WinAntivirus2009

Discussion in 'ESET NOD32 Antivirus' started by briwlls, Jul 28, 2008.

Thread Status:
Not open for further replies.
  1. DooGie

    DooGie Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    112
    Now that is one excellent and constructive post and made for good reading.

    Like yourself I'm becoming a bit worried about ESETs' performance of late as NOD32 does seem to be missing things that really should set the alarm bells ringing. I've subscribed to NOD32 for the last 3 years and apart from one Vundo infection it missed I've been happy with it.
    However I do feel that people complaining about the performance of NOD32 should read around other AV company forums before ditching it. I've been considering moving over to KAV but after reading their forums it seems pretty much the same as here, missed positive files etc.

    As you say Chappy "it looks like the bad guys are winning the race".

    The problem is that the bad guys "staff" is far bigger than the good guys staff. Ok there is kudos among virus authors to beat others at coding new viruses, new variants etc. but they probably work better together than the major AV companies where the kudos is based on big bucks and the competition to detect a new virus before a competitor does.
     
  2. Kayracc

    Kayracc Registered Member

    Joined:
    Jul 5, 2008
    Posts:
    96
    Well i've already posted stuff like this, but i figured i'll chime in here

    @Chappy

    What you are expecting nod32 to do, is be a HIPS application, which it is not, are you aware of how many popup's HIPS applications give a user?, for us 'power' users it's great and actually quite amazing, for average joe(IE 99% of the world) it's horrible unless it has the ability to decide for itself, Kaspersky's firewall gives you an option to let it decide but it also warns you 'things may not work correctly if you let the firewall decide'(not exact quote but very close), What your expecting is voodoo magic

    That being said esets heuristics is pretty good, all the 'mass downloaders'(IE bob1.exe, bob2.exe--bob50.exe) eset picks up, other variants aswell, esets detection of the new antivirus 2008/2009 variants is quite nice aswell, i still find a few that eset misses, but marco's asked me to PM him links, and so i have, they've been added to detection extremely quickly

    Now if you want massive heuristics i like avira, however it has an issue for me with not 'easily' being able to enable/disable the web guard when using my VM for malware, esets is ;), think thats about all i got for that part

    And don't forget guys, malware is a 'big money' game these days, look at the recent SQL injections, thats definitely not some random idiot coding software, the zlob variant i found yesterday(which was detected this morning, i submitted yesterday) tried to spam you to dl antivirus 2008, IE get money :p, it's a completely different game, and your right chappy, malware is changing daily, however antivirus vendors are keeping up quite well i think :)

    -Brian
     
  3. ngjackie

    ngjackie Registered Member

    Joined:
    Apr 21, 2008
    Posts:
    31
    My confidence in ESET NOD32 has been ruined since I found it does not detect some adware programs detected by other AV companies. AV products such as Norton and Kaspersky detect DAPIEBar.dll installed together with Download Accelerator Plus (DAP) as an adware program, but NOD32 does not. Why do two of the AV products mentioned above detect it but NOD32 does not? Is it really a false positive? I think ESET should analyze speedbit.com one more time. Even McAFee warms users to pay attention to this website as some of its releases are considered as unwanted programs. Check out this website http://www.siteadvisor.com/sites/speedbit.com and see.

    On 9th August 2008, I submitted a file named Desperados 2 crack.exe to ESET. It is not detected by NOD32 too, but detected by Kaspersky as an adware program. I still leave these files on my PC as I've not yet confirmed what to do. I hope ESET will give me an definite answer for it.

    Besides, I would like ESET to analyze flashget.com and kugou.com as their downloads are considered as adware, spyware or other unwanted programs. You may check out these websites: http://www.siteadvisor.com/sites/flashget.com and http://www.siteadvisor.com/sites/kugou.com.

    fanbox.com is another annoying website. I have received mails from my contacts through this website several times. It either says XXX (the contact) asks you a question and requests you to answer it there or says XXX (the contact) wants to be your fan. The website does not provide FAQ or help. Some people say this website spams and some even say it hacks. It also registers users with its website without their consent. Its downloads seem to be unsafe too. So, I would like to have it analyzed and checked.

