When will nod32 be able to detect this trojan?

Discussion in 'NOD32 version 2 Forum' started by Pain of Salvation, Jan 7, 2006.

Thread Status:
Not open for further replies.
  1. Pain of Salvation

    Pain of Salvation Registered Member

    Joined:
    Apr 21, 2005
    Posts:
    398
    I´ve submited this file to Eset about 1 month, and NOD32 still isn´t able to detect this trojan. No, its not a false positive, neither a non functional malware. It has created 2 others trojans on my c:/Windows folder, and Ewido has removed them for me.

    http://tinypic.com/juaiwk.jpg

    Anyway, I´ll send it to Happy Bites again..
     
  2. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Are u sure it's not detected upon execution?
     
  3. Pain of Salvation

    Pain of Salvation Registered Member

    Joined:
    Apr 21, 2005
    Posts:
    398
    Yes, I´m..
     
  4. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Well, I think it will be added shortly! Perhaps it's not so dangerous!
     
  5. POS

    POS Guest

    NOD32 updated today, but still can´r detect this trojan.
     
  6. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    This from virus list(kaspersky)
    Trojan-PSW.Win32.Delf.ip
    Detection added Dec 22 2005
    Behavior PSW Trojan


    Currently there is no description available for this program

    PSW Trojans
    This family of Trojans steals passwords, normally system passwrods from victim machines. They search for system files which contain confidential information such as passwords and Internet access telephone numbers and then send this information to an email address coded into the body of the Trojan. It will then be retrieved by the 'master' or user of the illegal program.

    Some PSW Trojans steal other types of information such as:

    System details (memory, disk space, operating system details)
    Local email client
    IP-address
    Registration details
    Passwords for on-line games
    Trojan-AOL are PSW Trojans that steal passwords for aol (American Online) They are contained in a sub-groups because they are so numerous
    So potentially it could be quite dangerous!
     
    Last edited: Jan 9, 2006
  7. POS

    POS Guest

    And I´ve got no answer from Eset..
     
  8. Pain of Salvation

    Pain of Salvation Registered Member

    Joined:
    Apr 21, 2005
    Posts:
    398
    Signature added..
     
  9. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    hmmm....well, it seems rather late, but hope they'll be faster in the future. :)
     
  10. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    This is one of the reservations I have with NOD:-it(and eset) seems to rely too much on heuristics which, although are very good,are fallible and are not a panacaea for all ills.
    If more users acknowleged this and "pestered" eset a little then perhaps we would get signature updates faster,then we would have the best of both worlds:-Excellent heuristics combined with fast updates:-this update is more than two weeks behind Kaspersky and there is really no excuse for that!
     
  11. Abbes

    Abbes Guest

    true there is no excuise for that, because that file was sent to them for 2 weeks ago!
    That's what's bad with nod :(
     
  12. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Well, let's not criticise them that much! I'm sure starting with the new version 3.0 the things will be totally different! ;)
     
  13. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Shouldn't really have to wait for a new release for updates to be faster!
     
  14. Marcelo

    Marcelo Registered Member

    Joined:
    Oct 11, 2005
    Posts:
    74
    Location:
    Rio de Janeiro, Brazil.
    I agree... I´ve sent a version of Ghost Keylogger (v. 3.80) that isn't detected by NOD32 nearly a month ago. I sent it through NOD's submit function AND as a an attachment to samples at eset.com. It has never been added.

    All antiivirus and antispywares I tested correctly detected and removed this version of ghostkeylogger. Keyloggers are a big security problem and I´d expect a submited new version to be added quickly.
     
  15. Mattias

    Mattias Guest

    well i agree... but i hope we dont have to wait for the next product upgrade just to recognize some trojans and some keylogg's :)
    nod32 was the best antivirus before, but now i've seen so many complain about it with diffrient answeres about nod...
     
  16. Pain of Salvation

    Pain of Salvation Registered Member

    Joined:
    Apr 21, 2005
    Posts:
    398
    When we send a sample to KAV labs, they aways give us some answer. Why can´t Eset answer us too, like KAV Labs?
     
  17. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    an automated response would be nice, but I seriously don't want a trained virus analyst taking time to hand respond to my submission - it is time better spent ADDING DEFINITIONS... at least in my opinion....
     
  18. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    Please be more specific about these false positives. I'm not aware of any that would still be reported !!!
     
  19. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Marcos, I smell a trool. :D



    tD
     
  20. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    ...don't feed it :D
     
  21. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Quote from Marcos
    Eset Moderator Join Date: Nov 2002
    Posts: 2,151

    Re: When will nod32 be able to detect this trojan?

    --------------------------------------------------------------------------------

    Quote:
    Originally Posted by Mattias
    ...and nod32 with their new Threat Sense shows so many false positive, what has happend with nod


    Please be more specific about these false positives. I'm not aware of any that would still be reported !!!

    Where does this post by Mattias appear in this thread?Its seems a little like "having a go at someone who dare criticise Nod" what did you do pull up every post by him to find one that hadn't or couldn't be proven just to try and sidetrack what is really a valid thread criticising the speed that some(not all)signatures are added to the database,I think even you would agree it could be improved
     
  22. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    The problem was that the guy was critising Eset without giving any relevant arguments. There aren't actually any false positives produced by ThreatSense (AH) that we know about and the guy didn't provide any example either.

    As for how quickly samples are added - it's been mentioned several times here that Eset adds signatures on a per-need basis which also means that more prevalent and dangerous samples not detected by heuristics have higher priority than the rest. Of course, there's still room for improvements and I can assure you Eset is aware of this and some improvements are to be seen shortly.
     
  23. Pain of Salvation

    Pain of Salvation Registered Member

    Joined:
    Apr 21, 2005
    Posts:
    398
    About threatsense false positeves: I think nod does not give us a lot of false positives. NOD32 is one of the antivirus that has less false positives, IMHO.

    About the speed of adding signatures: It should be improved.. KAV can, why Eset can´t?
     
  24. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    POS, Marcos stated: "some improvements are to be seen shortly." So don't panic. I'm sure it will happen soon. :)
     
  25. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    I'm looking forward to them!
     
Thread Status:
Not open for further replies.