warning not detected by NOD32 !!!

Well it's not entirely a ridculous suggestion for users who think that security software is going to always save them from their own unsafe practices. P2P and downloading stuff (especially warez) from unknown sources is definitely a known high risk activity that the user chooses to engage in. That's a deliberate choice and the user takes the risks inherent in such practices. When a user downloads warez and gets bitten, what was the primary cause?

The user cannot simply abrogate his role and reponsibility for his online security and think that software is the magic bullet that will protect him against his own practices. The operator can either assist in the defense of his pc's security or assist in its defeat by his own practices. New threats are always coming out and AV's/AT's still are largely reactive by their nature.

Hanging out in places that are known to be a spawning ground for new malware, the user should either be prepared by learning the ways to maximize security and minimize the risks or just (and here's apparently a real novel idea) pay for the software he wants to use or do without.

Here's a couple articles from the BOClean folks and I'm not pimping for them or any other product but I cite the articles as an illustration. (And if I were to do P2P and download warez and cracks, I'd take far more precautions than simply using an AV and AT. And yes, I'd pay for that security software too.)
http://www.nsclean.com/nws-mar3.html
http://www.nsclean.com/nws-p2p.html

 

Very well spoken Sig.
And excellent articles btw.

 

installed kaspersky and plugged my old main hd back on as a slave drive and is disinficting it right now (damn kasperspy is hard on the cpu )

it has infected most my exe files on my old main drive
disinfedt more than 1500 files sofar

damn its a busy bugger
checked on the emule p2p network
its very well spread by now
eventhough i saw many had issued warning texts

one user even wrote:
this keygen isnt working and must be a fake

i guess he wrote that just before it crashed his system!

 

Sig - True - I understood the message you were trying to convey. But as seen last week with the latest virus/worm that was wreaking havoc around the world, all you had to do was have your PC connected to the internet and running Win 2K/XP to be a target. A more appropriate suggestion might have been to avoid P2P, or load up your shopping cart with a few of the excellent apps available at DCS, and then hold on tight!

 

Heh, somone got infected with NOD32 running and no one can make an exuse.

"BUT NOD32 IS AN AV AND NOT AT"

 

Actually I think my AT might have this in its defs before today's latest update, although it doesn't have the name used by KAV, McAfee and NAV so I'm not absolutely positive. But then it doesn't cover just "pure" trojans, which I think is a good thing considering all the crap that's out there.

People should choose the apps (and procedures) that are best suited to their computing practices and if they hang out in rough neighborhoods load up for bear. And even then it might not always be enough if they consistently hang out on the leading edge of the malware curve and they run such "interesting" downloads on their main pc before they know it really is safe.

 

Dazed and Confused
Sorry but the people who use P2P and warez sites to try and get free software(which most of us are willing to pay for)cannot complain too much if they get their PC's infected by something their AV,AT doesn't detect,everybody does or should know the risks involved with these sites,it is possible that he was using a cracked copy of Windows on his system,protected by a cracked copy of NOD downloading(in his words) a key generator(used to crack something else!!??).If you feel this is an acceptable practice,and I'm pretty sure the software vendors include a price hike to cover thir losses due to this practice( so we actually pay over the odds to cover their "free" software) then you and I will have to disagree on this issue!
Steve

 

thank you Sig, couldn't agree with you more. p2p is still ok if you are careful but warez, cracks, keygens are a complete no no. if we look back we'll see that the biggest threats could be tackled just by some safe computing practice. careful p2p-ing, cautious opening of emails, no warez...etc. well patching of the OS is also important to combat against sassers or blasters.

 

Steve1955 -

Good to hear from you again. I don't think we disagree. I guess my ignorance is showing a bit - I'm not that familar with those apps and was unaware that is all they are used for. And I certaintly don't condone illegal file sharing. However, I also don't like to discourage people from enjoying the net. I would rather educate people on the dangers that lurk around every corner, and suggest some excellent apps that will facilitate their travels. But as you say, if you can't take the heat, get out of the kitchen! Personally, I enjoy warm weather!

 

I think if you are going to play on the "dark side" you shouldn't do it with your main system. You should use a mule, or at least have two partitions, one
with XP on Fat32 and your main system on NTFS which would be hidden
from the FAT32 partition. Then you should backup your boot sector and be prepared in ADVANCE to remove such problems from your drive so you
don't get into this position again. You should have on hand rescue tools such as Barts PE, the cheapest solution, Winternals Admin if you have money
and a host of antiviral and malware tools that are available.

