What do you do when your antivirus software doesn't work?

Discussion in 'NOD32 version 2 Forum' started by Carl Farrington, Sep 29, 2004.

Thread Status:
Not open for further replies.
  1. Carl Farrington

    Carl Farrington Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    57
    Location:
    Manchester, England, U.K.
    Well. My recommendation for NOD32 went down a treat with this client. Not.
    Here's the file that's not detected with NOD32 v2 updated to 28-9-2004, even though searching google shows results on this file from back in July.

    link removed as points to malware which is against TOS

    guess I need to download an evaluation of KAV to clean this one.
     
    Last edited by a moderator: Sep 29, 2004
  2. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    NOD detected it here with the IMON HTTP scanner and stopped it from downloading.

    Time Module Object Name Virus Action User Info
    9/29/2004 9:54:10 AM IMON file link removed probably unknown NewHeur_PE virus quarantined - connection terminated STAN\Administrator

    http://webpages.charter.net/gunn1943/css.JPG
     
    Last edited: Sep 29, 2004
  3. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    Please, remove that links from your posts immediatly.
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,768
    Location:
    Texas
    Detected here.
     

    Attached Files:

  5. Carl Farrington

    Carl Farrington Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    57
    Location:
    Manchester, England, U.K.
    strange. I had heuristics set to Deep. Still nothing.
    How bizzare. I uploaded it to one of the scanning sites and as you said NOD detected it as "probably unknown whatever".

    File is now removed. Thanks for the help.
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,768
    Location:
    Texas
    Wilders Security Forums
    Terms Of Service

    You agree, through your use of this forum, that you will not post any material which is false, defamatory, inaccurate, abusive, vulgar, hateful, harassing, obscene, profane, sexually oriented, threatening, invasive of a person's privacy, or in violation of ANY law. This is not only a forum policy, but legal action can be taken against you in accordance with appropriate law. You also agree not to post or upload any copyrighted material unless the copyright is owned by you or you have consent from the owner of the copyrighted material. Spam, flooding, advertisements, chain letters, pyramid schemes, and solicitations are also inappropriate in this forum. Furthermore, you agree not to post any links to warez sites or sites from which malware (viruses, worms, trojans, backdoors etc.) can be downloaded.
     
  7. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    Do you have "Advanced heuristics" marked?
     
  8. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    A copy of the file is on it's way to ESET nowe so it should be included in next batch of updates as the CWS trojan that other antiviruses know it as.
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Thanks, I managed to get the file instantly as the link had been posted. It seems to be a new trojan, we'll analyse it and add detection by name shortly.
     
  10. Carl Farrington

    Carl Farrington Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    57
    Location:
    Manchester, England, U.K.

    Maybe I'm missing something, but there is no Advanced Heuristics for AMON. There is for IMON, but this was to clean an already infected machine.

    I took the drive out of the bad computer, and scanned it in my machine.
     
  11. Carl Farrington

    Carl Farrington Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    57
    Location:
    Manchester, England, U.K.

    Yep, very sorry about that. I registered here a long time ago and haven't been since, so the TOS were not fresh in my mind. I'll take better care next time.
     
  12. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    Are you using the NOD version 2.12.2?

    http://webpages.charter.net/gunn1943/amonsetup.JPG
     
  13. Carl Farrington

    Carl Farrington Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    57
    Location:
    Manchester, England, U.K.
    ooops! I guess that's the difference between:
    "Perform program component upgrade only if necessary for proper virus signature database functioning"
    and
    "Perform program component upgrade if available"

    Something new learned today!

    <leaves with head down> ;)
     
  14. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Carl, there is a fairly comprehensive step by step tutorial on Nod32 here

    Hope this helps...

    Cheers :D
     
  15. arrowsmithmidwest

    arrowsmithmidwest Registered Member

    Joined:
    May 12, 2004
    Posts:
    165
    Location:
    Midwest
    about 2-3 months ago i had a CWS trojan/malware on my computer,
    it was the first net bug to stump me, because my NOD was fully up-to-date, deep, advanced heuristics. My Spyware removers were fully up-to-date and still my internet explorer was going hay wire and nothing was detected.

    Anyway after some searching/researching i found a program to remove that specific CWS trojan/malware, and to my understanding NOD didn't pick it up because it wasn't technically a virus or somthing.

    But now i know that NOD will pick up those types of net bugs.
     
  16. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    NOD & most other antiviruses will detect many forms of the CWS trojan and block it from activating, BUT I don't know of any antivirus or antitrojan that can clean an infiltration of CWS completely once it has got established

    The methods that they use to hook into the system need specialist cleaning tools and routines that no "off the shelf " anti trojan or antivirus can include as each infection differs on every individual copmputer

    The CWS adware trojans have several hundred varieties and several new versions come out daily

    These pests are far better prevented than cured and the only way is to keep up to date with all windows updates and your antivirus

    NOD(heuristically) (and KAV)detects more varieties of these than most other antiviruses do , but nothing detects every version unfortunately
     
  17. arrowsmithmidwest

    arrowsmithmidwest Registered Member

    Joined:
    May 12, 2004
    Posts:
    165
    Location:
    Midwest
    So more than likely i received a CWS trojan, i got infected, the next NOD update cleaned it, then i needed to d/l a tool the fix the problems created by this CWS. Or does this problem only occur when the trojan itself lives on the computer, when it gets cleaned the problems go away? i s'pose not
     
  18. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Arrowsmithmidwest you can do the following:

    Install and run CWShredder available here


    IF the above does NOT fix your problem please download and run “Hijack This” found here


    and post your log at one of the forums found here


    Keep in mind the following quote:


    Hope this helps…

    Let us know how you go…

    Cheers :D
     
  19. Thorz

    Thorz Registered Member

    Joined:
    Dec 29, 2003
    Posts:
    124
    Why are these 2 lasts options from the picture not activated as default in 2.12.3? If I had not read this thread I have never thought on activating them. What sorprises me more is that "advanced heuristics" is "recommended" on the help file and it is not ON by default.

    Can someone explain me? Thanks.
    .
    [.QUOTE=Stan999]Are you using the NOD version 2.12.2?

    http://webpages.charter.net/gunn1943/amonsetup.JPG[/QUOTE]
     
  20. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Nod32 is set VERY conservatively, there is a thread here under "Everything Else" and Item number 11, and further down in that thread there are links to very long discussions on this matter: https://www.wilderssecurity.com/showthread.php?t=49674

    Hope this helps...

    Cheers :D
     
Thread Status:
Not open for further replies.