2.70.32 2342 does not detect common trojans

Where to submit? I have searched eset – there is no such service.

Below is KOS log:

KASPERSKY ONLINE SCANNER REPORT
Thursday, June 21, 2007 12:32:42 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 21/06/2007
Kaspersky Anti-Virus database records: 328408

C:\WINDOWS\system32\drivers\etc\service.exe Infected: Trojan.Win32.Agent.amg skipped
C:\WINDOWS\system32\drivers\etc\svchost.exe Infected: Backdoor.Win32.Iroffer.af skipped
C:\WINDOWS\system32\exec2.exe/data.rar/service.exe Infected: Trojan.Win32.Agent.amg skipped
C:\WINDOWS\system32\exec2.exe/data.rar/svchost.exe Infected: Backdoor.Win32.Iroffer.af skipped
C:\WINDOWS\system32\exec2.exe/data.rar Infected: Backdoor.Win32.Iroffer.af skipped
C:\WINDOWS\system32\exec2.exe RarSFX: infected - 3 skipped

 

Send it here: samples [AT] eset.com

 

In additon to what Pykko wrote , you'd better also include a link to this thread.Files you need to submit are:

C:\WINDOWS\system32\exec2.exe
C:\WINDOWS\system32\drivers\etc\svchost.exe
C:\WINDOWS\system32\drivers\etc\service.exe

 

Thanks. Sent. That is if ISP will not filter them out.

 

Send the files to samples@eset.com, archive the samples with rar or zip and password protected the file with the password 'infected' (without the quotes)

 

Just one note re. the topic name; I don't understand why it reads "2342 does not detect common trojans". What is common? Because I could give tons of examples where other famous AVs miss "common" malware. Please understand that what is common for you may not be common for the others and every AV misses some malware.

 

May I suggest this thread be made a sticky. I also had a trojan and Nod scanner requested to send a sample. I clicked "yes" and waited and waited and.....
Nothing.

 

@manOFpeace

NOD32 offered you to send a sample , then it was previously detected -> you remained protected , why would you want to add definition for something that was already detected by heuristics ... If you mean email answer , ESET Lab doesn't answer submissions .

Perhaps this should be made sticky:
Because I could give tons of examples where other famous AVs miss "common" malware

 

NOD32 does not advise you to submit a sample unless it's caught by heuristics. If it's actually malicious usually no further action will be taken. If you think it's a false positive, it's better to email it to samples[at]eset.com with "FP" in the subject and enclose as much information about it as possible (e.g. the url of the program that triggered an alert, etc)

 

I don't know the particular situation manOFpeace was in, but I think if an AV has a signature it can usually clean an infection much better than just with heuristic detections, i.e. remove all traces and registry entries whereas the heuristic just detects the particular suspicious file it is flagging.

Londonbeat

 

True, but how can you catch zero day malware without heuristics or other pro-active detection? It is better to find and delete the trojan right away, rather than have it undetected until signatures are released. If NOD saves your credit card numbers, you wont be worried about a few registry entries. In my opinion anyway. Just my 0.02.

 

I agree, I'm not criticising heuristics, just pointing out that not adding a signature because it is already detected by heuristics could have some disadvantages, but from reading previous posts here Eset do usually add a signature for submitted heuristic detections, especically if it's widely spreading.

Londonbeat

 

I know a vendor that can help you with all this.

 

Yes I totally agree with that. Any AV company that uses heuristics in its products should add a generic signature for detections flagged and subsequently submitted by the heuristics engine. As such I would certainly hope that Eset think the same way. Considering that Threatsense does submit heuristically detected threats automatically, I would think that this is the case.

On hindsight it appears I mis-interpreted your post. Apologies

 

I'm sure you do. But what about the new vendor you'll be using next week?

 

Next week , you must be kidding . Tomorrow he'll change the vendor and the song again

 

Also what? Speed of reaction of virus laboratory simply amazes me. I 1,5 week ago have sent 21 sample in ESET. And here only yesterday NOD32 has found out 1 trojan from 21 sent. It is pleasant to me as act DrWeb, KAV at sending a suspicious file in their laboratory. From them the automatic answer, with a serial number of inquiry comes. The answer from a virus analyst then comes. Really such it is difficult to make? I send samples in ESET, I at all do not know, send in addition they or not. Sorry for my English.

Edit ~ Virus Total log removed; please read THIS POST ~ Blackspear.

 

https://www.wilderssecurity.com/showpost.php?p=198429&postcount=18

 

This is true only for file infectors when submitting infected files helps us create a cleaning algorithm.

 

Well, it's quite unbelievable that you'd find 21 threats on your or your fellow's computer. Always bear in mind that signatures are picked up on a per-need basis and samples from collectors are treated with lower priority (unless they are of a higher importance), first we need to serve our clients and not deal with obscure samples from vx sites, etc.

 

True, very true. Same here.

 

Well, actually, I 2-nd year use Nod32 EE. In due time I recommended our company to pass on NOD32 and is very happy with its work. This 21 sample, real. They have been found out on computers of different users and left by me for a collection so to say.

 

I can see a pattern emerging here... My 0.02:

Marcos and other Eset moderators on this forum have gone to great lengths, over time, to explain their signature addition methods. It is explained quite clearly that Eset will not just add "any old rubbish" to their signature database. NOD32 is about great detection, combined with great performance. Performance would hit rock-bottom if Eset added every single sample to their database. If Eset didnt produce a great AV, they wouldnt be in business. Full stop.

With companies like Kaspersky and Avira in the market, competition is cut-throat. Yet Eset stay afloat. With a great reputation for performance; as well as detection. Eset add their signatures the way they decide to. If you dont like it, use a different AV. Its as simple as that.

This is not an attack directed at anyone who has posted in this thread, or in this forum - regarding Eset's sample submission policy. I just think that it goes beyond "flogging a dead horse".

 

That's the best solution.

 

Having worked with computers since 1968, I can say that NOD32 is one of the most effective software programs I have used. In addition, it is also the best AV program I have used in my company's computers.

Although I recently starting posting in this forum, I have read the threads for years. There is a pattern here, and it has to do (in my opinion) with competitors of ESET posting various topics that all get back to something NOD32 is doing wrong. While one can never be certain of the psychological motives involved, I can see the financial motivation to attempt to discredit NOD32 by any means possible.

Many if not most of the critical threads posted here are absurd. After reading a new topic, I often find myself -say what? The comments above me are basically if you don't like NOD32, use some other software. I could not agree more. If any user does not like what ESET provides and the way they provide it, simply use something else. But don't use this forum for unfounded assertions and cheap shots.