The are a couple of nice A/V plug in's for Barts PE which include updates if you have a network connection. NOD32 is included in these along with McAfee and a couple of others I don't use. http://www.nu2.nu/pebuilder/

 

beofre this turns completely away from the original thread and into an

"oh all ur aps are warez bet even ur windows is warez" bashing tread instead

let me point out this
no my windows inst hacked, cracked or anything else

eventhough i visit p2p and sometimes download something there doesnt mean that all or most my software are illegal
this is just hypocrathy showing its face

yes i have a few aps i didnt pay for but its very few compared to all those i did pay for

and no
my nod32 is cracked or anything else

my AV like most the software i already have legally i shop around and try out carefully
before i use my hardearned cash for it

its a lega trial version
cause i try out all the competitors to find the best and THEN spend my money

i think most ppl cant say they newer downloaded anything without paying for it ?
and atleast i admitted it without this "ur just a dirt warez rat all the way guess even ur windows and ur NOD is cracked"

and if all ppl 100% newer downloaded from p2p or had any warez at all in their entire life and they newer opened email attatchments and always installed windows upgrades right away

then noone would ever need and AV at all

too bad reality isnt so
and i dont think im even better or worse than the average internet user

i think most ppl have sometimes downloaded something in their life they might have forgotten about copyright on

let me give an example cause its obvious its more on hypocratice now than about the actual problem that nod dint detect a virus most other companys had a cure for days ago

if ur a big quentin tarrantino fan like me
would u wait a long time and an cut and censured version of Kill Bill 1 in a shop
if u knew u could download the original uncut version of it in perfect dvd quality of p2p

i think many would wait and an buy the censored version from a shop
but surely not all

and if the average person visits p2p a few times or other similar places
they AV's shoundt just be covering the ordinary viruses that everyone gets in their mailboxes everyday

im atleast honest and tells what file that was infected and has submittet the file to NOD labs so it can be examined

but ofcourse the easiest would have been not telling about it in here or other places

and just scan with kaspersky and forget all this
well i liked NOD32 alot before this happened and had made up my mind that it was thei AV i was gobba buy

now im in the same doubt that i was a year ago

cause kaspersky can remove it nod32 cant

but i dont really like they kaspersky program

it misses out many times and i had to scan many times to completely remove it
and scans take forever and is very hard on cpu

so which AV is best ??

i still have no clue yet ?

 

It wasn't my intention to preach about what you do. Heh, everyone has loaded a program that is suspcious. My goal was to put prevention in place before it happens to ruin your install not to judge what you do or where you do it.

 

if i was a big quentin tarantino fan, i would show my support for him by purchasing the dvd. it doesn't matter if you buy some of your software, you are still stealing some as well.

you can make all the lame excuses you want, piracy is piracy.

and nod32 is the best av. not perfect, there is no perfect av, but nod32 is the best.

 

sorry my outbreak wasnt aimed at u at all


i was just honest and said where the file was downloaded and the name of it cause i thought it might help others instae this turns into hypocratic discission on p2p and warez

and its ridiculou cause i know many ppl who have gotten viruses like that of legal shareware sites
maybe the frequency is higher on p2p or warez sites
but also viruses comes from legal sites

this virus could be on legal sites right now
if they scanned a file containing this virus with NOD32 or another one that doesnt know about it

many would already have this bugger
and i just got informet that a new version og the same virus has already been released and also symantic mad a cure for it already
http://www.sarc.com/avcenter/venc/data/w32.axon.b.html
and this is for the original a version i got
http://www.sarc.com/avcenter/venc/data/w32.axon.html

but its atleast nice to see that the new variant of it doesnt do as much damage and is easyer to remove than the a version i have on my system and is removing the last remains of as we speak

 

did you manage to sort your pc out?

 

almost

kaspersky is very annoying

first scan it detected 1500 infected files
95% of those was infected with that xenon virus

but a few old ones also in older files packed in zip that both Avast and Nod32 had missed in the past

then i did on more scan be be sure still 400 left ? and they were not system files or in use by windows

i think ive skanned about 5-6 times now and told kaspersky to delete all infected files each times but still a few is left on next scan ?

but i think i got to the buttom of it now

only a few one left ill delete by hand now

cause each scan with kaspersky takes forever compared to Nod32
between 2-3 hours on my 80gb and my 6gb spare hd EACHTIME

 

Hi Again,

"the Crow" would you still have a copy of those viruses?

