Virus not detected by Nod32 - rather concerned!

Discussion in 'ESET NOD32 Antivirus' started by malatesta, Jul 14, 2008.

Thread Status:
Not open for further replies.
  1. malatesta

    malatesta Registered Member

    Joined:
    Jul 14, 2008
    Posts:
    1
    I have just fixed, after many hours of ploughing through the web, a virus that prevents you from using any web browser (IE7, FireFox) to go to anti virus sites. All other sites were accessible. The virus even blocked sites that offered assistance to removing viruses.

    The infected file was mswsock.dll which is part of the Windows Socket API that interfaces software to the internet. I solved the problem by copying the file from a working OS into the \windows\system32 and \windows\SoftwareDistribution folders.

    What surprises me is that Nod32 doesn't pick up on this type of virus. Is this something new?

    I would have thought Nod32 would flag a change to this kind of file.
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,059
    Location:
    Texas
    Hello malatesta,

    Kindly submit the sample if possible. http://www.eset.com/support/kb.php
     
    Last edited: Jul 14, 2008
  3. demonio

    demonio Registered Member

    Joined:
    Oct 21, 2007
    Posts:
    48
    In fact eset slow lately in updates, I sent new variants of bagle and gromozon and have never been updated:D

    @Marcos
    why?;)
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Frankly, I was wondering why we haven't received a Bagle sample from you for quite a long time as you used to submit them quite frequently. Could you resend undetected variants to samples[at]eset.com with "Bagle" in the subject as usual and PM me when done so that I can check if they have actually arrived?
     
  5. demonio

    demonio Registered Member

    Joined:
    Oct 21, 2007
    Posts:
    48
  6. niceTyp

    niceTyp Registered Member

    Joined:
    Jul 15, 2008
    Posts:
    11
    i also send ~removed virustotal scan link per policy....Bubba~ to samples@eset.com two days ago. After 5 virus def updates nothing happend.. it is a pity.
    Maybe I should use Microsoft Antivir ;) because it was one of the first they detect the virus.
     
    Last edited by a moderator: Jul 15, 2008
  7. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hello,

    ESET can be the first, who will detect other virus. ;)
     
  8. niceTyp

    niceTyp Registered Member

    Joined:
    Jul 15, 2008
    Posts:
    11
    Yeah maybe but version 3271 still not detect the zlob variant...
    a little bit curious...
     
  9. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Zlob has got many new variants every day and source of them is known - It's "porn codec". Don't visit these sites, won't have Zlob. :thumb:
     
  10. niceTyp

    niceTyp Registered Member

    Joined:
    Jul 15, 2008
    Posts:
    11
    ok my fault, I don't know that nod32 don't includes variants from such sites.
    thx for the tip
    don't use the internet, won't have a virus.
     
  11. alloucho

    alloucho Registered Member

    Joined:
    Dec 26, 2007
    Posts:
    145
    don't use the internet, won't have a virus:D :thumb:
    There are many new variants of zlob, vundo, bagle that nod32 do not detect.
    nod32 would not admit that and update it´s detection capabilities, but advice not using dangerous sites:thumbd:
     
  12. demonio

    demonio Registered Member

    Joined:
    Oct 21, 2007
    Posts:
    48
    Not a BAGLE! nod now identifies all variations. trusted;)

    crafty facts, use Sandboxie and continue to use the Internet:D
     
  13. niceTyp

    niceTyp Registered Member

    Joined:
    Jul 15, 2008
    Posts:
    11
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    I could show you an example of spammed dropper from a fake email from Microsoft where NOD32 was one of 3 AVs to detect it and it remained so even after 2 days. I won't go into details as comparing products or bashing is not allowed in this forum.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.