Troj Ares.10 not found with NOD32?

Discussion in 'NOD32 version 2 Forum' started by deerfern, Dec 25, 2003.

Thread Status:
Not open for further replies.
  1. deerfern

    deerfern Registered Member

    Joined:
    Nov 10, 2003
    Posts:
    14
    Hi,

    I am a trial user of NOD32. I thought it was the best, which of course is what I want.

    I ran an online virus scanner (suggested by MS) and Housecall.antivirus.com found Troj Ares.10 on my d: drive, but NOD32 didn't.

    Is this a false positive? I then went to several other sites, PandaSoftware.com, RAVAntivirus.com, and ran there on line virus just for that area. They all say it's not infected.

    What am I to believe? None of the sites I went to even heard of Troj Ares.10. So......I still wonder whether I should still buy NOD32? Or, is HouseCall giving me a false?

    Thanks for any help, Carol
     
  2. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Carol - Can you find the file that HouseCall found and submit it to Kaspersky? Here:

    http://www.kaspersky.com/remoteviruschk.html

    Also, you could submit it to NOD for closer examination:

    samples@eset.com

    Being as it's the holiday season, give Eset at least a week to respond (the Kaspersky results should get back to you a lot sooner). Pete
     
  3. deerfern

    deerfern Registered Member

    Joined:
    Nov 10, 2003
    Posts:
    14
    Hi Pete,

    Thank you so much for your quick reply.

    Unfortunately for me, I allowed HouseCall to delete the file. I had not restarted yet so I tried to get it from the trash but apparently it made sure it was completely gone. Dang me anyway.

    Surprisingly, I ran a check using Norton Online, and it said the file was fine, and instead found another virus in the same directory. I deleted that one as well, I figured I might as well get rid of it.

    Thank you for you help, I think my real question is,

    Is NOD32 worth buying if it can't locate a virus (as supposedly happened?) MS says if I"m already infected, no AV can help me, only an online one, as they have updated files. If that's true, then really one needs BOTH an antivirus online and on one's computer.

    Which leads to the next question .... is Kapersky better, if they have better response times?

    Thanks for any suggestions !

    Carol
     
  4. Ainur

    Ainur Guest

    Hi Deer :D

    First of all, 'tis highly probable that Nod did not detect the infection, but there's one point you must not forget: the file was a TROJAN, not a virus/worm: its purpose is to give hackers access 2 your system's data, not destroy the data. So a firewall with decent outbound protection (LnS, ZA, ...) will be able to contain it.

    Nod32 does not specialise in Trojan, it was not designed for that, though it has a few trojan signatures in its base.

    On the other hand, ANY AV, even an older one such as Kaspersky, which comprises many more trojan signatures, does not have trojan heuristics, and is thus not able to detect unknown trojans. Such a job should be left to an appropriate AT...

    On the other hand, Nod has (according to VB100 documents) often proven itself MORE than a match for its rivals when it comes to detecting known/unknown virii (all types).

    The Eset guys will probably include this new trojan in the future signatures, but don't forget that there are much more urgent matters they should attend to first, namely including features that Nod32 is supposed to have but is still missing, such as the ability to scan into runtime packers and self-extracting archives.
    Another good idea would be to give Nod32 the possibility to scan according to file's header (true type), and not its extension - Dr Web, if I recall correctly, has this feature.

    But nevertheless, despite its (hopefully momentary) lack of extra features, Nod32 does it main job - detecting virii/worms - and does it extremely well, so I'd advise U to stick to it and complete it with a good AT (such as Trojan Hunter, there's a free version that can be downloaded, as for Nod32 :)) and a good FW
     
  5. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    Hello deerfern

    Do you happen to have a game called "RETURN OF THE STAINLESS STEEL RAT" or "ARES RISING" or a downloaded cheat code for a game on your computer? Just asking because the first game mentioned has a file or notation in it called "Ares.10".

    Hope this may help but perhaps we are on the wrong track.

    Best wishes
     
  6. embower

    embower Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    46
    Kaspersky have trojan heuristics,Include to take off the hull ability to the trojan :eek:
     
  7. Ainur

    Ainur Guest

    Negative, KAV does NOT have trojan heuristics, no more than any other AV for that matter. KAV can detect more new trojans than other AVs because the definitions base is updated very quickly, that's all. But it can't detect UNKNOWN trojans - otherwise they would be shouting all over the Web about it, and on their own homepage to start with - and the price of the product would go rocketing sky-high... :D
     
  8. embower

    embower Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    46
    Yes, my mistake,But, TRO renewal method primarily is to add the hull on the original foundation,the AVP takes off the hull ability is very praiseworthy,An one of the reason for too is AVP can discovering new trojans :oops:
     
  9. Ainur

    Ainur Guest

    So you do concur that no AV (to this day) can tackle unknown trojans.

    But what do you mean by 'hull ability'?? o_O
     
  10. embower

    embower Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    46
    This is we Chinese way of speaking ^.^
     
  11. Ainur

    Ainur Guest

    OK I admire the superior wisdom, Master :D

    But this doesn't answer my question - what do U mean by 'hull ability' of a trojan?
     
  12. embower

    embower Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    46
    The "trojans hull" that I say, Generally is to divide of to a procedure for encrypting to the troj.

    "Take off the hull ability"Is an analytical and unchain skill to say that AV encrypt the procedure to the trojans
     
Thread Status:
Not open for further replies.