If so, would you mind sending me a copy of them? I'd like to see why you are having such a bad time cleaning them. I've had some severly messed up drives with over 5000 instances of some bad viruses and it did not take nearly that long to clean. I've got a machine here I can infect and would like to see how the boot disks I have would clean them. If so, give me an address where I can contact you and I'll email or PM you.

Take Care

 

those other viruses has been automatically deleted by kaspersky

but i still have an encrypted copy of the win32.axon (symantec) or win32.hlpp.xenon (kaspersky)

but its already been submitted by mail to the Nod32 lab
im not sure i would sent it to anyone else
if they misused it consequences is very bad and theres still some AV's out there who doesnt pick it up yet
and theres even an b version of the virus out now
but looking at symantec site it doesnt seem to do as much damage is the a version i have

its not a toy
i wasted 2 days reinstalling windows and trying to find a cure and getting rid of it

btw
my guess on why it kept commin back is this:
my 80gb is partitioned in 5 discs
so eventhough i shutpower off for 5 min, booted from xp cd, formattet and reinstalled
when i then booted up on a frash installed windows somewhere during boot sequence it might have triggered some of the infected exe files that was on the other partitions of the drive ?

and once infected it infects all ur exe files until windows becomes so unstable u need a reboot
and when u reboot u get message in dos saying:
ntoskrnl.exe is damged er non existing pls install a new copy... or something like that

but putting a copy of that exe back wont help casue now ur whole system is screwed

 

I've had a similar thing happen to me. Downloaded something from emule. Scanned it with NOD32, and it didn't find something. After running it, every exe file on my system had been modified, while all my mp3 files were deleted, and within a couple of minutes, I was getting Windows File Protection warnings saying that critical files had been replaced blah blah blah. After doing a reboot I couldn't even boot to safe mode.

I ended up installing a new copy of Windows over the top of the partition. I then uploaded one of the modified files to Kaspersky's online scanner, which reported the following:

Win32.HLLP.Riaz

 

Kav is slower at scanning cos it scans inside archives etc in your case it is probably better to be slower with kav than quicker with nod(especially if nod can't detect this bug!)it can be a pain on "slower" machines though!
We use both products depending what the machine is going to be used for and the age/power of machine I knew Nod didn't scan as deep but didn't think there was such a diff in detection/cure we've (luckily??)never had any probs with either,glad your nearly sorted though
PS check the ones you keep finding are not being reinstalled via the registry on each reboot look in:-
hkey_local_machine\software\microsoft\windows\current version\run(run once) see if there is any entry relating to files you keep finding
Steve

 

spaceboy u had the same virus that infected me but the new vers b i think

i read on symantec site that both versions a and b deleted both mp3 and avi files
dunno about my mp3 files cause im not sure i had many
my my 40gb of avi movies it luckyly ddint touch
they are still there

btw spaceboy
plz send a copy of the virus to NOD if u still have it
and plz post the name og the infected file from emule

i know i few EDK forums were i could issue warnings to other
or make a text file same name is the infected file just as ...IS A VIRUS.txt
it couls stop many other from getting the same virus

 

Yes; any time someone is running NOD32 and gets infected:

* They should realize that NOD32 is not an AT utility (even though Eset bills it as such).

* Hey, it's not a prevalent threat, so why should they have an update for that malware already? It will be covered tomorrow. (So what if you're infected today?)

* You shouldn't be using P2P/newsgroups/warez/the web/the Internet/ICQ/Google/facial tissues/latex paint/electricity/a computer in the first place--it's dangerous!

 

I'm not going to tell you not to use P2P. It's your choice. But if you do, you are better off with KAV IMO. I use it, and would feel worse without it. I'm thinking of buying NOD32 as a backup AV because the heuristics add sometning.

 

I recently had a simular experience. You need to wipe your system with a program known as Killdisk. You can download it free at this link. www.killdisk.com. It is a free program. It will take between 6 to 8 hrs to clean an 80 gig hard drive but it will be restored to its vergin condition when complete.
You need to format a floppy as a systems disk and open the killdisk zip and put those files on that floppy. Boot up with the disk to the A prompt and type in (killdisk) and hit enter. Follow the on screen prompt. I would select the option to do 3 passes.
Good Luck,
Blenda