What antivirus? NOD32 didn't protect me.

  • Thread starter Thread starter Chris Berry
  • Start date Start date
C

Chris Berry

Just had a rude awakening with NOD32 - didn't protect against the sdbot
worm/ircbot ES trojan infection I just had and left a back door wide open
for abuse.
Also, I feel that virus information and fixes on the website isn't really
helpful at all.
What to do?
cb
 
Just had a rude awakening with NOD32 - didn't protect against the sdbot
worm/ircbot ES trojan infection I just had and left a back door wide open
for abuse.
Also, I feel that virus information and fixes on the website isn't really
helpful at all.
What to do?
cb
Click to expand...

I use AVG7 Pro and love it. Small install and system footprint, fast,
powerful and detected lots of viruses :)
 
Just had a rude awakening with NOD32 - didn't protect against the sdbot
worm/ircbot ES trojan infection I just had and left a back door wide open
for abuse.
Also, I feel that virus information and fixes on the website isn't really
helpful at all.
What to do?
cb
Click to expand...

You know I had one Trojan that made it to my machine with NOD32 running
on the machine. It never saw it. That's until I was doing a Baseline with
BlackIce which reads all executable file types basically reading all
files on the machine, and then NOD32 detected the Trojan, which I didn't
deal with it at that point.

Then I sat NOD32 to do deep scans and scan all file types and NOD32 found
the Trojan.

I have been running that way with NOD32 from that point forward.

Duane :)
 
Just had a rude awakening with NOD32 - didn't protect against the sdbot
worm/ircbot ES trojan infection I just had and left a back door wide open
for abuse.
Also, I feel that virus information and fixes on the website isn't really
helpful at all.
What to do?
cb
Click to expand...

You know I had one Trojan that made it to my machine with NOD32 running
on the machine. It never saw it. That's until I was doing a Baseline with
BlackIce which reads all executable file types basically reading all
files on the machine, and then NOD32 detected the Trojan, which I didn't
deal with it at that point.

Then I sat NOD32 to do deep scans and scan all file types and NOD32 found
the Trojan.

I have been running that way with NOD32 from that point forward.

Duane :)
 
Chris Berry said:
Just had a rude awakening with NOD32 - didn't protect against the sdbot
worm/ircbot ES trojan infection I just had and left a back door wide open
for abuse.
Also, I feel that virus information and fixes on the website isn't really
helpful at all.
What to do?
cb
Click to expand...

Get a dedicated anti-trojan utility like TrojanHunter
(http://www.misec.net/) or ewido security suite (http://www.ewido.net/en/)
to supplement NOD32. Some people will claim that NOD32 is behind when it
comes to trojans. I find that this is a little bit of a double standard
since almost all of the AV vendors are a little bit behind on trojan
detection. I have seen systems with NAV, McAfee, and Trend Micro that were
current and still had trojans. (One NAV system I saw had 13 active trojan
variants on it!) The only AV that is marginally better at trojans, IMHO, is
Kaspersky... but I personally don't use Kaspersky for a variety of reasons.

The goal of a single malware tool that does it all is admirable. But we
don't live in a world where that is a reality... at least, yet. Security in
layers. Use different tools. A good anti-virus engine, anti-trojan,
anti-spyware, personal firewall, popup-blocker, anti-spam filter, etc. And,
ideally, supplement all of the foregoing with a good hardware firewall. Not
all of it has to be resident, but get best of breed on-demand scanners and
try to run them on a fairly routine basis.

However, certainly, if you are not comfortable with NOD32. Pick another AV.

Alec
 
Duane Arnold said:
You know I had one Trojan that made it to my machine with NOD32 running
on the machine. It never saw it. That's until I was doing a Baseline with
BlackIce which reads all executable file types basically reading all
files on the machine, and then NOD32 detected the Trojan, which I didn't
deal with it at that point.

Then I sat NOD32 to do deep scans and scan all file types and NOD32 found
the Trojan.

I have been running that way with NOD32 from that point forward.
Click to expand...

