Update 3096 and Win32/Adware.SpyBurner

Discussion in 'ESET NOD32 Antivirus' started by zer0l0gic, May 14, 2008.

Thread Status:
Not open for further replies.
  1. zer0l0gic

    zer0l0gic Registered Member

    Joined:
    May 7, 2008
    Posts:
    52
    I was just playing with NOD32 detection and found that signature level 3096 has detection for SpyBurner.

    Since I'm testing NOD32 to see if it suits my needs, I decided to go the the site where SpyBurner is distributed from (just add www. to the front and .com to the end of the name).

    Untitled.png

    What happened was a bit disappointing. I went over to the SpyBurner site, downloaded the application. Scanned the installer - nothing. Not a peep out of NOD32. :doubt:

    1.png

    2.png

    My Signature level:

    3.png
     
    Last edited: May 14, 2008
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Basicly we do not detect the whole installers. It's not a secret that the business with rogue antispyware produces profits to their authors thanks to human's naivity and for them it's worth hiring underground coders to make their "products" undetectable. Access to the site will be blocked soon.
     
  3. zer0l0gic

    zer0l0gic Registered Member

    Joined:
    May 7, 2008
    Posts:
    52
    Hi Marcos
    Thanks for clearing that up, previously I noticed that other 'Malwares' were filtered out by NOD32 at site access or installer download. Appreciate you looking into it. Thanks again. :thumb:
     
  4. zer0l0gic

    zer0l0gic Registered Member

    Joined:
    May 7, 2008
    Posts:
    52
    I think eset really need to get on top of this. This threat was picked up by Panda & Kaspersky's AVP Tool and not NOD32 with the latest signatures.

    panda.png

    nodetection.png

    avp.png
     
    Last edited: May 14, 2008
  5. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    A nonsensical post zer0l0gic. You went looking for trouble and found it. Marcos could put up posts of his own where NOD finds stuff others don't, but thats not his style. Kaspersky is a good product by the way so if you decide it suits your needs better then go with it.
     
  6. jdenton

    jdenton Registered Member

    Joined:
    Apr 25, 2008
    Posts:
    47
    What's so nonsensical about it?? Judging by the way you talk, I suppose Nod32 is only useful as long as viruses don't appear! Whenever a user gets infected it's their fault... Nod32 is perfect and blameless.

    I really think there's something seriously wrong at Eset. Whenever people point out that their product doesn't detect something, they serve up a bunch of excuses instead of fixing the problem. Eset, why don't you serve your paying customers' best interests, instead of your own pride? :isay:
     
  7. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    jdenton NOD V3 is definitly not perfect. I didn't switch to V3 until the latest build 3.0.650.0. And the reasons given for a non detection are similar on every Av product forum including the ones your a fan of.:p If you want to find something that will give your chosen product a problem, you can. By the way nice Avatar. I've also suggested Dr. Web to friends who couldn't run NOD for one reason or another.;)
     
    Last edited: May 14, 2008
  8. jdenton

    jdenton Registered Member

    Joined:
    Apr 25, 2008
    Posts:
    47
    That's also where the difference is. The experts of those companies will listen and pay attention when a problem is found, instead of give the user mumbo-jumbo and then leave the problem unsolved.

    Thanks for the compliments about the avatar. I grabbed it off some website, too bad I can't remember which one. You're welcome to take it if you like it LOL. I'm trying a load of antivirus trials now until AVG releases its next version because of a few problems bugging me. I'd like to try Nod32 too, but the attitude of the staff here don't really inspire confidence. Sure you can always find flaws if you look hard enough. That's not the issue. The issue is how the company reacts when a problem is found. Let's see how Eset reacts to this one.
     
  9. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    The Avatar looks like a Dr.Web one so thats why I made the comment. Eset staff have been pretty good regarding my inquries at least so thats one of the reasons why they get my money. I check out Esets competition from time to time and find posters who have the same complaints on other Av product forums.
     
    Last edited: May 15, 2008
  10. ASpace

    ASpace Guest


    I see Panda and Kaspersky detect the installer itself . ESET do have detection about the software's executables so if you try to install this rogue AV , its files will get detected/deleted upon create and after that they can be removed by EAV .


    Which means they will add the site distributor in the list of sites with known malicious content and users will not even be able to access the site and download this program .
     
  11. zer0l0gic

    zer0l0gic Registered Member

    Joined:
    May 7, 2008
    Posts:
    52
    Thanks everyone for your help.

    I think I should look elsewhere for my AntiVirus.

    :'(
     
  12. ASpace

    ASpace Guest

    @ zer0l0gic


    What worries you ? You are worried because NOD32 doesn't detect that small installer ? The installer itself won't harm your machine
    What is inside it can be nasty and this is what is indeed detected
     
  13. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Good luck on your choice of AVG. I know a lot of people that use it.
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If a particular version of a fraud tool (rogue antispyware) is detected by an on-demand scanner doesn't mean much. The authors often modify the code to evade detection and for this reason the AV programs have to use other techniques to prevent this kind of software from being installed.

    I have collected several rogue antispyware programs which are deteced only by 1 AV. If one encounters that file what should he do? Should he ditch the AV program he uses and install the one that detected it? But what if the new AV program misses other malware that would otherwise be detected by the AV he just ditched? Bear in mind that the best prevention is using common sense and avoiding downloading suspicious programs.
     
    Last edited: May 15, 2008
  15. zer0l0gic

    zer0l0gic Registered Member

    Joined:
    May 7, 2008
    Posts:
    52
    Thankyou Marcos. I think I now understand. I might have panicked a little.
    I also just checked Eset's VB100 Rate and I'm very impressed. I got a license for NOD32. And also a license of AVG. I have two computers. Thankyou for your help.
     
  16. ESS3

    ESS3 Registered Member

    Joined:
    Dec 11, 2007
    Posts:
    112
    Win32/Adware.SpyBurner ;)
     

    Attached Files:

Thread Status:
Not open for further replies.