Want to buy a license but last question need to know

Discussion in 'NOD32 version 2 Forum' started by fzxbeetle, Jun 12, 2005.

Thread Status:
Not open for further replies.
  1. fzxbeetle

    fzxbeetle Registered Member

    Joined:
    May 14, 2005
    Posts:
    42
    I like nod32 very much since I install the new version. But I still concern the unpack ability of Nod32 as many virus pack by UPX etc Can I as a potential user know what exactly the unpack ability of Nod32.
    Can you give me a list of packer which nod32 support?
    Thank you.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,411
    Quoted from Eset's website:
    Virus detection in compressed or protected executable files, such as UPX, AsPack, FSG, Petite, Neolite, ExeStealth, yoda's Crypter, PECompact, Pklite, Lzexe, Diet, Exepack, CPAV .
    Support of many archive formats, e.g. ZIP, RAR, ARJ, LZH, LHA, CAB, CHM, TAR, GZIP + SFX archives.
     
  3. fzxbeetle

    fzxbeetle Registered Member

    Joined:
    May 14, 2005
    Posts:
    42
    How about PeX or JDpack etc o_O
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,411
    I forgot to mention that Advanced heuristics supports a generic (universal) unpacker.
     
  5. fzxbeetle

    fzxbeetle Registered Member

    Joined:
    May 14, 2005
    Posts:
    42
    You mean that all packer is ok for AH?
    That is very good.
    I guess Nod use some technology run the file like in VPC and see the virus's behaviours So it doesn't matter what packer it used. ;)
     
  6. fzxbeetle

    fzxbeetle Registered Member

    Joined:
    May 14, 2005
    Posts:
    42
    If one virus has already in Nod's database. But someone pack it by other packer which nod32 can not unpack. What happen then? Can it be caught by AH? not sure o_O
     
  7. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    Sometimes yes, sometimes no, it depends on circumstances
     
  8. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    Amon can detect it while u try to unpack it (if the virus signature is in the database)
     
  9. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,661
    Location:
    Throughout the USA and Canada
    Stephanos raises a good point - a packed virus must either be unpacked to deploy it's payload, or some other portion of the virus must be able to read the packed code - either way, at the point it's unpacked, either signatures, or AH should detect it using AMON - the filesytem monitor, which scans all accessed files.

    hth

    Greg
     
  10. fzxbeetle

    fzxbeetle Registered Member

    Joined:
    May 14, 2005
    Posts:
    42
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,411
    AMON should detect it via AH upon creation / rename.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.