Virus not detected by nod32

Discussion in 'ESET NOD32 Antivirus' started by zeratos, Mar 15, 2008.

Thread Status:
Not open for further replies.
  1. zeratos

    zeratos Registered Member

    Joined:
    Mar 14, 2008
    Posts:
    3
    Hello, what can i do if i have a virus not detected by nod32? is there a way to send the .exe to them to analyze and include the fix on his next update?

    Thank you.
     
  2. ASpace

    ASpace Guest

    Sure . ESET Virus Lab
    samples@eset.sk
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
  4. zeratos

    zeratos Registered Member

    Joined:
    Mar 14, 2008
    Posts:
    3
  5. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
  6. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Why isn't the built-in submission feature in NOD32 enough?
     
  7. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    built-in submission is for unknown virus detect by heuristic and advanced heuristic
    which viruses does detect by nod32 will send to eset lab by email
     
  8. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
  9. PaulB2005

    PaulB2005 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    525
    So what about right click file, Advanced options, Submit File for Analysis...?
     
  10. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    I'd like this one answered as well, since that's how I've always done it. And if it isn't the correct way to... :ouch:
     
  11. PaulB2005

    PaulB2005 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    525
    and i've noticed that since i've opened my big fat gob on another thread about how every sample i submit gets added within 24-48 hours none of the samples i've submited over the last week or so has been added..... :oops:
     
  12. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    That was a pure load of baloney if I ever saw one. Don't expect ESET to react with any reasonable speed to your submissions. (They do get around to adding them eventually, though. Sometimes.)
     
  13. PaulB2005

    PaulB2005 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    525
    Well no, not really. When i collect a sample for a clients PC (not running NOD32) i put it in a folder on a spare PC. Then i scan with NOD. Most of the time the files would be detected and removed by NOD. Those that weren't detected i submitted. I found that if i went back to the PC within a day or two (maybe 3) those files were detected and deleted.

    Now you don't have to believe me and i don't really care if you do or not. I know what my experience was. Now I'm not saying that MY submission was what directly triggered them to add it to the detection. Perhaps many others were submitting similar samples. Perhaps others had submitted samples weeks or months before i had and it was co-incidence, but i really thought that submitting samples seemed to be a worthwhile thing. Now it just seems a waste of time - plus i risk getting one of my PC infected in the process....

    Why not? They should shouldn't they?
     
  14. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Not really. There's a variety of reasons for this, but the only vendor not worth submitting samples to is one that's well on its way out of the business. Of course, that doesn't mean I'm bothered to do it myself, and IIRC most vendors don't take too kindly to bulk submissions anyway. ("You trying to be funny, kid?")

    In my experience ESET needs to be "convinced" it's a genuine infection case before they take prompt action (in other words, you need to get infected first before they do anything :rolleyes:). Try sending a SysInspector log along with your samples. I don't know, that might motivate them a bit.
     
  15. PaulB2005

    PaulB2005 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    525
    Hmm. It's unusual to find samples on a clients PC that aren't detected by NOD in the first place. When i do, i usually end up with quite a lot of samples and varients, according to various online scanners. So i don't see why they should ignore bulk submissions. Esp when so many viruses seem to dump multiple copies of themsleves in loads of directories.

    Nice idea.... I'll try that next time. If i don't forget..... :doubt:
     
  16. viruscraft

    viruscraft Registered Member

    Joined:
    Sep 22, 2007
    Posts:
    114
    ESET adds virus into signature database according to their "threat level".The possible reason that NOD32 can not detect the virus which have been sent to ESET is ESET think your submission is not a genuine infection or it's in very low "threat level".But,ESET might miss some virus which really infected your system or your whole network.

    So,give some information when you send the simple,and a SysInspector log would be helpful.
     
  17. zeratos

    zeratos Registered Member

    Joined:
    Mar 14, 2008
    Posts:
    3
    Well, i submited the file yesterday and i haven't got an answer from nod32 guys, also the file is still not detected by nod32. :(
     
  18. ASpace

    ASpace Guest

  19. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Bumpity bump.
     
  20. ASpace

    ASpace Guest

    This option is the ThreatSense.NET (ESET's early warning system) . Samples received by it are generally samples which the program (EAV or ESS) has detected heuristically (for example) . Generally samples received via ThreatSense.NET have lower priority than those submitted by clients via email to samples@eset.sk
     
  21. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    No, it's just not heuristically-detected files. You can submit anything you want via right click.

    I do it because it's quick and easy and I don't want to zip a file, password-protect it, and load my email client every time I have to submit an undetected file. I just want to know whether ESET is actually receiving anything sent this way.

    And oh, does the right-click submission method work if one is using a limited user account? Thanks.
     
  22. ASpace

    ASpace Guest

    I know that very well . I am just telling you that because of the fact most samples received that way are detected heuristically in some way , that is one of the reasons ESET treat them with lower priority . You can submit everything .


    ESET do receive them ! Generally but not always different is the priority.

    By the way , it is not necessary to password protect a sample in order to send it unless your mail server rejects executables.

    Yes , it does.
     
  23. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's better to submit suspicious files by email in an archive protected with the password "infected". About 99% of files submitted by users via ThreatSense is nothing but garbage.
     
  24. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Thank you for that information, Marcos. You just clarified the one thing everyone's wondering. :)
     
  25. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You wouldn't believe what people submit. Just to name some of them - images, photos, mp3, txt, cda, pf files, etc. :)
     
Thread Status:
Not open for further replies.