Just had a rude awakening with NOD32 - didn't protect against the sdbot
worm/ircbot ES trojan infection I just had and left a back door wide open
for abuse.
Also, I feel that virus information and fixes on the website isn't really
helpful at all.
What to do?
cb

On Tue, 29 Jun 2004 15:59:41 +0200, "Chris Berry"
<(E-Mail Removed)> wrote:

>Just had a rude awakening with NOD32 - didn't protect against the sdbot
>worm/ircbot ES trojan infection I just had and left a back door wide open
>for abuse.
>Also, I feel that virus information and fixes on the website isn't really
>helpful at all.
>What to do?
>cb
>

I use AVG7 Pro and love it. Small install and system footprint, fast,
powerful and detected lots of viruses

"Chris Berry" <(E-Mail Removed)> wrote in news:cbrt31$d5o$03$1
@news.t-online.com:

> Just had a rude awakening with NOD32 - didn't protect against the sdbot
> worm/ircbot ES trojan infection I just had and left a back door wide
open
> for abuse.
> Also, I feel that virus information and fixes on the website isn't
really
> helpful at all.
> What to do?
> cb
>
>

You know I had one Trojan that made it to my machine with NOD32 running
on the machine. It never saw it. That's until I was doing a Baseline with
BlackIce which reads all executable file types basically reading all
files on the machine, and then NOD32 detected the Trojan, which I didn't
deal with it at that point.

Then I sat NOD32 to do deep scans and scan all file types and NOD32 found
the Trojan.

I have been running that way with NOD32 from that point forward.

Duane

"Chris Berry" <(E-Mail Removed)> wrote in news:cbrt31$d5o$03$1
@news.t-online.com:

> Just had a rude awakening with NOD32 - didn't protect against the sdbot
> worm/ircbot ES trojan infection I just had and left a back door wide
open
> for abuse.
> Also, I feel that virus information and fixes on the website isn't
really
> helpful at all.
> What to do?
> cb
>
>

You know I had one Trojan that made it to my machine with NOD32 running
on the machine. It never saw it. That's until I was doing a Baseline with
BlackIce which reads all executable file types basically reading all
files on the machine, and then NOD32 detected the Trojan, which I didn't
deal with it at that point.

Then I sat NOD32 to do deep scans and scan all file types and NOD32 found
the Trojan.

I have been running that way with NOD32 from that point forward.

Duane

"Chris Berry" <(E-Mail Removed)> wrote in message
news:cbrt31$d5o$03$(E-Mail Removed)...
> Just had a rude awakening with NOD32 - didn't protect against the sdbot
> worm/ircbot ES trojan infection I just had and left a back door wide open
> for abuse.
> Also, I feel that virus information and fixes on the website isn't really
> helpful at all.
> What to do?
> cb
>

Get a dedicated anti-trojan utility like TrojanHunter
(http://www.misec.net/) or ewido security suite (http://www.ewido.net/en/)
to supplement NOD32. Some people will claim that NOD32 is behind when it
comes to trojans. I find that this is a little bit of a double standard
since almost all of the AV vendors are a little bit behind on trojan
detection. I have seen systems with NAV, McAfee, and Trend Micro that were
current and still had trojans. (One NAV system I saw had 13 active trojan
variants on it!) The only AV that is marginally better at trojans, IMHO, is
Kaspersky... but I personally don't use Kaspersky for a variety of reasons.

The goal of a single malware tool that does it all is admirable. But we
don't live in a world where that is a reality... at least, yet. Security in
layers. Use different tools. A good anti-virus engine, anti-trojan,
anti-spyware, personal firewall, popup-blocker, anti-spam filter, etc. And,
ideally, supplement all of the foregoing with a good hardware firewall. Not
all of it has to be resident, but get best of breed on-demand scanners and
try to run them on a fairly routine basis.

However, certainly, if you are not comfortable with NOD32. Pick another AV.

