Wondering why NOD32 didn't catch trojan?

Discussion in 'ESET NOD32 Antivirus' started by who_dat, Jan 20, 2011.

Thread Status:
Not open for further replies.
  1. who_dat

    who_dat Registered Member

    Joined:
    Jan 20, 2011
    Posts:
    6
    Somehow I got infected by trojan.killerav and NOD32 didn't notice it. Ran the free version of Malwarebytes and it detected and removed without any problem. I never clicked on the actual: x.exe (Trojan.KillAV) so I assuming it must have piggy backed in with another piece of software.

    Just curious as to why NOD32 didn't catch this old variant of a threat?

    Thanks for any input.
     
  2. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    If you do still have a sample Please send to ESET: samples@eset.com

    TIA,

    TH
     
  3. who_dat

    who_dat Registered Member

    Joined:
    Jan 20, 2011
    Posts:
    6
    Done deal and thanks for responding so quickly ... :thumb:
     
  4. danieln

    danieln Eset Staff

    Joined:
    Jan 7, 2009
    Posts:
    112
    The file you have sent is most probably clean and it looks as an uninstaller of some application.
    The file was developed using the Java2exe packer. There is some malware reported to use the packer, perhaps this is the reason why the file got detected.
     
  5. who_dat

    who_dat Registered Member

    Joined:
    Jan 20, 2011
    Posts:
    6
    That certainly sounds logical. Hopefully I'll hear something back from them shortly and I'll post the results.

    Thanks
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Were you able to find out the vendor of the file and contacted them?
     
  7. who_dat

    who_dat Registered Member

    Joined:
    Jan 20, 2011
    Posts:
    6
    I haven't heard back on this yet ... :(
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Could you tell us what vendor you contacted? Or you reported the possible FP to Malwarebytes?
     
  9. who_dat

    who_dat Registered Member

    Joined:
    Jan 20, 2011
    Posts:
    6
    I forwarded it to samples@eset.com for review.
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    I see, a reply from the virus lab was posted here 6 days ago by Danieln, hence I then inquired if you asked Malwarebytes to confirm the false positive.
     
  11. who_dat

    who_dat Registered Member

    Joined:
    Jan 20, 2011
    Posts:
    6
    Oh sorry I totally overlooked that as the reply to the emailed file ... :oops:

    No haven't contacted them but will do.

    Thanks!
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.