    Thank you.
     
    Last edited: Aug 11, 2008
  4. Stu666

    Stu666 Registered Member

    Joined:
    Nov 11, 2007
    Posts:
    16
    I am a reseller of ESET and I am very concerned about the inability of ESET Antivirus to detect WinAntivirus 2008/2009.

    I am seeing a LOT of my customers getting this infection.

    I feel like I am being made to look a bit silly. Take for instance, one VIP millionaire customer of mine had been using Norton on both his laptops since time began with no problems. Fast forward three months ago and I'm recommending he changes to ESET Smart Security seeing as it is a far superior product, which he ends up doing. Today I got a call from him; both laptops infected with WinAntivirus 2009. I'm surpised he has any faith left in me to even call.

    The scary thing is, he's not the only one.

    I am being forced to run SuperAntiSpyware Pro alongside ESET products.

    Not a good situation.
     
  5. edwin3333

    edwin3333 Registered Member

    Joined:
    Aug 29, 2007
    Posts:
    244
    Even if Nod32 can't detect these buggers, can't you at least keep the known malware http site list updated to stop it that way?

    Sites such as these should be blocked by nod32 that way;
    antivirus2009-freeverscan <dot> com
    windows-scanner2009 <dot> com
    av2008dl <.> com

    I use Firefox & it blocks some of these. But my users use IE and I'm seeing these sites get hits from my users. Not good.
     
  6. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Just to chime a little here and hope it helps.I did some testing with AV 2009 with the following.
    Sandboxie,Retunil,Spyware terminator Avira and Geswall. Sandboxie When allowed to execute it contained its contents in the box When I Terminate the running process and deletd its contents.I Scan with SAS OD(Clean) For Returnil,I allowed to execute and run, files placed in userappdata reboot Scan with SAS OD(Clean)Files in Appdata gone. Next spyware Termiantor Hips,I Deny Exe and its placed in blocklist When i tried to re execute it was terminated by ST.I removed from blocklist of ST re execute and allow files to user/appdata ST Scan says clean LOL. SAS OD Found rogue and deleted.Geswall allowed files to user/appdata process running. Last Avira Not a word from heuristic however I did not do a OD with Avira.I again Scan with SAS Rogue found.Draw your own conclusions.cheers
     
    Last edited: Aug 13, 2008
  7. PaulB2005

    PaulB2005 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    525
    Comment withdrawn by author as it made more sense in my head than in the real world.....
     
    Last edited: Aug 13, 2008
  8. Kayracc

    Kayracc Registered Member

    Joined:
    Jul 5, 2008
    Posts:
    96

    i wouldn't worry about it stu, any given day i can find new undetected variants of these, if you think it's just eset, your mistaken, that being said me/marcos had a short PM about new detection abilities of the antivirus variants, it's actually quite good, some brand new domains it grabbed up the files instantly, which had i think like '4/35' at virustotal, this is a new era of malware, long gone are the days of 1 virus only, now are the days of 50 of each

    That being said i have a exe file of a winantivirus that i submitted through the software earlier last week and it's still not detected ;)

    -brian
     
  9. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    Just received notification that one of my business client's machines is infected with this virus! Cripes the thing has been out in the wild for a while. Question is why did NOD32 not catch it now.
     
  10. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    If you look at Kayracc post above you can get Idea that nod Is not alone.The fact is its a slippery sucker that slips past many or all and its not the first time nor will be the last. once samples or sigs are put in place it will be detected until the next one comes along.Sorry to say but Welcome to the real world.
     
  11. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    What about NOD32 heuristics catching this spyware? Relying solely on signatures should not be the only way to detect nasties.
     
  12. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I tested these samples with Avira Free with Heuristic set to High with No detection either.I no longer have the samples on Hand I gave em away.If i get them back I will test VIPRE AV/AS.
     
