Virus not detected by Nod32 - rather concerned!

Discussion in 'ESET NOD32 Antivirus' started by malatesta, Jul 14, 2008.

Thread Status:
Not open for further replies.
  1. malatesta

    malatesta Registered Member

    Joined:
    Jul 14, 2008
    Posts:
    1
    I have just fixed, after many hours of ploughing through the web, a virus that prevents you from using any web browser (IE7, FireFox) to go to anti virus sites. All other sites were accessible. The virus even blocked sites that offered assistance to removing viruses.

    The infected file was mswsock.dll which is part of the Windows Socket API that interfaces software to the internet. I solved the problem by copying the file from a working OS into the \windows\system32 and \windows\SoftwareDistribution folders.

    What surprises me is that Nod32 doesn't pick up on this type of virus. Is this something new?

    I would have thought Nod32 would flag a change to this kind of file.
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,772
    Location:
    Texas
    Hello malatesta,

    Kindly submit the sample if possible. http://www.eset.com/support/kb.php
     
    Last edited: Jul 14, 2008
  3. demonio

    demonio Registered Member

    Joined:
    Oct 21, 2007
    Posts:
    48
    In fact eset slow lately in updates, I sent new variants of bagle and gromozon and have never been updated:D

    @Marcos
    why?;)
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Frankly, I was wondering why we haven't received a Bagle sample from you for quite a long time as you used to submit them quite frequently. Could you resend undetected variants to samples[at]eset.com with "Bagle" in the subject as usual and PM me when done so that I can check if they have actually arrived?
     
  5. demonio

    demonio Registered Member

    Joined:
    Oct 21, 2007
    Posts:
    48
  6. niceTyp

    niceTyp Registered Member

    Joined:
    Jul 15, 2008
    Posts:
    11
    i also send ~removed virustotal scan link per policy....Bubba~ to samples@eset.com two days ago. After 5 virus def updates nothing happend.. it is a pity.
    Maybe I should use Microsoft Antivir ;) because it was one of the first they detect the virus.
     
    Last edited by a moderator: Jul 15, 2008
  7. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hello,

    ESET can be the first, who will detect other virus. ;)
     
  8. niceTyp

    niceTyp Registered Member

    Joined:
    Jul 15, 2008
    Posts:
    11
    Yeah maybe but version 3271 still not detect the zlob variant...
    a little bit curious...
     
  9. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Zlob has got many new variants every day and source of them is known - It's "porn codec". Don't visit these sites, won't have Zlob. :thumb:
     
  10. niceTyp

    niceTyp Registered Member

    Joined:
    Jul 15, 2008
    Posts:
    11
    ok my fault, I don't know that nod32 don't includes variants from such sites.
    thx for the tip
    don't use the internet, won't have a virus.
     
  11. alloucho

    alloucho Registered Member

    Joined:
    Dec 26, 2007
    Posts:
    145
    don't use the internet, won't have a virus:D :thumb:
    There are many new variants of zlob, vundo, bagle that nod32 do not detect.
    nod32 would not admit that and update it´s detection capabilities, but advice not using dangerous sites:thumbd:
     
  12. demonio

    demonio Registered Member

    Joined:
    Oct 21, 2007
    Posts:
    48
    Not a BAGLE! nod now identifies all variations. trusted;)

    crafty facts, use Sandboxie and continue to use the Internet:D
     
  13. niceTyp

    niceTyp Registered Member

    Joined:
    Jul 15, 2008
    Posts:
    11
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I could show you an example of spammed dropper from a fake email from Microsoft where NOD32 was one of 3 AVs to detect it and it remained so even after 2 days. I won't go into details as comparing products or bashing is not allowed in this forum.
     
  15. krokodil_bb

    krokodil_bb Registered Member

    Joined:
    Oct 13, 2007
    Posts:
    86
    Location:
    BB
    I can show you my recent experiences with "Zlob" and how Eset deal with detection.

    After upgrade from eav650 to eav667 my computer randomly boot to bsod, ... eset support/dumps/logs..., then I found (with non eset tool) that cause of this is virus not known to nod. I remove flagged file, no more bsod. I sent that file to eset and was added as Win32/TrojanDownloader.Zlob.BXN trojan 2 weeks ago, that's all. But on others machines with infection nothing changed, nod updating and detect nothing. On manual scan of \system32\ directory is interesting one exe file with note "[4] Object cannot be opened. It may be in use by another application or operating system."

    Only way to detect and remove it by nod is scan infected disk on clean system (I always thinked that this operation is needed only for cleaning some nasty rootkits...). It's a Eset shame becouse others /I used well known free russian utility/ can detect and delete it without wasting my time by removing drive from pc and possible interruption of others people work.

    Yesterday Eset technician asked me if problem with infection was solved:ouch: and asked for sysinspector log from infected pc.

    If nod can't scan and detect known "zlob" virus file, what will do with real rootkits? And why adding detection if in real infected world can't detect it?
     
Thread Status:
Not open for further replies.