NOD32? Not convinced..

beano · 16 Dec 2008 at 15:24

We all know NOD32 is silent, but what i want to know is..... Does it actually work?
Who's ever downloaded a keygen that didn't have a Trojan in it? Anyone????? Well i thought i'd give it a test, and downloaded a keygen. NOD says it's fine, so i put it on a USB stick and plugged it into my laptop, which is running Avast (which i absolutely hate incidentally). As soon as i put the stick in, alarm bells started going off, and surprise, surprise... It has a Trojan!
Now it could be that NOD would pick it up when i execute, but why didn't it pick it up straight away, like Avast!?!

Your thoughts?

bledd · 16 Dec 2008 at 15:27

quite often it's a false positive, or other av makers sometimes class all keygens as 'possible' placeholders

some av's will stop a bat file (that does harmless things)

the nirsoft site is a good example of clean software that can do powerful things, some av's will block certain parts, others will not

MarcLister · 16 Dec 2008 at 16:02

Hi beano, did NOD32 have the absolute latest virus database? Probably wouldn't have mattered if it was a keygen but you never know.

But as bledd says it could be a false positive or Eset and Avast having different opinions on what constitutes a threat.

beano · 16 Dec 2008 at 16:12

Ah okay, guess that makes sense. Yup Nod's all up to date. Some keygen's i've had haven't shown up as Trojan's til a year down the line, but i guess that could be a change in stance from the AV programmers!?!

Cheers for the input guys.

Superficial · 16 Dec 2008 at 16:14

avast gives false positives all the time

bledd · 16 Dec 2008 at 16:15

also, don't use keygens, buy the software you scab

reflux · 16 Dec 2008 at 16:22

My NOD32 comes up moaning about keygens now and then. Lots of antivirus programs come up with false positives, especially with pegleg software.

malef!c · 16 Dec 2008 at 16:28

I have only heard good things about NOD32 so perhaps its not as free and easy at throwing the false positives about the place.

Saying that - I pass wind near my laptop and Avira AntiVir throws up warnings

MarcLister · 16 Dec 2008 at 16:34

bledd. said:
also, don't use keygens, buy the software you scab

malef!c said:
I have only heard good things about NOD32 so perhaps its not as free and easy at throwing the false positives about the place.

Saying that - I pass wind near my laptop and Avira AntiVir throws up warnings

NOD32 gave me a false positive on a Notepad++ installer on Sunday. It however is fine with my wind.

OCdude · 16 Dec 2008 at 16:39

tut tut.. keygens!

But anyway, i can't say i've had many false positives with NOD.. i had one for m00.dll in IRC... well.. i HOPE it was a false positive anyway haha..

I still rate NOD well above the likes of Avast et al

w311zy · 16 Dec 2008 at 16:57

i rate it very highly also.... would trust nod32 over any other AV out there...

beano · 16 Dec 2008 at 17:13

bledd. said:
also, don't use keygens, buy the software you scab

Cheers for the reassurance everyone.

I agree about Avast, for the record, absolute cack! It drives me nuts, to the point i always end up turning it off; dunno why it's still on there really lol!?!

arc@css · 16 Dec 2008 at 17:18

malef!c said:
I have only heard good things about NOD32 so perhaps its not as free and easy at throwing the false positives about the place.

Saying that - I pass wind near my laptop and Avira AntiVir throws up warnings

Pho · 16 Dec 2008 at 17:24

http://www.virustotal.com/
http://virusscan.jotti.org/

Upload them here and have them checked against several AVs

.

Alternatively run them in a virtual machine where they can't touch you

.

beano · 16 Dec 2008 at 17:47

dbl post...

beano · 16 Dec 2008 at 17:49

Cheers Pho, here's the findings from the 1st link:

Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - TR/Agent.59904.B
Authentium - - -
Avast - - -
AVG - - Crack.S
BitDefender - - -
CAT-QuickHeal - - (Suspicious) - DNAScan
ClamAV - - -
Comodo - - Application.Win32.Hacktool.Keygen
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - Trojan.Agent.cj
F-Prot - - -
F-Secure - - Suspicious:W32/Malware!Gemini
Fortinet - - -
GData - - -
Ikarus - - not-a-Virus.Hacktool.Keygen.Adobe
K7AntiVirus - - Trojan.Win32.Malware.1
Kaspersky - - -
McAfee - - -
McAfee+Artemis - - -
Microsoft - - -
NOD32 - - -
Norman - - -
Panda - - Suspicious file
PCTools - - -
Prevx1 - - Malicious Software
Rising - - -
SecureWeb-Gateway - - Trojan.Agent.59904.B
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
ViRobot - - Backdoor.Win32.MoSucker.59904
VirusBuster - - -
Additional information
MD5: b824c5d7bea0d803440c19744c6543ef
SHA1: 30bb5342e08b1718d2ddb93b85f9335e3c590b06
SHA256: 78200a20e58b68aeb0fbdd2eccb5a8eeeceb03e42ac53859ed166866c23f5c79
SHA512: b30a2389c75f5f31be6f7874c74554e446741a52daffc53fccaeca64fed606fc2090e7d83afe420e7af25865eebb496ef70a9aa2678617d5b5e261c860c2bbd5

Ratbag · 16 Dec 2008 at 18:00

I reckon its a false positive, but run it in sandboxie if you decide to use it.

Pho · 16 Dec 2008 at 18:49

I'd agree, most of those results seem to just be generic viruses.

If you really want to check if NOD is working, safely, download the test virus from http://www.eicar.org/anti_virus_test_file.htm -it just contains a test pattern most AVs should pick up and is perfectly safe.

chuck990 · 16 Dec 2008 at 20:07

Ratbag said:
I reckon its a false positive, but run it in sandboxie if you decide to use it.

OMG i LOVEsandboxie best invention ever! i still wouldnt pay for it tho

everyone download and use it! it rocks
dunno if im allowed to say this if im not sum 1 say and ill delete it but... http://www.sandboxie.com/ <<<<<<<<<<<<<<<<<best thing ever

Pho · 16 Dec 2008 at 20:18

For running dodgy stuff a VM (i.e. VirtualBox, which is free) > Sandboxie. Purely for the reason I'd feel safer using it in one

.