Best way to check for viruses/spyware

V

vitalym

Limp Gawd
Joined
Sep 12, 2008
Messages
295
It seems that even with NOD32, scanning something that I know to be infected, doesn't always come back with a hit. Sometimes I'll try extracting the .exe with 7zip and seeing if the files seen suspicious. Also when running a suspected infected file, I'll make sure to block access with Comodo.

What are some good methods you use to determine if a file should not be clicked on?
 
It really just depends on the definition. The 'finger prints' each program uses can be different. Where I work we use a program that has a lot of false positives (I have no say over it). Is there a way to increase the sensitivity of Nod32? You could also try another program like Avira. You don't have to have both set up for dynamic scanning but have one do dynamic scanning (always on) and have the other set up to scan the hard drive at night. Get a two for one that way.
 
What version of NOD are you runing? 4 has substantially improved ability to detect todays rogues, as well as compressed files.
 
I know exactly what vitalym is talking about. I've had a number of people (friends etc) forward files to me that were infected. I'm currently running NOD32 version 4 as well and NOD often won't detect the presence of a trojan etc. Mind you this is on default settings which includes scanning for archives, self-extracting exe's etc. Upon exacting the contents of the setup, you'll quickly find the malware that was binded with the setup. Run and exe and NOD will go nuts as it tries to infect you.
 
There is a difference between Virus, Trojan/Malware and Spyware. Nod32 may only be designed to pick up some types of Virus's. You might need Windows Defender or AVG or somethign similar to pick up Trojans.
 
bigdogchris said:
There is a difference between Virus, Trojan/Malware and Spyware. Nod32 may only be designed to pick up some types of Virus's. You might need Windows Defender or AVG or somethign similar to pick up Trojans.
Click to expand...

Eset has been advertising that their product is much more than antivirus....
Right from their website "ESET delivers the fastest, most effective antivirus software with spyware and malware protection available to
combat viruses, spyware, rootkits, and other internet attacks, keeping your identity and data safe from hackers and thieves."

"Finds Malware Other AV Companies Missed — Typically when a new copy of ESET NOD32 replaces another antivirus product on a home computer the average user finds viruses or malware resident on the machine that were undetected by their previous antivirus product."

I still love the product, I'm a reseller...have been for a long time. It blows the doors out of AVG..that product can't find its way out of a paper bag. It's just that some of the rogue malware out there these days is quite frankly staying ahead of every antivirus brand out there. I had a client get hit with a new variant that wasnt even on the detection list for MalwareBytes, Spybot, and SuperAntispyware yet...my client must have caught it within hours of it being released.
 
YeOldeStonecat said:
What version of NOD are you runing? 4 has substantially improved ability to detect todays rogues, as well as compressed files.
Click to expand...

I'm using the most updated version of 4.
I guess I will just have to stick with intuition and gut instinct when dealing with potential infected files.
 
vitalym said:
I'm using the most updated version of 4.
I guess I will just have to stick with intuition and gut instinct when dealing with potential infected files.
Click to expand...

You could take any suspected application and run it in a virtual machine first to see what damage it may do, if any. Be aware though as some of the new malware can detect the presence of a virtual machine and will seem harmless initially.
 
If it's not sensitive info and can wait a few minutes, there's always VirusTotal. This is a good way to get "multiple opinions" on a file without needing to have a dozen different AVs installed and fighting with each other.
 
I sort of gave up on ESET because they're not consistently able to detect trojans and malware, despite their marketing. Don't get me wrong, their products are very good virus scanners and are well designed and have low false-positives, etc. Unfortunately, in my environment, it's easier to deal with false positives than it is dealing with infections from someone downloading and running something malicious and having NOD/ESET SS miss the threat and end up with an infected machine.

I agree, Virustotal is a good place to check suspect files, and I found that Avira's detection engines are much, much better at finding trojans and some malware than any ESET product I've used.
 
You must log in or register to reply here.
Back
Top