    Last edited: Aug 15, 2008
  13. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    Same thing wityh NOD32 Heuristics and Unwanted Program turned on in realtime protection?
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,441
    I have seen variants that were detected only by NOD32. It's like a chess game with the AV companies at one side and the malware authors at the other side. Both sides constantly improve their tactics in each turn.

    There will never be an AV that will be close to 100% detection of new malware variants, that's simply utopia. The AV vendors will constanly improve their products and detecion, but you shouldn't forget there are two players in this game and not just the AV vendors.
     
  15. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Exactly my point,As nod or any other leading vendors are playing catchup,its like chasing a rabbit.That said Imo Heuristics and sigs are Not enough anymore.IMO a solid hips will stop it at the door either built in to the AV or stand alone.Except the happy clickers just allow to get the popup out the way.
     
  16. ngjackie

    ngjackie Registered Member

    Joined:
    Apr 21, 2008
    Posts:
    31
    I wonder how NOD32 deal with the virus variants so far. And one more question: Do Download Accelerator Plus and Flashget contain any malicious programs?
     
  17. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    i imagine that nod32 deals with the variants as well/better than the others. but how does that help anything? i find nod32 detects A LOT of unknown malware, but then another guy at Avira is probably saying the same thing. Meanwhile pixels are dying.
     
  18. 8bit

    8bit Registered Member

    Joined:
    Jun 18, 2008
    Posts:
    9
    I don't know about the rest of you but this Antivirus 2009 is popping up quite a bit lately. I had a friend who is using NOD32 for his home machine. He let the free trial run out and was infected. Once infected he purchased NOD32 and tried to remove it with no luck.

    He ended up installing Malwarebytes Malware remover and it did the trick. I also have a friend who's company is using Symantec Corp V10+ Endpoint Protection and it did not stop this malware from infecting one of their machines.

    I've been contacted by 4 people in the past week that have been infected with this.

    Will ESET eventually be able to detect this and remove it?

    Thanks,
     
  19. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hello, yes, Antivirus 2009 is detected as well as every adware and other malicious code. You can check this update, if you want. When antivirus detects it, then it should be deleted.

    Are you sure that NOD didn't remove files, but they were detected or didn't detect them?
     
  20. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    You could try the v4 beta, it has improved cleaning methods.
     
  21. apm

    apm Registered Member

    Joined:
    Mar 15, 2006
    Posts:
    164
    Nod seems not so fast at cahcting up with Antivirus2009 variants, I got infected 2 times in pass 1.5 months. But I find that a free program Comodo BOClean is quite good at terminating and deleting them. i install it on my comp and it help stop all infection.
     
  22. John2222

    John2222 Registered Member

    Joined:
    Sep 27, 2005
    Posts:
    140
    If you find a pc that is already infected, the two big free programs that I've used to fix AV2009 are:
    www.malwarebytes.com
    www.superantispyware.com
     
  23. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,441
    I'm sorry, but this is not a place to promote 3rd party programs. In the case of problems with unrecognized malware, send a log from ESET SysInspector to samples[at]eset.com or your local customer care. Use the appropropriate subject so that it's clear what issue you have and enclose as much information about the issue as possible. If the issue started occuring after downloading and running a particular file, send us the url to the file as well.
     
  24. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland

    Spot on. I do the same myself with any software that I'm thinking of buying. It fairly opens your eyes and if you think the grass is greener elsewhere, check out their support forums, it aint!

    The main problem AV's have is they're reactionary, they react to changes made by the malware writers so will always be at least one step behind.

    As Marcos said, it's then incumbent on the user to use his or her machine with a little common sense in order to minimise the risk of infection. The word in bold is the best anyone can hope for as you will never get 100% security or safety and those wailing and gnashing their teeth are deluding themselves (and others no doubt) if they believe otherwise.
     
  25. CivilTaz

    CivilTaz Registered Member

    Joined:
    Nov 19, 2008
    Posts:
    146
    If nod32 were able to deal with malware and clean the infections as good as those programs do, then it wouldn't be need to even mention them.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.