http://www.notmyblog.com/images/trojan downloader.jpg

Little bugger I was pointed to browsing around over @ broadbandreports (Didn't link cause the posts include the link to DL this puppy). DL'ed it into a VM and confirmed that NOD32 doesn't detect it. Ran it, and NOD does pick up a couple little buggers it attempts to DL and install. Just to checkup, I checked the registry and what not, and it looks like a couple little bugs (pieces of bugs maybe?) did slip through. On a pass through with EWIDO it picks up a couple .dlls labeled:
Trojan.Mezzia
Adware.Virtumonde

The Downloader and the DLLs have been submitted for analysis via the internalsubmission tool in NOD32.

-Cov

Note: Yes, the VM is clean. It gets reset to a blank slate after every use.

you should better submitt it to sample [at] nod32.com rather than the internal submission tool in NOD32. ;)

-{ Quote: "...The Downloader and the DLLs have been submitted for analysis via the internalsubmission tool in NOD32..." }-Thanks covaro :)

-{ Quote: "you should better submitt it to sample [at] nod32.com rather than the internal submission tool in NOD32. ;)" }-
Could you elaborate on this statement-surely they perform the same function?

the internal submission tool in NOD32 is for heuristically detected viruses. Non detected samples should be submitted to sample [at] nod32.com.
This is what I know. Marcos can confirm it.

I can submit via email when I get home tonight.

-Cov

-{ Quote: "the internal submission tool in NOD32 is for heuristically detected viruses. Non detected samples should be submitted to sample [at] nod32.com.
This is what I know. Marcos can confirm it." }-
Hmm so why the ability to submit for analysis items in quarantine?

they've added 4 Trojan.Downloader.Small in version 1.1672. Maybe they've added yours also because they're monitoring VirusTotal also and since you've scanned your file there.... ;)

All files that are sent to VT and Jotti's are automatically submitted to any products that do not detect them.

-{ Quote: "Hmm so why the ability to submit for analysis items in quarantine?" }-
Items in quarantine are files flagged by NOD32 as unknown viruses (with heuristic engine).

Items in quarantine are whatever you have configured your NOD32 to put there regardless of by what mechanism the detection is, or what you have put there manually....

yes, that's right but the send feature was designde especially for heuristic detection as far as I know. ;)

-{ Quote: "yes, that's right but the send feature was designde especially for heuristic detection as far as I know. ;)" }-I'm pretty sure that it's just for whatever things need to be sent to ESET - Have you read that somewhere?

-{ Quote: "I'm pretty sure that it's just for whatever things need to be sent to ESET - Have you read that somewhere?" }-

Just a thought...
Doesn't ESET have two different e-mails for samples submission; one for heuristic detection (sample(at)eset.com) and one for unknown (samples(at)eset.com)? How will the program know where to send the samples?

-{ Quote: "they've added 4 Trojan.Downloader.Small in version 1.1672. Maybe they've added yours also because they're monitoring VirusTotal also and since you've scanned your file there.... ;)" }-

Yup, she was detected now... go ESET. 8)

nice to hear that. ;)