Thanks!

Discussion in 'NOD32 version 2 Forum' started by dos, Nov 28, 2003.

Thread Status:
Not open for further replies.
  1. dos

    dos Registered Member

    Joined:
    Oct 17, 2003
    Posts:
    43
    Credit where credit is due, I just wanna say thanks to the NOD32 team for their excellent work in improving the detection of trojan's lately. My brother's machine runs NAV resident and KAV as an on demand scanner, both of these though failed to pick up a trojan with a dialler which has run up a phone bill £100+. I downloaded a trial version of NOD32 for him and it picked it up straight away no problems! He'll be finding a NOD32 license in his xmas stocking this year. :)
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    You were lucky, Nod32 is primarily designed to detect and protect you from viruses:

    We advise ALL our clients to have and know how to use the following:


    Update Windows http://v4.windowsupdate.microsoft.com/en/default.asp
    Nod32 Anti-virus http://nod32.com/home/home.htm
    ZoneAlarm Firewall http://www.zonelabs.com/store/content/home.jsp
    Spybot Search and Destroy http://www.safer-networking.org/
    Spyware Guard http://www.wilderssecurity.net/spywareguard.html


    Spybot Search and Destroy would have removed the dialer upon a daily check.
    ZoneAlarm would have warned of a program trying to access the internet.
    Spyware Guard would have warned of any homepage change etc…
    Nod32 in this case would have detected it as well.

    The above is a layered defence, that should something get past and destroy your data or pc (if all of the above was up-to-date and actually USED properly), then it would be time to sell up and go live on a tropical island somewhere... :D

    Cheers :D
     
  3. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    You might also include SpywareBlaster in that list. It's nonresident but protects against the download and installation of a number of spyware, hijackers, dialers, etc. And since it's not a running program it uses no resources. It's another of Javacool's freeware/donationware like SpywareGuard. :)
     
  4. dos

    dos Registered Member

    Joined:
    Oct 17, 2003
    Posts:
    43
    He has spybot and ad-aware installed but he never updated lately and this dialler was a recent variant so they didnt pick it up.

    I know all about layered security, but unfortunately he doesn't. I'm just glad the NOD32 team are improving on their trojan detection. He only uses the PC for school work and for looking at motorbike websites very rarely, and all patched up to date, so I'm very surprised that he managed to pick up anything at all. So I updated spybot and immunized his system, locked the hosts file and access to IE settings, removed access to IE, installed Mozilla firebird and set it up to block popups etc. Changed his account privilages, scheduled regular scans when I know he wouldnt be using the PC to stop them :rolleyes: Also installed BlackICE, saved the baseline and set the application protection to automatically terminate any new/unknown/modified applications/dynamic link library files etc.. I will set him up on my network too with NAT when I get time. I dont think there's much chance of anything installing itself and doing that again.
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    LOL, so all in all you have placed his pc in a fortress, if only he now keeps everything up-to-date, usually a bill like what he got will awaken the user not to let it happen again.

    Welome to Wilders and Nod.

    Cheers :D
     
  6. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    What version of KAV, what date of signature bases, and has the sample been sent to Kaspersky Labs?
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I think the whole point is that it was a dialer, no matter what AV he was trying, I wouldn't have expected it to pick it up. His brother needed a layered defence, which he now has.

    It was just lucky, or so prevalent, that Nod had it placed in it's signature bases.

    I don't expect any AV to detect a dialer, maybe in the future, due to the publics lack of understanding between the difference of Trojans, Dialers, Viruses, Malware etc, ALL AV companies will have to detect ALL of the aforementioned...

    Cheers :D
     
  8. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    I was just wondering if KAV would be able to catch it now.

    It would sure be nice if any AV could catch dialers. The typical computer user isn't going to be running 700 different anti-malware utilities. Hopefully those users won't be downloading crap from P2P clients and warez sites, either.
     
