antivirus programs?

    HackAV is most likely a crack for an AV, these are detected as unwanted applications. The obfuscated Autoit scripts are likely to be part of the AV crack.
     
  4. aerialrave

    aerialrave Registered Member

    Joined:
    Jul 2, 2009
    Posts:
    31
    I scan my machine using MBAM and SAS Free full system scan btw, no threats like the crack. I'm wondering why NOD didn't detect that. So sad about that.

    But NOD32 detected the temp AVscan I got my nod32 here from eset.com and
    that avira is from their site. I also apply full scan using my nod32 v.3

    any opinions? :C
     
  5. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA
    Good question...Although, you didn't provide an answer to it.

    Let me give you an example: there is a “crack” of a well known program called WinRar v.3.80 floating around on the Net. An analysis of this file at “Virus Total” site reveals it contains a Trojan Horse [as per Norton and McAfee]. However, other AV's [Including ESET NOD32] don't detect anything malicious on it.

    Here comes my question: How come NOD32 wouldn't detect this so called Trojan Horse within the .zip or .rar archive that other AV's catch?


    P.S.: A friend of mine who happens to be testing NOD32 v.4 with the purpose of deciding whether to purchase it or not came up with that question for me.

    Regards,

    Carlos
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I wasn't talking about cracks that are actually malicious. Antivir detected the file in question as "TR/Crack.U" which implies that it could be just a crack that doesn't do anything malicious. As usual, it's imporant to email such files to samples[at]eset.com so that we can check it and tell for sure if it's safe to run it.
     
  7. aerialrave

    aerialrave Registered Member

    Joined:
    Jul 2, 2009
    Posts:
    31
    I run a full scan again and nod32 didn't detect that again. :c


    That's also my question :C


    I can't email it to eset coz my pc got poof. :c I was really wondering why nod32 didn't detect that one. as long as the v.4.0.437 :(
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Unless you email the files to samples[at]eset.com, we cannot analyse them and check if they are just benign cracks or some malware. From the detection name I assume it's the former, but cannot confirm or deny it without getting the files. Therefore the question why it was not detected is irrelevant as the answer could be "because there's nothing malicious to detect".
     
  9. Nerimash

    Nerimash Registered Member

    Joined:
    Apr 14, 2009
    Posts:
    86
    Location:
    Ukraine
    Hi, aerialrave. As Marcos have said before, Many AV detects non-malicious cracks as a potentially unwanted software (e.g HackTool, Riskware, etc), you should learn about How do I configure my ESET security product to detect unwanted or unsafe applications? in our ESET Knowledge base.
     
  10. aerialrave

    aerialrave Registered Member

    Joined:
    Jul 2, 2009
    Posts:
    31
    @Marcos and Nerimash

    I already do that sir's. =(

    K ill try to email it Marcos, when pc got fixed. because right now it's broken.
     
  11. aerialrave

    aerialrave Registered Member

    Joined:
    Jul 2, 2009
    Posts:
    31
    @Marcos

    How can I send that one to eset?
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Compress the files to a zip/rar archive, protect it with the password "infected" and email it to samples[at]eset.com with this thread's url in the subject.
     
  13. aerialrave

    aerialrave Registered Member

    Joined:
    Jul 2, 2009
    Posts:
    31
    @marcos

    I can't upload it in yahoo, because they can only accept 10mb files
     
Thread Status:
Not open for further replies.