NOD32 missed a virus, should I be disappointed?

radderfire · 8 Mar 2010 at 15:52

Hi All

A few days ago, my laptop got infected with the ransomware/virus called "Antivirus Soft". Happily, with the help of this guide:

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-soft

and anti-malware program:

http://www.malwarebytes.org/

I was able to remove it, and my laptop is back up and running.

However, I did have NOD32.com running, but it did not do anything. My question, should I be disappointed? Should NOD32 be expected to stop "Antivirus Soft", or is "Antivirus Soft" malware, rather than a virus which NOD32 would stop?

Anyway, I've installed the paid version of malwarebytes too now.

Rgds

Sp00n · 8 Mar 2010 at 15:54

Are you running the latest def's + engine version of nod32?

radderfire · 8 Mar 2010 at 16:01

Sp00n said:
Are you running the latest def's + engine version of nod32?

Yes, I am, and I was when this happened.

Rgds

reflux · 8 Mar 2010 at 16:04

I got infected with something similar a few weeks ago. NOD32 didn't even get a sniff of it, so I had to use MalwareBytes to get rid of it. But the general feeling on the internets is that NOD32 isn't very good at dealing with Malware.

radderfire · 8 Mar 2010 at 16:10

Personally, I am wondering what the point of having NOD32 is if it can't stop something like "Antivirus Soft", which caused me some inconvenice. "Antivirus Soft" switched IE over to a proxy server so you can't browse in IE, stops you opening programs, and starts giving you false security warnings. I feel it is something which NOD32 should stop, and I'm disappointed.

Rgds

Spike_UK · 8 Mar 2010 at 16:10

We use Sophos across out work network and these get through that too. I don't know why it doesn't pick them up.

Our teachers click without thinking so these Malware programs get installed a lot.

Last week I had to remove "Security Tools 2010" from three of our laptops.

SiriusB · 8 Mar 2010 at 16:25

NOD32 is first and foremost anti-virus software. That is its main focus. As such, it will miss some malware/spyware. Malwarebytes' main focus is, uhm, malware. Hence why it detects it.

It would be nice if one single product could detect everything but that isn't likely any time soon. Better to have 2 or 3 programs that are very good at what they do rather than one that isn't so good at anything!

Burnsy2023 · 8 Mar 2010 at 16:29

Is your user account an administrator? If your using an admin account for day to day things, that's the first problem.

bledd · 8 Mar 2010 at 16:33

+ are you running with UAC disabled?
are you using a router?
where did you get the virus from? they tend not to magic their way onto pc's..

theheyes · 8 Mar 2010 at 16:36

Even if something is 99% effective, in a sample of 100,000 that's 1000 that go under the radar.

I'm slightly surprised it missed something like that because it sounds quite common, but then again it's not unheard of for viruses to recompile themselves and escape signature based detection - which is where your heuristic components kick in.

Anti-virus is just one of many layers there to keep crapware off your system, so I'd review the whole setup rather than focus in on the AV.

radderfire · 8 Mar 2010 at 16:52

Burnsy2023 said:
Is your user account an administrator? If your using an admin account for day to day things, that's the first problem.

Yes it is, I will think about changing it.

Rgds

radderfire · 8 Mar 2010 at 16:59

bledd. said:
+ are you running with UAC disabled?
are you using a router?
where did you get the virus from? they tend not to magic their way onto pc's..

UAC is enabled.

Yes I have a router.

Got it from browsing web pages. What I'm not sure of is whether I clicked a dialogue box enabling it to install. I'm usually careful, but I may have mistaken the "Antivirus Soft" dialogue for a NOD32 one.

One other thing, I've never updated Windows on this machine. That's because the Win update process crashed another computer once, so I thought, what's the point. I back up everything externally so I don't lose data.

Rgds

SiriusB · 8 Mar 2010 at 17:09

The point is Microsoft regularly update Windows to close security vulnerabilities and holes. Running as an admin and never updated Windows = problems.

Smit · 8 Mar 2010 at 17:11

radderfire said:
One other thing, I've never updated Windows on this machine. That's because the Win update process crashed another computer once, so I thought, what's the point. I back up everything externally so I don't lose data.

Yep you're pretty much asking for problems by not keeping windows up to date :eek:

Ratbag · 8 Mar 2010 at 17:12

I have trouble relating to stuff like this. In the last 8 years I've seen approximately ZERO popups that could cause me to install this crap.

Frankly, I reckon Admuncher is a better bet for avoiding malware than most AV / antimalware apps....

SiriusB · 8 Mar 2010 at 17:23

Again, AV = Anti-Virus. Plenty of Anti-Malware/Spyware/"Oooh let's click it, its Free"-ware programs out there.

The simple fact is some are very clever and convincing. If you aren't particularly computer-savvy you can easily be caught out. Others click them just to make them go away

bledd · 8 Mar 2010 at 17:27

It is important to run windows updates, more important than AV protection in many cases..

SiriusB · 8 Mar 2010 at 17:29

Running Windows Firewall can help too and costs you nothing.

Bane · 8 Mar 2010 at 19:06

What browser were you using?

I un-installed Avast Home Edition yesterday to try the demo of Nod32. But will probably return to a free av, as Nod32 is too pricey compared to the competition.

The trial gave this pop-up about wanting Windows updates. Didn't see why it needed Silverlight.

theheyes · 8 Mar 2010 at 19:53

You need to patch stuff like Flash player as well, which is often overlooked. This is one area where Linux has the drop on Windows - a unified updating mechanism.