Alec

"Duane Arnold" <(E-Mail Removed)> wrote in message
news:Xns951778CB61B0Enotmenotmecoml@63.240.76.16...
> "Chris Berry" <(E-Mail Removed)> wrote in news:cbrt31$d5o$03$1
> @news.t-online.com:
>
> > Just had a rude awakening with NOD32 - didn't protect against the sdbot
> > worm/ircbot ES trojan infection I just had and left a back door wide
> open
> > for abuse.
> > Also, I feel that virus information and fixes on the website isn't
> really
> > helpful at all.
> > What to do?
> > cb
> >
> >
>
> You know I had one Trojan that made it to my machine with NOD32 running
> on the machine. It never saw it. That's until I was doing a Baseline with
> BlackIce which reads all executable file types basically reading all
> files on the machine, and then NOD32 detected the Trojan, which I didn't
> deal with it at that point.
>
> Then I sat NOD32 to do deep scans and scan all file types and NOD32 found
> the Trojan.
>
> I have been running that way with NOD32 from that point forward.
>

Just tried deep - no difference - the backdoor processes can't be detected.
cb

"Chris Berry" <(E-Mail Removed)> wrote in
news:cbs9pm$5s8$00$(E-Mail Removed):

>
> "Duane Arnold" <(E-Mail Removed)> wrote in message
> news:Xns951778CB61B0Enotmenotmecoml@63.240.76.16...
>> "Chris Berry" <(E-Mail Removed)> wrote in
>> news:cbrt31$d5o$03$1 @news.t-online.com:
>>
>> > Just had a rude awakening with NOD32 - didn't protect against the
>> > sdbot worm/ircbot ES trojan infection I just had and left a back
>> > door wide
>> open
>> > for abuse.
>> > Also, I feel that virus information and fixes on the website isn't
>> really
>> > helpful at all.
>> > What to do?
>> > cb
>> >
>> >
>>
>> You know I had one Trojan that made it to my machine with NOD32
>> running on the machine. It never saw it. That's until I was doing a
>> Baseline with BlackIce which reads all executable file types
>> basically reading all files on the machine, and then NOD32 detected
>> the Trojan, which I didn't deal with it at that point.
>>
>> Then I sat NOD32 to do deep scans and scan all file types and NOD32
>> found the Trojan.
>>
>> I have been running that way with NOD32 from that point forward.
>>
>
> Just tried deep - no difference - the backdoor processes can't be
> detected. cb

If the file is on the machine when it does its file scanning, then I expect
it to find something, if the file is in the signature file.

For me, I use other means to detect Trojan activity.

Duane

Duane Arnold <(E-Mail Removed)> wrote in
news:Xns951778CD19776notmenotmecoml@63.240.76.16:

> "Chris Berry" <(E-Mail Removed)> wrote in news:cbrt31$d5o$03$1
> @news.t-online.com:
>
>> Just had a rude awakening with NOD32 - didn't protect against the
>> sdbot worm/ircbot ES trojan infection I just had and left a back door
>> wide
> open
>> for abuse.
>> Also, I feel that virus information and fixes on the website isn't
> really
>> helpful at all.
>> What to do?
>> cb
>>
>>
>
> You know I had one Trojan that made it to my machine with NOD32
> running on the machine. It never saw it. That's until I was doing a
> Baseline with BlackIce which reads all executable file types basically
> reading all files on the machine, and then NOD32 detected the Trojan,
> which I didn't deal with it at that point.
>
> Then I sat NOD32 to do deep scans and scan all file types and NOD32
> found the Trojan.
>
> I have been running that way with NOD32 from that point forward.
>
> Duane

I wonder what's happening with Xnews as recently the thing has been
sending out two posts. I am certainly not telling the thing to do it.

Duane

"Chris Berry" <(E-Mail Removed)> wrote in
message
news:cbrt31$d5o$03$(E-Mail Removed)
>> Just had a rude awakening with NOD32 - didn't
protect against the
>> sdbot worm/ircbot ES trojan infection I just had and
left a back
>> door wide open for abuse.
>> Also, I feel that virus information and fixes on the
website isn't
>> really helpful at all.
>> What to do?
>> cb

No AV program is perfect, and every single one will
have misses, some more than others. It all depends on
whether you update frequently enough, if/when the av
vendor hears about the virus and can offer a fix, and
myriad other things.
One of the last reviews I saw gave a 99% rating to
Norton and someone else I can't recall right now -
maybe someone could repost that page. But someone else
might get thjat 99% figure in the next review. Just
stick with the major players is best, IMO.
At any rate, if you're one of the first to get hit,
it's almost sure your AV won't see it, no matter who
you use. It's statistics and luck.

Pop

In article <cbrt31$d5o$03$(E-Mail Removed)>, Chris Berry says...
> Just had a rude awakening with NOD32 - didn't protect against the sdbot
> worm/ircbot ES trojan infection I just had and left a back door wide open
> for abuse.
> Also, I feel that virus information and fixes on the website isn't really
> helpful at all.
> What to do?
> cb
>
>
>
X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409

At a guess, stop using IE/OE. Seen this weeks latest malware? A nice
popup window which installs some malware that logs your online banking
session.


--
Conor

Dumb as a box of rocks...