Vundo Trojans - NOD32 No Can Do ?

Discussion in 'other anti-malware software' started by Ocky, Mar 22, 2007.

Thread Status:
Not open for further replies.
  1. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
  2. ASpace

    ASpace Guest

    Ocky , this post itself states NOTHING . The OP can lie just to make advertisement to SAS . Moreover , ESET cannot detect the Zlobs if they don't know them and he does nothing to help NOD32 detect it .
     
  3. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    That post you read doesn't say much, looks more like an add or testimonial..
     
  4. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    And even Nick with SAS would say, that a trojan that SAS detected that Eset didnt, well, just doesnt sound right. SAS is a great product, but I am pretty sure Nod would have first crack at it for detection. Of course, anyone can post what they want to sway a persons perspective. And as a beta tester for SAS, I found this post, well, lets say, hard to chew.
     
  5. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    Or it might just be a malware which NOD doesnt detect and SAS did, so the user was innocently complimenting the product?... we all know AVs arent 100% effective and there is a possibility that SAS detects some malware which NOD misses... not a big deal though.

    As for the legitimaticy of the post, nobody here knows for sure, but it doesn't really matter... its only one user's experience and thoughts... thousands of other users out there as well, so it doesn't really matter.
     
  6. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    The bottom line with ANY and ALL anti-spyware, anti-virus, anti-trojan, etc. applications is that NO PRODUCT (including ours) can catch EVERYTHING on a given day, it just simply is not possible. It is likely in the post that the user referred to that NOD simply didn't have their hands on the samples or didn't produce definitions (at the time) to catch that particular variant of the infection - it happens all the time. There are days we catch things others miss, and days others catch things we miss - it's just the reality of the anti-spyware/trojan/malware/virus, etc. game.

    Hence why multiple layers of protection are a must in the world today.
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Virtumonde authors actually focus on the biggest AV players which is evident when you look at the history of samples people submit to online scanners.
     
  8. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    I have come across the "Vundo" virus in my travels as well, on my girlfriends sisters PC. It can be pretty nasty. She was using McAfee and it was able to detect it, but would not get rid of it. It kept saying it was cleaned, but in reality it wasn't. I'm pretty sure that most AV programs have no answer for many of the Vundo variants, or at least didn't at that time (not sure now). I had to manually delete it which involved shutting down some processes that you don't normally want to shut down, then manually deleting the file, then turning the PC off by the button (as restarting will re-active it).

    Vundos are often acquired through torrent files from what I've read. Often disguised as cracks for AV or other security programs. I guess the thinking is that the people looking for such files aren't protected, and would be most susceptible.
     
  9. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK

    I have to disagree with your opinion because if you had tested SAS versus Vundo infections as i have on a regular basis you will know that SAS has a very high sucess rate versus Vundo& freinds:D

    Also it is not unlikely that SAS detects stuff that NOD miss's at any given time it is a certainty and vice versa the other way.I did'nt have to look far for another example of this as less that 2 hours ago c/o a certain activeX malware install at a keygen site(.name) SAS cleaned up the infection 100% including this bot that made it up onto MIRT malware listserve as it is not widely detected by the databases there:thumb:
    http://www.castlecops.com/t183438-MD5_703e022a181468a14d36cbe9d8174912_winhoo32_dll.html
     
  10. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    yeah i am not sure where all of the cynicism comes from. SAS is widely proclaimed throughout this forum as a great product, but the moment some user testifies to that, all of a sudden 'the fix is on' :blink:

    if anyone bothers to take a look at castlecops listserve, they may be shocked at how much stuff Nod does miss (btw i am a Nod32 user...so no axes to grind). i read and i believe it was on this boards Eset forum that Eset can be both selective in what they build signatures for and sometimes slow in deliverables. personally i have no complaint, but Nod does miss stuff....they all do from time to time....not a big deal. glad SAS cleaned up whatever that guy had...another good product does it's job.


    Mike
     
  11. EASTER.2010

    EASTER.2010 Guest

    This statement (Courtesy Nick (SAS) is worth repeating again especially in light of the few cynicals (Hello DA) and critics who post their complaint to good solid setups and seem to view it as ridiculous and too heavy to apply such a Layered approach to Windows PC systems for the added benefits it DOES offer.
     
  12. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I think it is a case of layering being worthwhile. If one looks at AVC tests NOD shows 96.71% overall. That leaves about 3% it did not catch. So what? It is one of the very best, but still not 100%. If it would have reached 100% there could still be a new variant of something it would not detect.

    I have no reason to doubt the original poster, and just because he claims NOD missed one that SAS found seems little grounds for the criticism.

    I must admit that there seems to be some sort of emotional love/hate regarding NOD and/or KAV that I do not observe among other AVs. There is also often an emotional reply. I can't relate to that, as it is just software to me, and it doesn't have any emotional hold over me.
    Maybe the poster was one who did not like NOD, but his experience is not outside the realm of probability.

    I would not trust any AV to protect me 100% all the time, and so I use other applications. SAS happens to be one, and I like it.

    Regards,
    Jerery
     
  13. EASTER.2010

    EASTER.2010 Guest

    Good point and one well heeded here by many.

