WARNING!!!

Discussion in 'NOD32 version 2 Forum' started by Proud User, Jun 19, 2003.

Thread Status:
Not open for further replies.
  1. Proud User

    Proud User Guest

    Hello!. I've been using NOD32 for years without any problem, but today I noticed something weird that migth be translated as DANGER.

    I like testing virus on NOD32!, it's something I enjoy heaps and no virus was able to pass thru. (I'm not a hacker or someone related to programming, just a curious amateur).

    There's a trojan virus called Optix Pro 1.3 which NOD32 v2 Beta5 was able to detect from the update v1.416 (20030523) but now it won't!. I was making a virus scan on my comp, when the scan was done, I expected to find the Optix Pro 1.3 files there as usual but nothing showed up.

    I quickly got to that folder (Optix Pro 1.3's) and manually scanned the stuff, one by one and....nothing again. Finally I scanned the file where Optix Pro 1.3 was compressed into, a zip file, the original file downloaded from the site of it's developers and....same thing, no virus was found, even when it used to detect the client as well as the server of course.

    But I didn't stop there and called a friend of mine who's actually the person who told me about NOD32 to ask him to try the same thing and.....once again, it couldn't detect the virus.

    I'm using NOD32 v2 (no beta, the current NOD32 v2)with the lastest virus database update, my friend does too. I'm running Windows ME, if that matters whatsoever and as I said a few lines above, this antivirus USED TO detect it.

    Any help?, is there something wrong with the database?, I'd never open an executable file hittin' my inbox, but there's a dumb handfull out there that certainly will!.
     
  2. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    What are your settings and how did you configure NOD32? You can email me or IM me. I'll try and help and if I can't I let someone know who might be of some help?
     
  3. Proud User

    Proud User Registered Member

    Joined:
    Jun 19, 2003
    Posts:
    32
    I have set it to the maximum possible security. Deep Heuristic sensitivity, virus signatures and heuristics both checked for Diagnostic Methods and all the boxes checked as well for Objects To Diagnose.

    Send Detailed Information On Each Detected Infiltration is also enabled.

    Man, try it yourself, get here<link removed by mod> and download Optix Pro 1.3. This is not a problem of setup, but I do appreciate your help anyways. Warning stills up.


    [Edited by Moderator due to Forum Policies]
     
  4. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi Proud User,

    I really suggest that no one actually try to launch that software on any system that they rely on. NOD is an absolutely great AV product but Optix Pro is a Trojan and really needs a good Anti Trojan to deal with it (especially once it goes stealth as it appears to have done). I recommend you download TDS3 from

    http://tds.diamondcs.com.au/html/download.htm

    do a manual signature (radius) update and scan with that.

    HTH,

    Dan
     
  5. Proud User

    Proud User Registered Member

    Joined:
    Jun 19, 2003
    Posts:
    32
    Sorry Dan, but that wan't my point. NOD32 v2 DID detect Optix Pro 1.3 a while back and for logical reasons, it should now with the current virus database update. And, if NOD32 now fails to detect this old trojan, how can I have the guarantee the same won't happen with other viruses that NOD32 was already cabale to detect?.

    I posted the link, you have it and you know I'm for real. I love this antivirus. If NOD32 wasn't able to detect Optix Pro 1.3 before, no big deal, but it did, now it doesn't. That's something serious to think about.

    But sadly, I'm using the free trial version which clearly says: "Eset, LLC cannot be hold liable for any damages resulting from the usage or installation of the trial version of NOD32" so if some virus destroys my machine, is not ESET'S business and I shouldn't have the right of complaining about something I was warned of, nevertheless, just imagine the commercial version owns this flaw, isn't it threatening enough to accept it and start trying to fix it instead of suggesting other software?.

    Best regards and warning stills up.
     
  6. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Well, there are a couple of points to be made.

    I do not not work for and am not associated with Eset, I am merely trying to help someone that has asked for help.

    I feel quite sure that once the Eset people come into the thread they will be most willing and able to assist you in the resolution of any issue with regards to definitions.

    My recommendation of an AT solution for dealing with trojans (particularly if you are going out of your way to get them) has nothing to do with Eset's assessment or positioning of their product but merely my own personal opinion.

    Hopefully that makes things clearer.

    Regards,

    Dan
     
  7. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Proud User,

    Would you mind posting some screen shots from your scan(s)? Thanks in advance,

    paul
     
  8. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Proud User,

    I downloaded Optix Pro 1.31 (released in May) and NOD found both client and server components. Def ver 1.442

    HTH,

    Dan
     

    Attached Files:

  9. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Its sure does Dan ;) - for that reason I was anxious to see a screen shot from Proud User as well (and still am, as a matter of fact).

    regards.

    paul
     
  10. Proud User

    Proud User Registered Member

    Joined:
    Jun 19, 2003
    Posts:
    32
    Well, sorry for being a bitch :) but I still believe I'm right.

    First for all, the screenshot shows that the NOD322 you're running is a NT based one, mine is 9X, Windows Millenium, even though it shouldn't make any difference since virus databases are the same.

    But here comes the most important: I said it didn't detect Optix Pro 1.3, I never wrote a thing about Optix Pro 1.31. My NOD32 v2 DOES detect version 1.31, but it won't work that fine for version 1.3.

    Do the next, download Optix Pro 1.3, not 1.31, scan it and realize it wasn't humbugs.

    Thanks again and warning's up unless someone can solve this.
     
  11. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Okay..., I'll try downloading the older ver. but just out of curiousity, what to you mean when you repeat "Warning's up"?
     
  12. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Well, after the painfully slow download from the Optix site I found that NOD did not detect the trojan client or server in the Optix Pro 1.3 zip file (or after they had been extracted). I would be happy to submit the archive to someone at Eset if I an get an email address (IM me if you wish) but keep in mind it is almost 3am my time so I may not be awake that much longer :)

    Regards,

    Dan
     
  13. Proud User

    Proud User Registered Member

    Joined:
    Jun 19, 2003
    Posts:
    32
    Hmm, the warning thingy stands for the fact that this is some serious security threat to my point of view (a very chaotic troajn listed as detectable that is now undetectable) and I just won't rest in peace without getting a proper response from someone related to NOD32's development if possible.
     
  14. Proud User

    Proud User Registered Member

    Joined:
    Jun 19, 2003
    Posts:
    32
    Alrighty Dan, that's all I wanted to hear. I'd appreciate if you could send ESET a message explaining this issue as soon as you wake up.

    Thanks! :)
     
  15. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Already done, am awaiting word back from them now :D
     
  16. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hey Proud User,

    thaks for the feedback - it'll be added in the next update.

    Take care, :)

    jan
     
  17. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    ...as an additional follow-up. The ESET team has indicated that the version on the DL site which was the subject of the discussion is the same version that the Win32/Optix.Pro.1.3 signature is based on but had been repacked with a different UPX packer to foil detection (a common ploy in Trojan circles).

    Thanks to all!
     
  18. Proud User

    Proud User Registered Member

    Joined:
    Jun 19, 2003
    Posts:
    32
    I'm dead impatient!.
     
  19. Proud?User

    Proud?User Guest

    Great Jan!, thank you :)
     
Thread Status:
Not open for further replies.