Submitting virus samples

Discussion in 'NOD32 version 2 Forum' started by Webby, Jan 1, 2006.

Thread Status:
Not open for further replies.
  1. Webby

    Webby Registered Member

    Joined:
    Jan 1, 2006
    Posts:
    93
    Hi all,

    I just read the post from ronjor about submitting virus samples and here's a quote

    Whats got me is the "'meaningless' benign signatures" bit, can somebody explain that please.

    My NOD32 has the default settings and picks up virus warnings with great regularity as I crawl the web. I had between 20 & 30 one night after a mega crawling session on a project that I have joined.

    What I would like to know is should I submit them to Eset to have a look at or will I just be wasting there time? I thought maybe more samples returned would make for a stronger and more reliable AV.

    Thanks
    Webby
     
  2. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,666
    Location:
    Toronto Canada
    I believe you can tell if it's a heuristic or signature detection from the virus warning. I would submit the heuristic ones since the signature ones are already in the database.
     
  3. Webby

    Webby Registered Member

    Joined:
    Jan 1, 2006
    Posts:
    93
    Hi and thanks for the reply.

    I must admit I'm not to savy on the technical stuff, thats why I have NOD32 set to default :D

    Not at all sure about any of this :) I can only tell you that most... or all? of the warnings were "Probably a varient of.........."

    Cheers Webby
     
  4. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    You should submit any "Probably variant of ....." and "Probable New Heur PE" or other such messages. If it gives you a name like Win32/TrojDownloader.BA for example, don't bother as they already had the sample as it is a signature detection
     
  5. Webby

    Webby Registered Member

    Joined:
    Jan 1, 2006
    Posts:
    93
    Hi all,

    Ok guys thanks for helping me out with this question, I shall submit the ones that are not a 100% named.

    Cheers Webby
     
  6. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    I'm going to take a guess here, but I think what's meant is non-working viruses (viruses that fail to do any damage or have been corrupted in some way). Also, some spyware/adware installs lots of files on your computer (could be even text-files or help files); PestPatrol for example sometimes even detect the harmless files that were part of the spyware (for example the text-files), and NOD32 only sticks to detecting the "real" threats. Or it could be that certain antiviruses (or antimalware programs, rather) react to chat clients (mIRC) being installed on a system or peer-2-peer programs (LimeWire). I have not yet seen NOD32 react to any program in this category. (It does seem a bit meaningless to add detection for these types of programs as they aren't really malware.)
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,411
    Submit the variants and NewHeur_PE samples via ThreatSense only unless you are more or less positive they are false positives. In this case, they should go to samples[at]eset.com directly.
     
  8. Webby

    Webby Registered Member

    Joined:
    Jan 1, 2006
    Posts:
    93
    kjempen & Marcos

    Thanks for your input and explanation, I've set up NOD32 to submit these samples

    Cheers Webby
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.