Virut not detected??

Discussion in 'ESET NOD32 Antivirus' started by techstuff555, Nov 16, 2010.

Thread Status:
Not open for further replies.
  1. techstuff555

    techstuff555 Registered Member

    Joined:
    Nov 16, 2010
    Posts:
    3
    Hi all - I am an avid ESET fan but recently I have had a number of my machines become infected with a virus which NOD does not detect. By all accounts this is not a new virus either. Searching the forums, other people it seems were having problems with this virus and NOD as far back as 2007/2009 ?!?

    Free AVG detects it easily as Virut.AC

    I have submitted a couple of the infected files to VirusTotal for analysis and almost all the other antivirus vendors detect the virus but not NOD. I would hate to think NOD is not up to the task but having a number of machines getting infected (all running the latest version/definitions for NOD) and having to install free AVG to detect these viruses really hurts!

    I am open to suggestions and I would love to tihink I have done something wrong but VirusTotal's confirmation removes all possible local settings/definitions issues on my side i would think.
    The fact that other people are not complaining about this does lead me to think I am at fault but....

    EDIT - Oops, I just read the sticky about not posting VirusTotal reports so I have removed them from this thread. I will be happy to post them again if requested.
     
    Last edited: Nov 16, 2010
  2. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    the infected files are dormant or active such as running? do you run frequent (in-depth) scans of the infected file location? what are the NOD scan settings for those scans? what is your OS and NOD setup/version?
     
  3. techstuff555

    techstuff555 Registered Member

    Joined:
    Nov 16, 2010
    Posts:
    3
    There are numerous infected files. The OS is now infected but there are numerous infected files throughout the data drive too. It seems it infects and creates .exe files that apprear to be folders or normal data files.

    If I do a full scan NOD does not detect any viruses. If I insert a memory stick the memory stick will become infected very quickly. If I scan the stick with NOD it will find no viruses. If I insert the stick into another test machine running free AVG it will find numerous viruses as Virut.AC

    I have reverted all NOD settings to default settings and re-run the scan and it does not detect the virus?!

    The OS is Windows XP SP3 (yeah I know, I know! lol)
    NOD version is 4.0.437 with 5622

    Just for extra clarification, on one of my machines atleast NOD does detect the machine as infected by Win32/Virut.BA using its realtime scanner but this is only after the machine is infected and far too late. Also if I specifically ask it to scan a folder or file or memory stick which I know to be infected it does not detect the virus at all. The same file or folder or memory stick will be detected as infected by AVG and others.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    We have verified that it's only Brontok (infected with Virut) that is not detected (has been added already). Any files it infects are detected and can be cleaned properly. Please submit any suspicious undetected files for further analysis per these instructions.
     
  5. techstuff555

    techstuff555 Registered Member

    Joined:
    Nov 16, 2010
    Posts:
    3
    Hi Marcos - thanks but can you clarify a bit please. From what signature version will NOD detect the virus and will NOD be able to clean a machine already infected or only prevent a machine from becoming infected?

    Glad to hear ESET are getting on top of things, just wish it was before I had to re-install 5 machines :)
     
  6. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    the OP has Virus signature database: 5622 and the machines got infected - when was that added, in 5623? can't seem to find it there
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    From version 5625. The undetected file is actually the Brontok trojan infected with Virut that is otherwise blocked by web protection, however. Any files that are subsequently infected should be cleaned immediately (the cleaning routine was added a quite long time ago). As soon as the infected Brontok is removed, the infection should cease recurring.
    This shouldn't be necessary. Simply remove the source of infection (as detection for the infected trojan will be added later today) and run a full scan with the on-demand scanner. It should find and clean all infected files. If there are any that are not detected and you suspect them to be infected, please submit them to ESET for further examination per the instructions above.
     
Thread Status:
Not open for further replies.