Just tried deep - no difference - the backdoor processes can't be detected.
cb
 
Just tried deep - no difference - the backdoor processes can't be
detected. cb
Click to expand...

If the file is on the machine when it does its file scanning, then I expect
it to find something, if the file is in the signature file.

For me, I use other means to detect Trojan activity.

Duane :)
 
You know I had one Trojan that made it to my machine with NOD32
running on the machine. It never saw it. That's until I was doing a
Baseline with BlackIce which reads all executable file types basically
reading all files on the machine, and then NOD32 detected the Trojan,
which I didn't deal with it at that point.

Then I sat NOD32 to do deep scans and scan all file types and NOD32
found the Trojan.

I have been running that way with NOD32 from that point forward.

Duane :)
Click to expand...

I wonder what's happening with Xnews as recently the thing has been
sending out two posts. I am certainly not telling the thing to do it.

Duane :)
 
message

No AV program is perfect, and every single one will
have misses, some more than others. It all depends on
whether you update frequently enough, if/when the av
vendor hears about the virus and can offer a fix, and
myriad other things.
One of the last reviews I saw gave a 99% rating to
Norton and someone else I can't recall right now -
maybe someone could repost that page. But someone else
might get thjat 99% figure in the next review. Just
stick with the major players is best, IMO.
At any rate, if you're one of the first to get hit,
it's almost sure your AV won't see it, no matter who
you use. It's statistics and luck.

Pop
 
Just had a rude awakening with NOD32 - didn't protect against the sdbot
worm/ircbot ES trojan infection I just had and left a back door wide open
for abuse.
Also, I feel that virus information and fixes on the website isn't really
helpful at all.
What to do?
cb
Click to expand...
X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409

At a guess, stop using IE/OE. Seen this weeks latest malware? A nice
popup window which installs some malware that logs your online banking
session.
 
Just had a rude awakening with NOD32 - didn't protect against the sdbot
worm/ircbot ES trojan infection I just had and left a back door wide open
for abuse.
Also, I feel that virus information and fixes on the website isn't really
helpful at all.
What to do?
Click to expand...


Are you UK based? Take it up with Aspect Systems, if they can't resolve
it, they'll certainly put you in touch with someone who will, or see to
it that the virus signature developers are updated, i'm sure.
 
What email client do you recommend?

: In article <[email protected]>, Chris Berry says...
: > Just had a rude awakening with NOD32 - didn't protect against the sdbot
: > worm/ircbot ES trojan infection I just had and left a back door wide
open
: > for abuse.
: > Also, I feel that virus information and fixes on the website isn't
really
: > helpful at all.
: > What to do?
: > cb
: >
: >
: >
: X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
:
: At a guess, stop using IE/OE. Seen this weeks latest malware? A nice
: popup window which installs some malware that logs your online banking
: session.
:
:
: --
: Conor
:
: Dumb as a box of rocks...
 
What email client do you recommend?
Click to expand...

Check out Mozilla'sThunderbird. I am using it as a primary/backup for
I. E.right now and it looks very good. It also has a great logo :-).
 
Richard L said:
Check out Mozilla'sThunderbird. I am using it as a primary/backup for
I. E.right now and it looks very good. It also has a great logo :-).
Click to expand...

Seconded. Also look at Pegasus and Eudora. The main thing though is to
use something other than IE for web browsing. When CERT start issuing
statements telling people to use anything other than IE then its
serious.
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What email client do you recommend?
Click to expand...

Hmmm...I can't let a question like that go by without mentioning what
is, in my opinion, the foremost email client of all (though it's only
for Windows, it is better than anything I've tried or seen in
Windows, Linux, and Mac)... "The Bat!"

"The Bat!" is developed with power, versatility, and security in
mind...and does a great job in all these areas. It's pretty
intuitive to use in the most basic ways, but if you want to get the
most out of it, be prepared for a bit of learning (well worth the
effort!). Here's the URL:

http://www.ritlabs.com/

- --
Melissa

-----BEGIN PGP SIGNATURE-----

iD8DBQFA41j/KgHVMc6ouYMRAq0JAJ9RAqTJJjT2eInTUrCJgT1T2X2NkQCgjcJN
tMYMQoYy8DSw9ik7VZkiX2g=
=kMAj
-----END PGP SIGNATURE-----
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Hmmm...I can't let a question like that go by without mentioning what
is, in my opinion, the foremost email client of all (though it's only
for Windows, it is better than anything I've tried or seen in
Windows, Linux, and Mac)... "The Bat!"