  9. dos

    dos Registered Member

    Joined:
    Oct 17, 2003
    Posts:
    43
    To be more specific NOD32 actually caught the trojan dropper that was responsible for installing it. Adaware found the actual dialling program, but it would've been installed constantly without the help of NOD32 finding the program repsonsible. Unfortunately I deleted the file upon detection, I should've saved a copy for the other AV's, but I was too pissed off to think at that point. BTW, I was running KAV 4.5 with the latest definitions, and it was set to scan all files. NAV was the same.
     
  10. newnoduser

    newnoduser Guest

    Blackspear wrote:

    This might have been true at one time but I don't think it is anymore. As I new Nod user I was very concerned to hear people saying this after I just bought the product (thinking it would offer protection from Viruses , worms AND TROJANS. After all---the website says it will!) so I wrote to them about this.
    You see, I bought the product after reading the following from the Nod website--

    "NOD32 Antivirus System provides well balanced, state-of-the-art protection against threats endangering your PC and enterprise systems running various platforms from Microsoft Windows 95 / 98 / ME / NT / 2000 / 2003 / XP, through a number of UNIX/Linux, Novell, MS DOS operating systems to Microsoft Exchange Server, Lotus Domino and other mail servers.
    Viruses, worms, TROJANS and other malware are kept out of striking distance of your valuable data. "
    from http://www.nod32.com/products/products.htm

    Yet I kept reading people always saying it was not meant to catch trojans and all that other stuff. I was alarmed because I just bought the product based on what I read at the Nod website and I didn't see the point of replacing my old product (which, like most other AV products these days did catch viruses and worms AND trojans). I saw no point in replacing my old program with a new program which did not catch these things. It seemed pointless to me.
    So I wrote to Nod tech support. I told them I had been reading on various groups that Nod was just a virus product and not meant to catch trojans and the response I received was (exact quote formn their letter)--


    "no, it's not true. I recommend that you take a look at our website
    http://www.nod32.com/support/info.htm#CurVersion and search for "trojan".

    Blackspear wrote-
    Actually many of them, if not most of them do catch these things---Norton, Macafee, Panda, and probably some others as well all catch Trojans, viruses and Malware and (even dialers these days!).
    These various Malware programs can be as harmful as any virus and can cause a good deal of damage. It is a smart move by anti virus companies to include these things in their detection. The web being the way it is these days it is a neccessity in this age we live in.
    The AV companies have to keep up with the malware developers.
    Nod finds a way to to do this with extreme accuracy and without bloating up. I like it very much. Beautiful stream-lined program! Eset is really to be commended!
    But I suppose to each his own. One man's "bloat" is another man's "feature rich".
    So I cannot judge the style of some of the other AV companies. In the past before just recently discovering Nod, I have used other AV products which I found to be excellent as well.
    It must be a tough job keeping up with all these internet threats.
    The fact that Nod picked up on this particular trojan even before some of the other great programs out there is a sign of their diligent work on this particular front of the "malware war".

    I suppose the problem with dealing with these growing numbers of malware programs such as dialers and even some trojans is deciding in individual cases which of them are actually malware and which are legitimate programs. Complicated stuff!
     
  11. newnoduser

    newnoduser Guest

    I also see that Nod has won the Trojan Checkmark certification from West Coast Labs along with certification for Virus levels 1 and 2.
    I dont'imagine that's an easy thing to obtain and shows under the strictest circumstances Nod's prowess at Viruses and trojans. Something for them to really be proud of!



    "The Checkmark certification of NOD32 for Windows 2003 to Antivirus Levels 1, 2, and Trojan, is the hallmark of a company whose philosophy is to be a cutting-edge AV developer," commented Chris Thomas, Operations Director of West Coast Labs, in a statement announcing the results."
    http://www.nod32.com.au/nod32/news/news.htm#alliance


    The original post made by "dos" at the head of this thread is "real world" proof of this.
     
Thread Status:
Not open for further replies.