Thursday, December 10, 2009
Eset NOD32 Tricks
NOD32 provides well balanced, state-of-the-art protection against threats endangering your PC and enterprise systems running various platforms from Microsoft Windows through a number of UNIX/Linux, Novell, MS DOS operating systems to Microsoft Exchange Server, Lotus Domino and other mail servers.
The thing i like most about Nod32 is it's Heuristic base Powerful Scanning which some time detects zero day malwares. They dont heavily belive on Signature base detected which was usually used in past.
Now a question rises that what is Heuristic and signature base detection
1)-Signature Based Scan:
Traditionally, AV solutions have relied strongly on signature-based scanning, also referred to as scan string-based technologies. In signature based scanning antivirus program searches within given files for the presence of certain strings (also only in certain regions). If these predefined strings are found,then anti virus report A Threat detected.
According to Mcafee Lab, approximately 250 virus are released every day, so it's very difficult to catch all those viruses every day. So a new Heuristic based detected is used to detect unknown threats as explained below. Run-time packing is a technique malware writers employ to defeat signature-based detection of a know malwares. To solve this problem the AV ist unpack the file and then scan it.
2)-Heuristic Based Scan:
Heuristic (hyu-ˈris-tik) is an adjective for methods that help in problem solving. The first heuristic engines were introduced to detect DOS viruses in 1989.
A heuristic scan is used to detect new, unknown viruses in your system that have not yet been identified. Only some anti viruses can do this type of scan, the majority are only able to detect known viruses.
In this scanning, antivirus program searches instructions or commands within a file that are not found in typical good application programs. Lets take an example if a file's binary code contain an instruction of "Dont show hidden files ". As a result, a heuristic engine is able to detect potentially malicious files and report them as a virus and a variant in case of Nod32.
ThreatSense® Technology:-
In this technology, heuristic approach is also used but also when a certain files does specious activity in computer, Av program does not perform any action and keep eye on that file. Next, when you update your anti-virus these files are send to security experts of antivirus that you are using. Some time you have to submit that files manually by selecting those specious files and then clicking "Submit". Malware analysts analyze the file, if it is a virus then they make it's signatures. By this a virus is caught with in 3-4 days and less damage is done.
Ativirus Using these Technique:-
Eset Nod32 ( I think all versions)
Bitdefender 10
Norton Antivirus 2009
Installation :
During installation dont forget to enable this option!
Updates:-
Updates of Nod32 is very small in size. But first time when you update your Nod32 after installation, it takes little bit of time to update it's virus database but after that jsut 45 KB to 100 KB updates are downloaded on daily bases. Look at the update size soooooooo small
Update files:
The updates of nod32 are stored in"C:\Program Files\ESET\ESET NOD32 Antivirus\" with the extension of DAT. Take a look at the image.
Save these files to some other location and every time after installing nod32, instead of updating it for a long period of time just copy these files to the Installation Folder and then reboot. Reboot is necessary to take effect.
Programming of NOD32:-
Root Directory: C:\Program Files\ESET\ESET NOD32 Antivirus\
Deep Scan: Yes
File: callmsi.exe
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: Microsoft Visual C++ 8
Matches: 6
File: ecls.exe
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: Microsoft Visual C++ 8
Matches: 6
File: ecmd.exe
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: Microsoft Visual C++ 8
Matches: 6
File: egui.exe
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: Microsoft Visual C++ 8
Matches: 6
File: eguiAmon.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: eguiEmon.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: eguiEpfw.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: eguiScan.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: eguiUpdate.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: EHttpSrv.exe
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: Free Pascal v1.06
Matches: 7
File: ekrn.exe
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: Microsoft Visual C++ 8
Matches: 6
File: ekrnAmon.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: ekrnEmon.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: ekrnMailPlugins.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: ekrnScan.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: ekrnUpdate.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: eplgHooks.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: eplgOE.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: eplgOutlook.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: eplgOutlookEmon.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: http_dll.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: mfc80.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: mfc80u.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: shellExt.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: updater.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: Microsoft Visual C++ v6.0
Matches: 18
But ESET says NOD32 is mostly programmed in Assembly languages but Analysis tools shows the above result.
But one thing I will must say that it has very fast scanning speed and occupy very less CPU resources.
Submit Samples:
NOd32 has also a feature to submit specious files for analysis manually. If you find any file specious in your PC just do this. Most of the peoples (malware writers) dont like this. LOL
Just right click on the file and click submit. That's it. Click image to see clearly.
ESET SysInspector :-
ESET SysInspector is a free, state of the art diagnostic tool for Windows system.t peers into your operating system and captures details such as running processes, registry content, startup items and network connections. Once a snapshot of the system is made, ESET sysInspector applies heuristics to assign a risk level for each object logged. ESET SysInspector is a convenient utility for the tool box of every IT expert and first responder.
First SysInspector was produced as a individual product but latter on it was integrated into NOD32 4.xx version. It a very nice and free product. SysInspector product manager was 'Zdeno Hlinka' and he is also a developer.
Images of SysInspector:-
http://i49.tinypic.com/5yceah.jpg
Size: 2.4 MB
License: Freeware
Download SysInspector
eset NOD32 is a true malware fighting product: