Credit where credit is due, I just wanna say thanks to the NOD32 team for their excellent work in improving the detection of trojan's lately. My brother's machine runs NAV resident and KAV as an on demand scanner, both of these though failed to pick up a trojan with a dialler which has run up a phone bill £100+. I downloaded a trial version of NOD32 for him and it picked it up straight away no problems! He'll be finding a NOD32 license in his xmas stocking this year.
You were lucky, Nod32 is primarily designed to detect and protect you from viruses: We advise ALL our clients to have and know how to use the following: Update Windows http://v4.windowsupdate.microsoft.com/en/default.asp Nod32 Anti-virus http://nod32.com/home/home.htm ZoneAlarm Firewall http://www.zonelabs.com/store/content/home.jsp Spybot Search and Destroy http://www.safer-networking.org/ Spyware Guard http://www.wilderssecurity.net/spywareguard.html Spybot Search and Destroy would have removed the dialer upon a daily check. ZoneAlarm would have warned of a program trying to access the internet. Spyware Guard would have warned of any homepage change etc… Nod32 in this case would have detected it as well. The above is a layered defence, that should something get past and destroy your data or pc (if all of the above was up-to-date and actually USED properly), then it would be time to sell up and go live on a tropical island somewhere... Cheers
You might also include SpywareBlaster in that list. It's nonresident but protects against the download and installation of a number of spyware, hijackers, dialers, etc. And since it's not a running program it uses no resources. It's another of Javacool's freeware/donationware like SpywareGuard.
He has spybot and ad-aware installed but he never updated lately and this dialler was a recent variant so they didnt pick it up. I know all about layered security, but unfortunately he doesn't. I'm just glad the NOD32 team are improving on their trojan detection. He only uses the PC for school work and for looking at motorbike websites very rarely, and all patched up to date, so I'm very surprised that he managed to pick up anything at all. So I updated spybot and immunized his system, locked the hosts file and access to IE settings, removed access to IE, installed Mozilla firebird and set it up to block popups etc. Changed his account privilages, scheduled regular scans when I know he wouldnt be using the PC to stop them Also installed BlackICE, saved the baseline and set the application protection to automatically terminate any new/unknown/modified applications/dynamic link library files etc.. I will set him up on my network too with NAT when I get time. I dont think there's much chance of anything installing itself and doing that again.
LOL, so all in all you have placed his pc in a fortress, if only he now keeps everything up-to-date, usually a bill like what he got will awaken the user not to let it happen again. Welome to Wilders and Nod. Cheers
I think the whole point is that it was a dialer, no matter what AV he was trying, I wouldn't have expected it to pick it up. His brother needed a layered defence, which he now has. It was just lucky, or so prevalent, that Nod had it placed in it's signature bases. I don't expect any AV to detect a dialer, maybe in the future, due to the publics lack of understanding between the difference of Trojans, Dialers, Viruses, Malware etc, ALL AV companies will have to detect ALL of the aforementioned... Cheers
I was just wondering if KAV would be able to catch it now. It would sure be nice if any AV could catch dialers. The typical computer user isn't going to be running 700 different anti-malware utilities. Hopefully those users won't be downloading crap from P2P clients and warez sites, either.
To be more specific NOD32 actually caught the trojan dropper that was responsible for installing it. Adaware found the actual dialling program, but it would've been installed constantly without the help of NOD32 finding the program repsonsible. Unfortunately I deleted the file upon detection, I should've saved a copy for the other AV's, but I was too pissed off to think at that point. BTW, I was running KAV 4.5 with the latest definitions, and it was set to scan all files. NAV was the same.
Blackspear wrote: This might have been true at one time but I don't think it is anymore. As I new Nod user I was very concerned to hear people saying this after I just bought the product (thinking it would offer protection from Viruses , worms AND TROJANS. After all---the website says it will!) so I wrote to them about this. You see, I bought the product after reading the following from the Nod website-- "NOD32 Antivirus System provides well balanced, state-of-the-art protection against threats endangering your PC and enterprise systems running various platforms from Microsoft Windows 95 / 98 / ME / NT / 2000 / 2003 / XP, through a number of UNIX/Linux, Novell, MS DOS operating systems to Microsoft Exchange Server, Lotus Domino and other mail servers. Viruses, worms, TROJANS and other malware are kept out of striking distance of your valuable data. " from http://www.nod32.com/products/products.htm Yet I kept reading people always saying it was not meant to catch trojans and all that other stuff. I was alarmed because I just bought the product based on what I read at the Nod website and I didn't see the point of replacing my old product (which, like most other AV products these days did catch viruses and worms AND trojans). I saw no point in replacing my old program with a new program which did not catch these things. It seemed pointless to me. So I wrote to Nod tech support. I told them I had been reading on various groups that Nod was just a virus product and not meant to catch trojans and the response I received was (exact quote formn their letter)-- "no, it's not true. I recommend that you take a look at our website http://www.nod32.com/support/info.htm#CurVersion and search for "trojan". Blackspear wrote- Actually many of them, if not most of them do catch these things---Norton, Macafee, Panda, and probably some others as well all catch Trojans, viruses and Malware and (even dialers these days!). These various Malware programs can be as harmful as any virus and can cause a good deal of damage. It is a smart move by anti virus companies to include these things in their detection. The web being the way it is these days it is a neccessity in this age we live in. The AV companies have to keep up with the malware developers. Nod finds a way to to do this with extreme accuracy and without bloating up. I like it very much. Beautiful stream-lined program! Eset is really to be commended! But I suppose to each his own. One man's "bloat" is another man's "feature rich". So I cannot judge the style of some of the other AV companies. In the past before just recently discovering Nod, I have used other AV products which I found to be excellent as well. It must be a tough job keeping up with all these internet threats. The fact that Nod picked up on this particular trojan even before some of the other great programs out there is a sign of their diligent work on this particular front of the "malware war". I suppose the problem with dealing with these growing numbers of malware programs such as dialers and even some trojans is deciding in individual cases which of them are actually malware and which are legitimate programs. Complicated stuff!
I also see that Nod has won the Trojan Checkmark certification from West Coast Labs along with certification for Virus levels 1 and 2. I dont'imagine that's an easy thing to obtain and shows under the strictest circumstances Nod's prowess at Viruses and trojans. Something for them to really be proud of! "The Checkmark certification of NOD32 for Windows 2003 to Antivirus Levels 1, 2, and Trojan, is the hallmark of a company whose philosophy is to be a cutting-edge AV developer," commented Chris Thomas, Operations Director of West Coast Labs, in a statement announcing the results." http://www.nod32.com.au/nod32/news/news.htm#alliance The original post made by "dos" at the head of this thread is "real world" proof of this.