Want to buy a license but last question need to know

Discussion in 'NOD32 version 2 Forum' started by fzxbeetle, Jun 12, 2005.

Thread Status:
Not open for further replies.
  1. fzxbeetle

    fzxbeetle Registered Member

    Joined:
    May 14, 2005
    Posts:
    42
    I like nod32 very much since I install the new version. But I still concern the unpack ability of Nod32 as many virus pack by UPX etc Can I as a potential user know what exactly the unpack ability of Nod32.
    Can you give me a list of packer which nod32 support?
    Thank you.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Quoted from Eset's website:
    Virus detection in compressed or protected executable files, such as UPX, AsPack, FSG, Petite, Neolite, ExeStealth, yoda's Crypter, PECompact, Pklite, Lzexe, Diet, Exepack, CPAV .
    Support of many archive formats, e.g. ZIP, RAR, ARJ, LZH, LHA, CAB, CHM, TAR, GZIP + SFX archives.
     
  3. fzxbeetle

    fzxbeetle Registered Member

    Joined:
    May 14, 2005
    Posts:
    42
    How about PeX or JDpack etc o_O
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I forgot to mention that Advanced heuristics supports a generic (universal) unpacker.
     
  5. fzxbeetle

    fzxbeetle Registered Member

    Joined:
    May 14, 2005
    Posts:
    42
    You mean that all packer is ok for AH?
    That is very good.
    I guess Nod use some technology run the file like in VPC and see the virus's behaviours So it doesn't matter what packer it used. ;)
     
  6. fzxbeetle

    fzxbeetle Registered Member

    Joined:
    May 14, 2005
    Posts:
    42
    If one virus has already in Nod's database. But someone pack it by other packer which nod32 can not unpack. What happen then? Can it be caught by AH? not sure o_O
     
  7. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    Sometimes yes, sometimes no, it depends on circumstances
     
  8. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    Amon can detect it while u try to unpack it (if the virus signature is in the database)
     
  9. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    Stephanos raises a good point - a packed virus must either be unpacked to deploy it's payload, or some other portion of the virus must be able to read the packed code - either way, at the point it's unpacked, either signatures, or AH should detect it using AMON - the filesytem monitor, which scans all accessed files.

    hth

    Greg
     
  10. fzxbeetle

    fzxbeetle Registered Member

    Joined:
    May 14, 2005
    Posts:
    42
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    AMON should detect it via AH upon creation / rename.
     
Thread Status:
Not open for further replies.