WinAntiVirus

Discussion in 'ESET NOD32 Antivirus' started by EDtheSOCk, Jun 17, 2008.

Thread Status:
Not open for further replies.
  1. EDtheSOCk

    EDtheSOCk Registered Member

    Joined:
    Jun 17, 2008
    Posts:
    2
    I work at a small PC Repair shop and finally talked the owners to start selling NOD32. I recently had a customer call me that had NOD32 v3 with updates and ended up with WinAntiVirus.

    Why isn't this lousy 'software' not detected by the spyware engine? Will it be in the future?

    Thank you,

    Ed Smith
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hm, when I tried to access it I got this warning:

    Details:

    Web page:
    hxxp://www.winantivirus.com/

    Description:
    Access to the web page was blocked by ESET Smart Security.
    The web page is on the list of websites with potentially dangerous content.
     
  3. Philippe_FR22

    Philippe_FR22 Registered Member

    Joined:
    Sep 6, 2007
    Posts:
    249
    Hello,
    Ok for ESS but what's about EAV ? A lot of spywares (rogues) like winantivirus, vundo, navisearch, smitfraud etc... are currently infected numbers of PC and it seems that EAV is not able to detect them... And generaly speaking there are few AV able to detect them. I'm a bit surprised that, considering level of danger of such spywares, antivirus company did not decide to consider them...

    Regards
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It doesn't matter whether it's EAV or ESS, both block access to that site as you can see below. As for Virtumonde, they pay the authors well and release new variants every while. Detection is usually tested before a new version is released and the code is adjusted until it's not detected by the most famous AV programs. I've seen Virtumonde detected only by NOD32 and 1 or 2 more AV programs. Every AV vendor is trying to find ways how make Virtumonde detectable in spite of the obfuscation they use.
     

    Attached Files:

  5. MaVRiC

    MaVRiC Registered Member

    Joined:
    Dec 7, 2007
    Posts:
    25
    I concur with Marcos, EAV 3 knocks it on the head.
    Had to turn off Outpost 2008 first, but both detected it instantly.
    outpost.jpg
    EAV.JPG
     
  6. Philippe_FR22

    Philippe_FR22 Registered Member

    Joined:
    Sep 6, 2007
    Posts:
    249
    Well ! Thank you for your answer...
    Regards
     
  7. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    I've had some versions of this slip past NOD and infect machines, this one as well as some other variants of smitfraud, spyfalcon, spysheriff, virtumundo...they change so rapidly...I've seen them get into even NOD and Kaspersky protected machines. Some of these rogue trojans change so fast...many variants coming out frequently.
     
  8. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    It appears at this moment in time the blocking of www.winantivirus.com may not be the answer as there doesn't appear to be any HTML code on that page to cause any damage but still checking. Users must be getting this by other means and\or URL's

     
    Last edited: Jun 17, 2008
  9. EDtheSOCk

    EDtheSOCk Registered Member

    Joined:
    Jun 17, 2008
    Posts:
    2
    I wonder if we submit samples of winantivirus they might consider adding it to the list of junkware?

    Also, I am certain EAV and ESS are identical except for a SPAM filter and firewall on the latter so they will both detect the same junk.
     
  10. Lusitano

    Lusitano Registered Member

    Joined:
    Jun 17, 2008
    Posts:
    20
    I'm not sure if ESET is interested detecting them. I've sent 1 trojan sample 3 days ago, and it has not been added to database in spite of most of the other AV vendors detect it.
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please drop me a PM with the email address you sent the samples from as well as the subject of the email.
     
  12. Lusitano

    Lusitano Registered Member

    Joined:
    Jun 17, 2008
    Posts:
    20
    It seems the PM system is unavailable atm.
     
  13. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hi!

    User CP => Edit options => Enable Private Messaging
     
  14. Lusitano

    Lusitano Registered Member

    Joined:
    Jun 17, 2008
    Posts:
    20
    PM sent. Thank you
     
Thread Status:
Not open for further replies.