Virus received via Windows Live Messenger, but EAV doesn't detect as a virus!!!

Discussion in 'ESET NOD32 Antivirus' started by EvilDave UK, Dec 22, 2007.

Thread Status:
Not open for further replies.
  1. EvilDave UK

    EvilDave UK Registered Member

    Joined:
    Dec 20, 2005
    Posts:
    275
    Location:
    United Kingdom
    If I had been a non-technical person, thanks to ESET I would be infected with some dodgy virus by now.

    Just received a file via Windows Live Messenger from a friend. The file is around 100KB and is compressed. Inside is a "MS-DOS Application" file (according to Windows), around 120KB.

    Doing a scan via EAV and ESET Online Scanner brings back nothing.

    Submitting the file to VirusTotal brings back: ~Removed per Policy.~

    How could Kaspersky and that lot beat ESET to it? Does EAV actually have Advanced Heuristics??

    This isn't good at all...

    Thankfully I've not opened the file and there are no additional ports in use on my firewall, nor any dodgy processes open in Windows. However for some poor non-technical user who runs EAV and receives this file, they're screwed. Anyone else agree?

    Just to add, Kaspersky received word of this virus yesterday and released a definition within 2 hours (http://www.kaspersky.com/viruswatchlite?search_virus=Trojan.Win32.Agent.dnb&x=0&y=0&hour_offset=5). Why didn't ESET do the same??
     
    Last edited by a moderator: Dec 22, 2007
  2. ASpace

    ASpace Guest

    right click the files -> Advanced options -> Submit for analysis . With default settings after the next updates , the program will submit the file for analysis to ESET Labs

    Strange post from a technical person, I am pretty sure you have seen this:
    https://www.wilderssecurity.com/showpost.php?p=860087
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Simply KAV detected the trojan itself, not Virut that infected the trojan. We'll see if we can get the sample and detect it.
     
  4. EvilDave UK

    EvilDave UK Registered Member

    Joined:
    Dec 20, 2005
    Posts:
    275
    Location:
    United Kingdom
    The point I'm trying to make is EAV missed an "in the wild" virus. Can any steps be taken to ensure this doesn't happen again?
     
  5. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    In a word, no.

    This happens numerous times on a daily basis. It happened yesterday, and will happen again tomorrow, the day after tomorrow, and the day after that. And there's nothing Eset, or any other anti-malware vendor, can do about it.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Right. Nowadays many malware authors tune up their code until it's undetected by antivirus programs.
     
  7. EvilDave UK

    EvilDave UK Registered Member

    Joined:
    Dec 20, 2005
    Posts:
    275
    Location:
    United Kingdom
    Well that sucks. :(
     
  8. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    There's a set up like Virus Total on a site in Russia that uses 15 of the most popular anti viruses to scan files, (most likely without these companies permission) however in this case they do not submit the files to the anti virus companies. It appears to be a way for malware writers to test their 'wares' against the anti viruses until they get one that isn't detected by any of them. Costs a dollar a file.
     
Thread Status:
Not open for further replies.