The Antivirus 2008 Trojan

I am a consultant and handle a LOT of calls every day and I also sell ESET. Is the NOD 32 AV handling the Antivirus 2008 trojan well? Any reports on trouble with that trojan from NOD32 users?

FM

 

It seems antivirus vendors generally have difficulties dealing with rogue applications . ESET NOD32 and ESET Smart Security should be able to handle most of the variants .

Advise your clients use limited user account (UAC enabled by default in Windows Vista) , be cautios when installing new programs and advise them run second dedicated antispyware application such as the free Microsoft Windows Defender , for example.

http://www.eset.eu/threat-center/security-tips

 

It stops the complete installation of "many of them"..but there are quite a few that still manage to partially install and somewhat infect a system.

The ZLob variants (the trojan behind Virtumonde and Smitfraud) are being released and updated with new variants several times a day. So AV vendors are having a hard time keeping up.

It is relatively easy to clean out though, with other tools now available.
CCleaner
SuperAntispyware
MalwareBytes
Spybot Search and Destroy version 1.6 (or newer as this post ages)

We've had no problem cleaning PCs with the above, and no returns.

 

When the AntivirusXP2008 trojan came out. Symantec let it through and I was trying to install NOD32. After installing, we ran the scan, but it allowed the AVXP2008 parts to remain undetected. We ran another removal tool, which took out much of it and when we ran NOD32 again, it found all the pieces of the trojan.

So my question is: Why did NOD32 not find the trojan when first installed and scanned? What did the removal tool do that NOD32 could not? Is this typical for malware that has already infected the machine prior to NOD32 installation?

thanks,
FM

 

I guess it was initially undetected because of the frequent changes in obfuscation the authors use to evade detection. You did not mention any dates so I'd mention that detection of this malware family has recently been significatnly improved.

 

Well, it was about 3 weeks ago, shortly after that trojan became dominant here. My question was more as an ongoing expectation for new threats coming out. Do we have to make sure that the machine is clean of new threats before we install NOD32? What kind of procedural quirks do I need to be aware of with it? I thought that NOD32 was made to remove threats, but now it could appear that I need to pre-clean the machine to get ready for NOD32. Is this right? Does this apply for all threats or only a few like the trojan in the title to this thread? If I need to carry an arsenal of removal tools along with me to do installs, I can do that, but I am trying to establish realistic expectations here about the capabilities of NOD32.

FM

 

AS a nod32 user here may I also suggest for maxium security is setting up nod32 to Blackspear settings.I have my nod32 maxed out including the browser and email from passive mode to active mode for stronger filtering and you can run windows defender in the advanced spynet that = Hips and probably the easiest of all hips. vista user with (UAC) User Account Control and (DEP) ALL programs,Data Execution Prevention and limited user Accounts and some common sense should be good.