http://www.dslreports.com/r0/download/370216~c86b5a69515c431301e89cc2c1570831/Clipboard.jpg

Does NOD detect/defend against this or does it not? Pete

Pete,

Seems like a nice picture from AVG v7 ;) talking about a "a possible" infection. Could you provide some more info? In case you do have a copy from the file in question, please zip it and send me a copy and submit one to Eset as well.

regards.

paul

Excuse me, but I believe you guys read DSL's security forum as much as I do.

In case you don't, the thread I'm referring to is here: http://www.dslreports.com/forum/remark,7121059~root=security,1~mode=flat . It provides the screenie I linked to, as well as McAfee "hits" from something similar.

I'm trying to clarify if this is a threat or a wild-goose-chase.

TIA Pete

Pete,

-{ Quote: "Excuse me, but I believe you guys read DSL's security forum as much as I do." }-

Can't say anything about "as much.." ;) Actually, I just pressed your link, Pete, and the pic showed up.

-{ Quote: "I'm trying to clarify if this is a threat or a wild-goose-chase." }-

We well need a sample anyway in order to verify all this ;)

regards.

paul

Originally the worm (?) that Vamp said he was using that NOD couldn't pick up was Trojan.BAT.KillAV.h

But he said it was not the same as the one by that name found in the Symantec virus library and was instead perhaps a variant of that or two others (with different names) found in the McAffee library.

Then he has a screen shot showing AVG ID'ing it as possibly BAT/HitOut.

As for the screenshot showing nodwnten.exe/NOD32.BAT I frankly am not sure what that's supposed to mean really. The only nodwnten.exe file I have is the downloaded executable to install NOD version 1. So...?

-{ Quote: " quoting: sig link=board=39;threadid=10359;start=0#msg67286 date=1055791520]
Originally the worm (?) that Vamp said he was using that NOD couldn't pick up was Trojan.BAT.KillAV.h" }-

There's no way to verify this, without a sample from the actual file - which couldn't be traced/found by anyone.

-{ Quote: "But he said it was not the same as the one by that name found in the Symantec virus library and was instead perhaps a variant of that or two others (with different names) found in the McAffee library." }-

No offense, but I for one will not go for hearsay. The one and only right thing to do is submitting the file to AV/AT developpers. Only after verification we'll know for sure. For the benefit of all, submitting the file is the way to go - I'm sure Vamp does know this, and will do so for the benefit of all AV/AT software users. A matter of normal social behaviour.

-{ Quote: "Then he has a screen shot showing AVG ID'ing it as possibly BAT/HitOut." }-

Indeed.

-{ Quote: "As for the screenshot showing nodwnten.exe/NOD32.BAT I frankly am not sure what that's supposed to mean really. The only nodwnten.exe file I have is the downloaded executable to install NOD version 1. So...?
" }-

..it's an obscure zoo file as it seems, as there are many. This has nothing to do with your installled NOD32 version. I for one would like to know where this file actually comes from, since no one seems to be able to track it down (sic).

regards,

paul

Oh, of course it's all hearsay. I quite understand that. And the mystery file of somewhat dubious nomenclature seems somewhat....elusive at the moment. ;)

As for the nodwnten thing, perhaps it's simply a renamed file or concoction containing the elusive mystery worm. An added touch, perhaps. ;) That's why it didn't make sense to me what the screenshots were purporting to show.

;D

It seems the latest definition release now has it covered ;)

-{ Quote: " quoting: Tinribs link=board=39;threadid=10359;start=0#msg67482 date=1055864146]
It seems the latest definition release now has it covered ;)
" }-

Kev,

Since it has been put ITW (now...), and Eset did grab a sample: yup ;)

regards.

paul