Main Page 
PC Review
Forums
Newsgroups
Hardware
Anti-Virus
NOD32 missed this one
Forums
Newsgroups
Hardware
Anti-Virus
NOD32 missed this one
 |
NOD32 missed this one |
|
|
Thread Tools | Rate Thread |
17-12-2007, 09:02 PM
|
#1 |
|
Guest
Posts: n/a
|
NOD32 missed this one
First 'miss' in a visited malware link. Link was from obtained from
a some e-mail that I think said I had an infected file. E-mail was in Spanish, only partly comprende'd some of it ;-) hxxp://sath.hs.kr/bbs/skin/zero_vote/Symantec.exe Virus total: AhnLab-V3 2007.12.18.10 2007.12.17 - AntiVir 7.6.0.45 2007.12.17 TR/Delphi.Downloader.Gen Authentium 4.93.8 2007.12.16 Possibly a new variant of W32/NewMalware- LSU-based!Maximus Avast 4.7.1098.0 2007.12.17 - AVG 7.5.0.503 2007.12.17 - BitDefender 7.2 2007.12.17 BehavesLike:Trojan.Downloader CAT-QuickHeal 9.00 2007.12.17 Win32.Packed.NSAnti.r ClamAV 0.91.2 2007.12.17 - DrWeb 4.44.0.09170 2007.12.17 Trojan.DownLoader.origin eSafe 7.0.15.0 2007.12.17 suspicious Trojan/Worm eTrust-Vet 31.3.5382 2007.12.17 - Ewido 4.0 2007.12.17 - FileAdvisor 1 2007.12.17 - Fortinet 3.14.0.0 2007.12.17 - F-Prot 4.4.2.54 2007.12.17 W32/NewMalware-LSU-based!Maximus F-Secure 6.70.13030.0 2007.12.17 - Ikarus T3.1.1.15 2007.12.17 Generic.Banker.Delf Kaspersky 7.0.0.125 2007.12.17 Heur.Downloader McAfee 5187 2007.12.17 New Malware.u Microsoft 1.3109 2007.12.17 - NOD32v2 2728 2007.12.17 - Norman 5.80.02 2007.12.17 W32/Suspicious_N.gen Panda 9.0.0.4 2007.12.17 Trj/Banker.IBE Prevx1 V2 2007.12.17 - Rising 20.23.02.00 2007.12.17 - Sophos 4.24.0 2007.12.17 Mal/Packer Sunbelt 2.2.907.0 2007.12.15 - Symantec 10 2007.12.17 - TheHacker 6.2.9.161 2007.12.17 W32/Behav-Heuristic-067 VBA32 3.12.2.5 2007.12.17 suspected of Downloader.Banload.15 (paranoid heuristics) VirusBuster 4.3.26:9 2007.12.17 Packed/NSPack Webwasher-Gateway 6.6.2 2007.12.17 Trojan.Delphi.Downloader.Gen |
|
|
19-12-2007, 04:10 AM
|
#2 |
|
Guest
Posts: n/a
|
Re: NOD32 missed this one
Duh_OZ wrote:
> First 'miss' in a visited malware link. Link was from obtained from > a some e-mail that I think said I had an infected file. E-mail was in > Spanish, only partly comprende'd some of it ;-) > > hxxp://sath.hs.kr/bbs/skin/zero_vote/Symantec.exe > > Virus total: > > AhnLab-V3 2007.12.18.10 2007.12.17 - > AntiVir 7.6.0.45 2007.12.17 TR/Delphi.Downloader.Gen > Authentium 4.93.8 2007.12.16 Possibly a new variant of W32/NewMalware- > LSU-based!Maximus > Avast 4.7.1098.0 2007.12.17 - > AVG 7.5.0.503 2007.12.17 - > BitDefender 7.2 2007.12.17 BehavesLike:Trojan.Downloader > CAT-QuickHeal 9.00 2007.12.17 Win32.Packed.NSAnti.r > ClamAV 0.91.2 2007.12.17 - > DrWeb 4.44.0.09170 2007.12.17 Trojan.DownLoader.origin > eSafe 7.0.15.0 2007.12.17 suspicious Trojan/Worm > eTrust-Vet 31.3.5382 2007.12.17 - > Ewido 4.0 2007.12.17 - > FileAdvisor 1 2007.12.17 - > Fortinet 3.14.0.0 2007.12.17 - > F-Prot 4.4.2.54 2007.12.17 W32/NewMalware-LSU-based!Maximus > F-Secure 6.70.13030.0 2007.12.17 - > Ikarus T3.1.1.15 2007.12.17 Generic.Banker.Delf > Kaspersky 7.0.0.125 2007.12.17 Heur.Downloader > McAfee 5187 2007.12.17 New Malware.u > Microsoft 1.3109 2007.12.17 - > NOD32v2 2728 2007.12.17 - > Norman 5.80.02 2007.12.17 W32/Suspicious_N.gen > Panda 9.0.0.4 2007.12.17 Trj/Banker.IBE > Prevx1 V2 2007.12.17 - > Rising 20.23.02.00 2007.12.17 - > Sophos 4.24.0 2007.12.17 Mal/Packer > Sunbelt 2.2.907.0 2007.12.15 - > Symantec 10 2007.12.17 - > TheHacker 6.2.9.161 2007.12.17 W32/Behav-Heuristic-067 > VBA32 3.12.2.5 2007.12.17 suspected of Downloader.Banload.15 (paranoid > heuristics) > VirusBuster 4.3.26:9 2007.12.17 Packed/NSPack > Webwasher-Gateway 6.6.2 2007.12.17 Trojan.Delphi.Downloader.Gen I notice they're using NOD32 version 2. Am I dreaming to hope that the new version 3 would have caught it? But seriously, why don't they move to version 3 for testing purposes? Louise |
