trojandownloader.zlob and NOD32

Discussion in 'NOD32 version 2 Forum' started by maxoblivion, Oct 5, 2007.

Thread Status:
Not open for further replies.
  1. maxoblivion

    maxoblivion Registered Member

    Joined:
    Feb 21, 2007
    Posts:
    65
    I've been using the NOD32 trial for couple of weeks and I had the trojandownloader.zlob.bfl installed on my computer a few days ago. NOD32 didn't detect it until I did a routine backup to an external drive. It also showed up with the "in-depth analysis" scan. I'm wondering if it was just one that will get through sometimes or if the default settings aren't tight enough. I deleted the trojan manually and there are no symptoms of infestation.

    I tried the Spysweeper free scan and it only found harmless cookies and I installed Counterspy and scanned and it found a few cookies and a keylogger, SC-Keylog in a desktop icon. I think I will use both NOD32 and Counterspy along with the Comodo firewall. I previously used Zonelabs Antivirus and seemed well protected with no infestations I was aware of but it seemed to slow my system more with each software update and my computer was taking a long time to boot up. System Standby was no longer working properly and it interfered with an IE7 installation, really screwing things up.
     
    Last edited: Oct 5, 2007
  2. ASpace

    ASpace Guest

    Perhaps detection for that specific variant was recently added but you had the malware before ESET added the detection . The file was inactive and that's why it was caught with on-demand scan .

    The default settings are ok :thumb:


    By default with the on-demand settings in AMON/IMON detection for Potentally unsafe applications is disabled . The keyloggers (some commercial programs) should be there and that is one more possible reason for not detecting it
     
  3. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
  4. ASpace

    ASpace Guest

    Just to update , on ESET's site one can see that detection for that specific Zlob was added 5 days ago
     
  5. maxoblivion

    maxoblivion Registered Member

    Joined:
    Feb 21, 2007
    Posts:
    65
    Thanks for the responses. It looks like zlob.bfl was included in the 2562 update. I didn't receive definition updates between 2555 and 2563. I was traveling and using a slow dial-up connection. I had a series of server connection failures that prevented updates. Would the installation have been prevented if I had the update in time? Or, would NOD32 detect it after installation and notify? I still think I'll use Counterspy for redundancy. As long as NOD32 and Counterspy don't conflict, the more the merrier.

    If I check "potentially unsafe applications" in the settings, I'm not at risk for losing desirable applications as long as I have the "Actions" set to notify me first, correct?

    As for how I obtained this trojan, I don't really know. I was surfing some high risk sites the day before but I"m careful not to knowingly download anything from unreliable sites. It got to me anyway.
     
    Last edited: Oct 5, 2007
  6. ASpace

    ASpace Guest

    If the update was on time and it contained information about that malware (or any kind of heuristic update) , then YES.


    Potentially unsafe applications is detection for only commercial programs that might be exploited for malicius purpose . Such applications include remote admin tools and keyloggers . About losing "desirable applications" - NOD32 very rarely displays false positive alarms so don't worry
     
  7. maxoblivion

    maxoblivion Registered Member

    Joined:
    Feb 21, 2007
    Posts:
    65
    To conclude:

    Spysweeper didn't detect either the trojandownloader.zlob.bfl or the sc-keylog that I assume the trojan installed on my computer. NOD32 detected the trojan after I had updated definitions but it offered no remedy. It didn't notify me of related registry entries either. Counterspy, which I ran after deleting the trojan manually, detected the keylogger but didn't show me registry changes. Counterspy removed the keylogger and related traces but didn't clean the registry. OH well, I guess there aren't any perfect solutions.
     
Thread Status:
Not open for further replies.