Why does NOD32 doesn't even give a peep

Discussion in 'NOD32 version 2 Forum' started by NotaPeep, Apr 17, 2005.

Thread Status:
Not open for further replies.
  1. NotaPeep

    NotaPeep Guest

    NOD32 doesn't even give a peep while others intercept this as a citibank.trojan etc.
    By others I mean, NOrton, Fprot, mcaffee and VET.
    <snip>


    removed link for safety - will supply it to staff for investigation - Detox
     
    Last edited by a moderator: Apr 17, 2005
  2. quexx88

    quexx88 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    235
    Location:
    Radnor, Pennsylvania
    You shouldn't link to infected sites...
     
  3. tobamore

    tobamore Registered Member

    Joined:
    Jun 21, 2004
    Posts:
    128
    A little worrying though isn't it? :eek:

    Fortunately my on demand Kav 4.5 detected and removed the file from my temp directory!

    This is my second nod32 failure in 2 weeks, the other was the 'not a virus' (trojan/spyware - I can't remember) found in the bittorrent client installer! Again, kav 4.5 found it, this concerns me a little and somewhat undermines ones' confidence!!! :( :doubt:

    #
    Toby.

    PS Furthermore, Ewido didn't react either, though I even ran a scan of the offending file...
     
  4. tobamore

    tobamore Registered Member

    Joined:
    Jun 21, 2004
    Posts:
    128
    I should have run a tds 3 scan, but I'd already deleted the file, tds is not resident, only on demand on my system...

    If nothing else, it reminds me not to place blind faith in *any* security software, but I would have thought the Ewido/nod32 beta pairing would have been pretty good - scary. :(

    I wonder whether Dr Web would haver detected it, on another pc here...

    #
    Toby.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hi Tobamore,
    have you sent the suspicious file to samples@eset.com for analysis? Without analysing it first, it's almost impossible to tell why it was not detected. It could have been a false positive reported by KAV (e.g. the one recently observed on nod temp files) or the file was corrupted and non-functional and as such it could not be picked up by NOD32.
     
  6. Gauthreau

    Gauthreau Guest


    That is good advise. Giving any company the big stroke in post after post of AH caught this, or AH caught that, we do need to be aware of the virises that slip by. Especially the ones that slip by a suite of software. It gives us a sobering second look at the dark figure.

    Neil
     
  7. tobamore

    tobamore Registered Member

    Joined:
    Jun 21, 2004
    Posts:
    128
    Hello Marcos,
    No, unfortunately I just allowed Kav to delete it, so it is no more. However, if 'notapeep' is to be believed and I see no reason why not, other programs did spot it and identify it as a virus/trojan.

    By the way this is a copy of the kav report for the file;

    C:\Documents and Settings\<snip>\Local Settings\Temporary Internet Files\Content.IE5\LSBL1QLD\r[1].htm Infected Trojan-Spy.HTML.Citifraud.j
     
    Last edited: Apr 17, 2005
  8. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Hi. Devil's advocate here. Maybe spend more time avoiding the things and places that lead you to all this malware, rather than worry about what software you run to hopefully catch it when you do. Just a thought.
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I found this text to be contained in the htm file you mentioned. Nothing else, nothing more - it's just a phising email whose aim is to deceive the recipient.

    De: Citibank
    Asunto: Important Fraud Alert from Citibank

    Texto del mensaje:

    Dear Citibank Account Holder,

    On January 10th 2004 Citibank had to block accounts
    in our system connected with money laundering,
    credit card fraud, terrorism and check fraud
    activity. The information in regards to those
    accounts has been passed to our correspondent
    banks, local, federal and international authorities.

    Due to our extensive database operations some
    accounts may have been changed. We are asking our
    customers to check their checking and saving
    accounts if they are active or if their current
    balance is correct.

    Citibank notifies all it's customers in cases of
    high fraud or criminal activity and asks you to
    check your account's balances. If you suspect or
    have found any fraud activity on your account
    please let us know by logging in at the below.

    [ Click Here To Login ]
     
  10. tobamore

    tobamore Registered Member

    Joined:
    Jun 21, 2004
    Posts:
    128
    Thank you Marcos, maybe there is nothing to worry about after all. :)

    Nameless, if you were referring to me in your post, I only tried the link to see how nod would react - nothing more.

    #
    Toby.
     
Thread Status:
Not open for further replies.