"The Bat!" is developed with power, versatility, and security in
mind...and does a great job in all these areas. It's pretty
intuitive to use in the most basic ways, but if you want to get the
most out of it, be prepared for a bit of learning (well worth the
effort!). Here's the URL:

http://www.ritlabs.com/
Click to expand...

Thanks for that Melissa. I didn't originally ask the question but I was
looking for a new mail client anyway. I took a look at the site, and found
The Bat! is just great for an email 'power-user' like myself. I've bought a
copy now.

Thanks again.

Regards,

Kleeb.
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks for that Melissa. I didn't originally ask the question but I
was looking for a new mail client anyway. I took a look at the
site, and found The Bat! is just great for an email 'power-user'
like myself. I've bought a copy now.
Click to expand...

Hi Kleeb,

I'm glad you like it! :-) I've been using it for a few years now, and
I'm still learning about more things it can do for me. There's a
very helpful user mail list (also available as a Gmane news group,
but it makes sense to subscribe to the mail list so that you can test
various features as you learn about them). Here's the subscription
mailto if you're interested (TBUDL - "The Bat User Discussion List"):

<mailto:[email protected]?subject=subscribe>

There is also a very helpful "TBTECH" list for even more technical
matters...like creating custom regular expression templates, etc.
Whenever I need a filter or template to perform some convoluted
function, I just write to the TBTECH list, and in very short order,
someone has composed a mass of regular expression gobbledygook that
does exactly what I need. :-) There's also a "library" of already
composed regular expression templates available on the web for all
sorts of useful functions.

Here's the subscription mailto for that list:

<mailto:[email protected]?subject=subscribe>

Currently, I have 9 accounts, 350+ folders/sub-folders, and almost 1
GB of mail in the database. It handles all this with ease and great
efficiency. Filtering, sorting, templates (very powerful and
versatile templates for plain text messages), several types of
threading, highly customizable auto-reply functions, fully integrated
support for both GnuPG and PGP (no plug-ins required), anti-virus and
anti-spam plug-ins...and the list goes on. :-)

After using this client for a few years now, I can't imagine using
anything else. A while ago, I was interested in possibly migrating
to a Linux distro, but I couldn't find any email client for Linux
that could even come close to what The Bat can do for me. This email
client is the reason many people who would otherwise be using Linux
or Mac simply can't bring themselves to make the switch. :-)

- --
Melissa

-----BEGIN PGP SIGNATURE-----

iD8DBQFA46bTKgHVMc6ouYMRAq6fAJ9BiSyEhlhbFoNKfHTwXa4B3HD5CACgzRBj
bmRzn01ISZZGTJf0eHN2X38=
=jAF7
-----END PGP SIGNATURE-----
 
Chris Berry said:
Just had a rude awakening with NOD32 - didn't protect against the sdbot
worm/ircbot ES trojan infection I just had and left a back door wide open
for abuse.
Also, I feel that virus information and fixes on the website isn't really
helpful at all.
What to do?
cb
Click to expand...

Thanks guys. NOD32 were quite responsive to my queries and I submitted
copies of the infected files.
Today's latest update cleans the files which is good and I'm told that the
new heuristics will take care of similar attacks in 2 months time.
As far as changing my OE/IE combination, I like a simple system and having
not had a single infection apart from this one in over 5 years, I must be
doing something right to keep things clean.
Correction... I have had machines infected but there's nothing you can do
with a clean install and a virus scanner that needs an internet update.
typically, by the time these machines are fully protected, they've been
exposed for a good 5 mins and that's all it takes.
I can't understand why BBS access for updating windows and virus scan
software isn't more prevalent because that would prevent these
vulnerabilities.
cb
 
Back
Top