|
|
|
20-12-2007, 04:54 PM
|
#3 |
|
Guest
Posts: n/a
|
Re: NOD32 missed this one
On Dec 18, 10:10 pm, louise <lou...@invalid.invalid> wrote:
> Duh_OZ wrote: > > First 'miss' in a visited malware link. Link was from obtained from > > a some e-mail that I think said I had an infected file. E-mail was in > > Spanish, only partly comprende'd some of it ;-) > > > hxxp://sath.hs.kr/bbs/skin/zero_vote/Symantec.exe > > > Virus total: > > > AhnLab-V3 2007.12.18.10 2007.12.17 - > > AntiVir 7.6.0.45 2007.12.17 TR/Delphi.Downloader.Gen > > Authentium 4.93.8 2007.12.16 Possibly a new variant of W32/NewMalware- > > LSU-based!Maximus > > Avast 4.7.1098.0 2007.12.17 - > > AVG 7.5.0.503 2007.12.17 - > > BitDefender 7.2 2007.12.17 BehavesLike:Trojan.Downloader > > CAT-QuickHeal 9.00 2007.12.17 Win32.Packed.NSAnti.r > > ClamAV 0.91.2 2007.12.17 - > > DrWeb 4.44.0.09170 2007.12.17 Trojan.DownLoader.origin > > eSafe 7.0.15.0 2007.12.17 suspicious Trojan/Worm > > eTrust-Vet 31.3.5382 2007.12.17 - > > Ewido 4.0 2007.12.17 - > > FileAdvisor 1 2007.12.17 - > > Fortinet 3.14.0.0 2007.12.17 - > > F-Prot 4.4.2.54 2007.12.17 W32/NewMalware-LSU-based!Maximus > > F-Secure 6.70.13030.0 2007.12.17 - > > Ikarus T3.1.1.15 2007.12.17 Generic.Banker.Delf > > Kaspersky 7.0.0.125 2007.12.17 Heur.Downloader > > McAfee 5187 2007.12.17 New Malware.u > > Microsoft 1.3109 2007.12.17 - > > NOD32v2 2728 2007.12.17 - > > Norman 5.80.02 2007.12.17 W32/Suspicious_N.gen > > Panda 9.0.0.4 2007.12.17 Trj/Banker.IBE > > Prevx1 V2 2007.12.17 - > > Rising 20.23.02.00 2007.12.17 - > > Sophos 4.24.0 2007.12.17 Mal/Packer > > Sunbelt 2.2.907.0 2007.12.15 - > > Symantec 10 2007.12.17 - > > TheHacker 6.2.9.161 2007.12.17 W32/Behav-Heuristic-067 > > VBA32 3.12.2.5 2007.12.17 suspected of Downloader.Banload.15 (paranoid > > heuristics) > > VirusBuster 4.3.26:9 2007.12.17 Packed/NSPack > > Webwasher-Gateway 6.6.2 2007.12.17 Trojan.Delphi.Downloader.Gen > > I notice they're using NOD32 version 2. Am I dreaming to > hope that the new version 3 would have caught it? > > But seriously, why don't they move to version 3 for testing > purposes? > > Louise ========== Just submitted it again, and just two more vendors flagged it (Sunbelt and ClamAV). NOD32 still missing it *ugh* NOD32 on my computer: NOD32 antivirus system information Virus signature database version: 2738 (20071220) Dated: Thursday, December 20, 2007 Virus signature database build: 11461 Information on other scanner support parts Advanced heuristics module version: 1068 (20071119) Advanced heuristics module build: 1169 Internet filter version: 1.002 (20040708) Internet filter build: 1013 Archive support module version: 1.059 (20071108) Archive support module build version: 1197 Information about installed components NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Base Version: 2.70.39 NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Internet support Version: 2.70.39 NOD32 for Windows NT/2000/XP/2003/Vista/x64 - Standard component Version: 2.70.39 Operating system information Platform: Microsoft Windows 2000 Version: 5.0.2195 Service Pack 4 Version of common control components: 5.81.4968 RAM: 1024 MB Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz (2999 MHz) |
|
|
|
22-12-2007, 05:06 AM
|
#4 |
|
Guest
Posts: n/a
|
Re: NOD32 missed this one
Duh_OZ wrote:
