Strange thing with Jotti´s NOD32 detection rate

Discussion in 'NOD32 version 2 Forum' started by NODUSER, Nov 24, 2005.

Thread Status:
Not open for further replies.
Page 2 of 3
  1. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    nice! ;) So NOD32 rules again! No use to post another examples of Small trojans not detected. (I was having one from Jotti's :D ) It's just a matter of packers. :)
     
    pykko, Nov 27, 2005
    #26
  2. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    ESET should add more packers like some other AV.

    Here is list:

     
    izi, Nov 27, 2005
    #27
  3. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Why is half of packers listed several times? makes no sense...
     
    RejZoR, Nov 27, 2005
    #28
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    AH uses a generic unpacker so this list makes no sense to me either. Maybe it's a matter of timeout for simulation.
     
    Marcos, Nov 27, 2005
    #29
  5. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    UPX 1.0, UPX 1.2 etc
     
    izi, Nov 27, 2005
    #30
  6. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Well i don't see any versions there...
     
    RejZoR, Nov 27, 2005
    #31
  7. Farbod

    Farbod Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    88
    Good point, And the End-User is protected at all times, with the above list or without. :D
     
    Farbod, Nov 27, 2005
    #32
  8. NODUSER

    NODUSER Guest

    So there is no need to add a signature for that norton crack?
     
    NODUSER, Nov 27, 2005
    #33
  9. Farbod

    Farbod Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    88
    No ;)
     
    Farbod, Nov 27, 2005
    #34
  10. Farbod

    Farbod Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    88
    But if it was nod32 crack, yes :rolleyes: :D :D
     
    Farbod, Nov 27, 2005
    #35
  11. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Crack or not crack, i don't know how they deal them but most of "cracks" aren't really cracks but simply malware masked like cracks. Easy way to lure stupid users into downloading&running them...
     
    RejZoR, Nov 27, 2005
    #36
  12. Farbod

    Farbod Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    88
    Please read the topic from first, you will find the line....
     
    Farbod, Nov 27, 2005
    #37
  13. NODUSER

    NODUSER Guest

    NODUSER, Nov 27, 2005
    #38
  14. Farbod

    Farbod Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    88
    it is impossible...

    Maybe you have another security software which blocks access AMON to malicious code.

    Restore AMON settings to default and then set them at Max. try again.
     
    Farbod, Nov 27, 2005
    #39
  15. NODUSER

    NODUSER Guest

    I´ve executed it and ZA PRO 6 showed me an alert. I clicked deny. I only have NOD32, ZA pro 6 and a²Guard..
     
    NODUSER, Nov 27, 2005
    #40
  16. Farbod

    Farbod Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    88
    Have you run on-demand scanning?
     
    Farbod, Nov 27, 2005
    #41
  17. NODUSER

    NODUSER Guest

    Yes.. didn´t detect it..

    http://tinypic.com/hve144.jpg

    AMON should detect it when I execute it, or this is a trojan downloader and AMON should detect some trojans that this one downloads?
     
    NODUSER, Nov 27, 2005
    #42
  18. Farbod

    Farbod Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    88
    No, on-demand scanning for all your hard disk :)
     
    Farbod, Nov 27, 2005
    #43
  19. Farbod

    Farbod Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    88
    Are your AMON settings like this?
     

    Attached Files:

    • yhy.png
      yhy.png
      File size:
      73.1 KB
      Views:
      101
    Farbod, Nov 27, 2005
    #44
  20. NODUSER

    NODUSER Guest

    NODUSER, Nov 27, 2005
    #45
  21. NODUSER

    NODUSER Guest

    It was set to clean automatically.. I´ve changed this and now AMON detects it... but I really don´t know if AMON really blocked it, ´cause the program continued running...
     

    Attached Files:

    Last edited by a moderator: Nov 27, 2005
    NODUSER, Nov 27, 2005
    #46
  22. Farbod

    Farbod Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    88
     

    Attached Files:

    Last edited by a moderator: Nov 27, 2005
    Farbod, Nov 27, 2005
    #47
  23. NODUSER

    NODUSER Guest

    AMON has dtected the virus, but the program still runing.. is this normal?
     
    NODUSER, Nov 27, 2005
    #48
  24. Farbod

    Farbod Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    88
    Yes, malicious code was wrapped into program. Main program is harmless. ;)
     
    Farbod, Nov 27, 2005
    #49
  25. NODUSER

    NODUSER Guest

    So the mIRC program without the "reg.exe" that AMON detected is inofensive?
     
    NODUSER, Nov 27, 2005
    #50
Page 2 of 3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...