    Some like myself learned this from actual experience like once when a trojan dropper penetrated past AVG7 (fully updated at the time) straight into the c:\ folder where many of them like to get a head start to announce their invitation to their buddies that "i'm in now, hurry on in fellows". Only Kerio 2.15, the lowly old-fashioned firewall who is been out-versioned several times in it's short life-span ALERTED IMMEDIATELY! to and "outgoing attempt" from that bad boy.

    Most of us only need to be showed once not to trust in a single protection factor, hence came the piling on technique many of us still employ today and will never relenquish again. Suite or no suite.
     
  14. KDNeese

    KDNeese Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    236
    I just got through cleaning a computer that had everything under the sun on it, including the Vundo crapware. NOD32 did not detect the Vundo virus at all. Neither did Kaspersky (even though it detected 3 times the stuff that NOD did). The only way I knew the stuff was there was because of my Winpatrol program. Even then I had to Google the files and discovered they were Vundo. In the end, it took a combination of Vundofix, Superantiapyware and Unlocker to get rid of the little nasties. Real life scenarious such as this show just how important it is to have layered protection. Common sense helps too, as the owner was running an always-on high-speed connected with no router nor software firewall.
     
  15. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Unfortunately these Total detection percents in Av-Comparatives tests doesn't give the real comprehension of any av's current detection capabilities. Even the Av-Comparatives 02-2007 (plus 08-2006) test reports showed that only ONE single engined av was capable to miss LESS than 5 % of samples added AFTER the 08-2006 test and even NOD was far from that. Actually the most single engined av:s tested missed MORE than 10 % of samples added AFTER the 08-2006 test. In my mind these newly added samples were the biggest tested threats when the test was done. Somehow these kind of results are not acceptable in av-vendor's forums. :rolleyes:



    Best regards,
    Firefighter!
     
    Last edited: Mar 23, 2007
  16. Luxeon

    Luxeon Registered Member

    Joined:
    Mar 20, 2007
    Posts:
    127
    This post makes me nervous, because I just changed to NOD, which I like so far.

    I know nothing can detect it all, but if Kaspersky is finding 3x the number if infections...
     
  17. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    I don't believe that KAV is finding 3x the number of infections than NOD32 but probably NOD32 is MISSING about 50 % more infections than KAV in real life according my former post study, which isn't a poor result yet comparing to many other av:s. :doubt:

    Best regards,
    Firefighter!
     
    Last edited: Mar 23, 2007
  18. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Don't worry, NOD32 is a top-notch AV program with a very high detection ratio. Still, you should bear in mind that no AV detects all threats in the world, this is impossible. If you have a problem with a particular threat, contact Eset's support and we'll be happy to assist you.
     
  19. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    This home-made test is not trustworthy, it's not a problem for me to prove the contrary depending on the test set you choose. We're not here to quarrel and try to persuade the others who's right, I'd rather suggest to have a look at some prestigious tests performed by A. Clementi or Virus Bulletin. Though any test does not show how a particular AV protects you in real life, a well-made test can provide an approximate overview of AV detection capabilities.
     
  20. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Unfortunately this wasn't MY home made test but if you read those Av-Comparatives REPORTS 08-2006 and 02-2007, you can find these same results as I found before in this thread. :rolleyes:

    You can correct my rankings for sure if they are wrong, but here they are against samples added AFTER the 08-2006 test.

    _1. AVIRA
    _2. Kaspersky
    _3. AVG A-M
    _4. Norton
    _5. NOD32
    _6. BDF Pro+ 10
    _7. Norman VC
    _8. Avast 4.7 Pro
    _9. F-Prot 6
    10. DrWeb 4.33
    11. McAfee VS 5100 eng.

    So, none of them got Advanced+ but AVIRA, Kaspersky and AVG A-M vere so good to get Advanced reward.
    In my mind to clean an infected PC against OLDER than 6 months old of samples is only a theory. You have to be in troubles before this. :p

    Still, I will rank the best av:s as follow excluding clones.

    1. Kaspersky
    2. AVIRA
    3. BitDefender
    3. NOD32 (even as a famous NOD basher) :D

    Why not Norton? Maybe the Symantec uninstall policy can say the rest.

    Best regards,
    Firefighter!
     
    Last edited: Mar 24, 2007
  21. KDNeese

    KDNeese Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    236
    However you want to state it, in this particular instance of which I am speaking, I was very shocked at the difference. I have been a NOD32 fan for some time, and I have to admit my bubble was burst. I was going up against some really tough malware, and NOD couldn't clean what it detected. I really don't care what the AV comparatives and other tests say. Tests in a controlled environment are one thing - real life is another. Test results don't clean an infected computer. I'm not trying to bash NOD, as it has served me well, and has saved my butt on more than one occasion. But the fact remains it wasn't up to task in this case.

    Luxeon,

    Don't be nervous. NOD is an outstanding AV. I am not trying to get people to switch from NOD to another AV. The thing to keep in mind is that my scenario with the astoundingly-infected computer is an instance of a user totally unfamiliar with security measures and having a wide open computer with no protection whatsoever. If you use some discretion in your surfing habits, most AV's will protect you well, and NOD is an outstanding AV. I simply believe that, at this point, Kaspersky is more effective. That doesn't mean others should switch - that was simply my personal choice in the matter.
     
Loading...
Thread Status:
Not open for further replies.