spyware detection still not on par with Superantispyware

Discussion in 'ESET NOD32 Antivirus v4 Beta Forum' started by ashrack, Jan 9, 2009.

Thread Status:
Not open for further replies.
  1. ashrack

    ashrack Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    55
    I am looking for a program that is good at spyware as with viruses.
    Nod32 V2 was total crap when it came to detecting spyware.

    Anyways, I ran a check with Superantispyware which found the following infections:
    Code:
    Adware.Vundo Variant
    	HKU\S-1-5-21-1078081533-2146820089-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1841F12A-8989-48B9-935C-1AD2D8FE705B}
    
    Adware.Tracking Cookie
    	C:\Documents and Settings\asd\Cookies\asd@atwola[1].txt
    
    Rogue.Component/Trace
    	HKLM\Software\Microsoft\2845D40C
    	HKLM\Software\Microsoft\2845D40C#2845d40c
    	HKLM\Software\Microsoft\2845D40C#Version
    	HKLM\Software\Microsoft\2845D40C#2845798c
    	HKLM\Software\Microsoft\2845D40C#28451069
    
    Trojan.Fake-Alert/Trace
    	HKU\S-1-5-21-1078081533-2146820089-682003330-1004\SOFTWARE\Microsoft\fias4013
    
    Trojan.Unknown Origin
    	C:\WINDOWS\SYSTEM32\MQIKXPGT.DLL
    
    Adware.Vundo/Variant-Trace
    	C:\WINDOWS\SYSTEM32\OHGIYUOQ.INI
    	C:\WINDOWS\SYSTEM32\PLUMHIIC.INI
    	C:\WINDOWS\SYSTEM32\RUXAFSIX.INI
    	C:\WINDOWS\SYSTEM32\TGPXKIQM.INI
    	C:\WINDOWS\SYSTEM32\ULAJPVGU.INI
    
    then without cleaning I ran the check with Nod32 V2 which found nothing.
    Afterwards I uninstalled NOD32 V2 and installed NOD32 V4 and it found
    Code:
    C:\WINDOWS\SYSTEM32\MQIKXPGT.DLL
    and some *.tmp files as threats and a false positive.

    But what about the rest of the things that Superantispyware found as threats, why does NOD32 not find them?
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    They are remnants of a file that probably got cleaned. v2 does not have as good cleaning as v4. You aren't actually "infected" since nothing is running. They are in all essence "left-overs". v4 is better at cleaning the mess of already infected pcs.

    You can't classify tracking cookies as adware, NOD32 does not scan for these and it shouldn't. Just block 3rd party cookies in your browser.
     
  3. ashrack

    ashrack Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    55
    Funky
    I know cookies don't count, forgot to exclude them from the list. But why don't these remnants get cleaned also: Adware.Vundo/Variant-Trace
    and Rogue.Component/Trace and Trojan.Fake-Alert/Trace
    ?

    ps. Nod32 V4 is definately great improvement over V2 in terms of finding malware. But I like V2 GUI better, it was more g33ky :)
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Like I said, the actual infection (whatever it was) got cleaned, as you will notice, it isn't running on your system. But obviously v2 failed to clean up all the "extras". This is where v4 improves. But since the infection is already cleaned, v4 doesn't know to look for "extras" to remove from the registry. As far as I know, a full system clean needs an infection confirmation, removing random registry entries seems pretty risky to me.
     
  5. nodyforever

    nodyforever Registered Member

    Joined:
    Oct 30, 2007
    Posts:
    549
    Location:
    PT / Lisbon

    Hello,

    CTRL+G use simple GUI nod32 v4 :)


    MOst Reagrds,

    NF
     
  6. ashrack

    ashrack Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    55
    that just removes the pretty colors.
    I just liked the small yet colorful GUI that Nod32 V2 had
     
  7. ashrack

    ashrack Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    55
    I see, thx for clarification.

    FYI, NOD32 V2 wasn't the program used for cleaning the computer when it was infected, it couldn't even detect that malware has infested Windows.
     
  8. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    It probably missed it, which might also explain why you have remnants in the first place. If you still have the actual malware infection sample you should submit it for analysis to samples("at")eset[dot]com in a zip file passworded "infected".
     
  9. dannyboy

    dannyboy Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    113
    Location:
    UK
    keep in mind that some of those traces are registry entries. NOD32, being primarily an antivirus product, doesn't scan the registry like true antispyware programs.
     
  10. ashrack

    ashrack Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    55
    dannyboy
    I see.
    Is there a program which has realtime protection and is a ful blown antispyware aswell as antivirus program?
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Those ini files are most likely benign data files, otherwise they wouldn't have "trace" in their names. Leaving them on the disk doesn't pose any risk, but it's better to delete them so that certain security applications don't find them again in the future.
     
Thread Status:
Not open for further replies.