The Antivirus 2008 Trojan

Discussion in 'ESET NOD32 Antivirus' started by ForgeMaster, Sep 11, 2008.

Thread Status:
Not open for further replies.
  1. ForgeMaster

    ForgeMaster Registered Member

    Joined:
    Sep 11, 2008
    Posts:
    21
    Location:
    Virginia
    I am a consultant and handle a LOT of calls every day and I also sell ESET. Is the NOD 32 AV handling the Antivirus 2008 trojan well? Any reports on trouble with that trojan from NOD32 users?

    FM
     
  2. ASpace

    ASpace Guest

    It seems antivirus vendors generally have difficulties dealing with rogue applications . ESET NOD32 and ESET Smart Security should be able to handle most of the variants .

    Advise your clients use limited user account (UAC enabled by default in Windows Vista) , be cautios when installing new programs and advise them run second dedicated antispyware application such as the free Microsoft Windows Defender , for example.

    http://www.eset.eu/threat-center/security-tips
     
  3. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    It stops the complete installation of "many of them"..but there are quite a few that still manage to partially install and somewhat infect a system.

    The ZLob variants (the trojan behind Virtumonde and Smitfraud) are being released and updated with new variants several times a day. So AV vendors are having a hard time keeping up.

    It is relatively easy to clean out though, with other tools now available.
    CCleaner
    SuperAntispyware
    MalwareBytes
    Spybot Search and Destroy version 1.6 (or newer as this post ages)

    We've had no problem cleaning PCs with the above, and no returns.
     
  4. ForgeMaster

    ForgeMaster Registered Member

    Joined:
    Sep 11, 2008
    Posts:
    21
    Location:
    Virginia
    When the AntivirusXP2008 trojan came out. Symantec let it through and I was trying to install NOD32. After installing, we ran the scan, but it allowed the AVXP2008 parts to remain undetected. We ran another removal tool, which took out much of it and when we ran NOD32 again, it found all the pieces of the trojan.

    So my question is: Why did NOD32 not find the trojan when first installed and scanned? What did the removal tool do that NOD32 could not? Is this typical for malware that has already infected the machine prior to NOD32 installation?

    thanks,
    FM
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I guess it was initially undetected because of the frequent changes in obfuscation the authors use to evade detection. You did not mention any dates so I'd mention that detection of this malware family has recently been significatnly improved.
     
  6. ForgeMaster

    ForgeMaster Registered Member

    Joined:
    Sep 11, 2008
    Posts:
    21
    Location:
    Virginia
    Well, it was about 3 weeks ago, shortly after that trojan became dominant here. My question was more as an ongoing expectation for new threats coming out. Do we have to make sure that the machine is clean of new threats before we install NOD32? What kind of procedural quirks do I need to be aware of with it? I thought that NOD32 was made to remove threats, but now it could appear that I need to pre-clean the machine to get ready for NOD32. Is this right? Does this apply for all threats or only a few like the trojan in the title to this thread? If I need to carry an arsenal of removal tools along with me to do installs, I can do that, but I am trying to establish realistic expectations here about the capabilities of NOD32.

    FM
     
    Last edited: Oct 17, 2008
  7. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    AS a nod32 user here may I also suggest for maxium security is setting up nod32 to Blackspear settings.I have my nod32 maxed out including the browser and email from passive mode to active mode for stronger filtering and you can run windows defender in the advanced spynet that = Hips and probably the easiest of all hips. vista user with (UAC) User Account Control and (DEP) ALL programs,Data Execution Prevention and limited user Accounts and some common sense should be good.
     
Thread Status:
Not open for further replies.