> On Dec 18, 10:10 pm, louise <lou...@invalid.invalid> wrote: >> Duh_OZ wrote: >>> First 'miss' in a visited malware link. Link was from obtained from >>> a some e-mail that I think said I had an infected file. E-mail was in >>> Spanish, only partly comprende'd some of it ;-) >>> hxxp://sath.hs.kr/bbs/skin/zero_vote/Symantec.exe >>> Virus total: >>> AhnLab-V3 2007.12.18.10 2007.12.17 - >>> AntiVir 7.6.0.45 2007.12.17 TR/Delphi.Downloader.Gen >>> Authentium 4.93.8 2007.12.16 Possibly a new variant of W32/NewMalware- >>> LSU-based!Maximus >>> Avast 4.7.1098.0 2007.12.17 - >>> AVG 7.5.0.503 2007.12.17 - >>> BitDefender 7.2 2007.12.17 BehavesLike:Trojan.Downloader >>> CAT-QuickHeal 9.00 2007.12.17 Win32.Packed.NSAnti.r >>> ClamAV 0.91.2 2007.12.17 - >>> DrWeb 4.44.0.09170 2007.12.17 Trojan.DownLoader.origin >>> eSafe 7.0.15.0 2007.12.17 suspicious Trojan/Worm >>> eTrust-Vet 31.3.5382 2007.12.17 - >>> Ewido 4.0 2007.12.17 - >>> FileAdvisor 1 2007.12.17 - >>> Fortinet 3.14.0.0 2007.12.17 - >>> F-Prot 4.4.2.54 2007.12.17 W32/NewMalware-LSU-based!Maximus >>> F-Secure 6.70.13030.0 2007.12.17 - >>> Ikarus T3.1.1.15 2007.12.17 Generic.Banker.Delf >>> Kaspersky 7.0.0.125 2007.12.17 Heur.Downloader >>> McAfee 5187 2007.12.17 New Malware.u >>> Microsoft 1.3109 2007.12.17 - >>> NOD32v2 2728 2007.12.17 - >>> Norman 5.80.02 2007.12.17 W32/Suspicious_N.gen >>> Panda 9.0.0.4 2007.12.17 Trj/Banker.IBE >>> Prevx1 V2 2007.12.17 - >>> Rising 20.23.02.00 2007.12.17 - >>> Sophos 4.24.0 2007.12.17 Mal/Packer >>> Sunbelt 2.2.907.0 2007.12.15 - >>> Symantec 10 2007.12.17 - >>> TheHacker 6.2.9.161 2007.12.17 W32/Behav-Heuristic-067 >>> VBA32 3.12.2.5 2007.12.17 suspected of Downloader.Banload.15 (paranoid >>> heuristics) >>> VirusBuster 4.3.26:9 2007.12.17 Packed/NSPack >>> Webwasher-Gateway 6.6.2 2007.12.17 Trojan.Delphi.Downloader.Gen >> I notice they're using NOD32 version 2. Am I dreaming to >> hope that the new version 3 would have caught it? >> >> But seriously, why don't they move to version 3 for testing >> purposes? >> >> Louise > > ========== > Just submitted it again, and just two more vendors flagged it (Sunbelt > and ClamAV). NOD32 still missing it *ugh* > > NOD32 on my computer: > > NOD32 antivirus system information > Virus signature database version: 2738 (20071220) > Dated: Thursday, December 20, 2007 > Virus signature database build: 11461 > > Information on other scanner support parts > Advanced heuristics module version: 1068 (20071119) > Advanced heuristics module build: 1169 > Internet filter version: 1.002 (20040708) > Internet filter build: 1013 > Archive support module version: 1.059 (20071108) > Archive support module build version: 1197 > > Information about installed components > NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Base > Version: 2.70.39 > NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Internet support > Version: 2.70.39 > NOD32 for Windows NT/2000/XP/2003/Vista/x64 - Standard component > Version: 2.70.39 > > Operating system information > Platform: Microsoft Windows 2000 > Version: 5.0.2195 Service Pack 4 > Version of common control components: 5.81.4968 > RAM: 1024 MB > Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz (2999 MHz) as of 12/0412/22, EST, I have signature 2741. BUT - my issue was that they are still using version 2 of NOD32 when NOD has moved to version 3 and I wonder if the same results, or lack thereof, would be obtained. Louise |
|
|
|
22-12-2007, 03:53 PM
|
#5 |
|
Guest
Posts: n/a
|
Re: NOD32 missed this one
On Dec 21, 11:06 pm, louise <lou...@invalid.invalid> wrote:
> > BUT - my issue was that they are still using version 2 of > NOD32 when NOD has moved to version 3 and I wonder if the > same results, or lack thereof, would be obtained. > > Louise ============ I was tired of waiting for NOD to detect it so I e-mailed Eset (samples@eset.com) the file last night. I'll test it again on Sunday. BTW, the malware link seems to be broken now. |
|
|
|
|
| Thread Tools | |
| Rate This Thread | |
|
|
