Hello

1 - scanning

2 - after reboot pc


any ideas?



Most regards,

NF

Hello, this isn't FP 100%.

A virus for sure

v3 - not detect

v4 - detect



Each time you restart the pc it says is the lack of file ... if it were a virus was the same?

Maybe V4 has better malware detection, i have some files that are detected in V3 but not in V2

{QUOTE-> v3 - not detect

v4 - detect <-QUOTE}

This should be checked . Are you sure ? Nowhere have I read that detection was improved in this regards

{QUOTE-> Each time you restart the pc it says is the lack of file <-QUOTE}

because the file is gone but the reg key is not (most likely)

{QUOTE-> Maybe V4 has better malware detection, i have some files that are detected in V3 but not in V2 <-QUOTE}


Could you send them to me (please load them somewhere and PM me links) . I am very interested because all I have seen was detected by both versions - just curious . Thanks!

Win32/Adware.Virtumonde produces amount of DLLs in system folders and every file hasn't to be detected, too. When you remove only file without his Registry values, OS calls this DLL at startup everytime. I recommend you check this in ESET SysInspector.

{QUOTE-> Could you send them to me (please load them somewhere and PM me links) . I am very interested because all I have seen was detected by both versions - just curious . Thanks! <-QUOTE}

Of course, as soon as PM's are available again

{QUOTE-> This should be checked . Are you sure ? Nowhere have I read that detection was improved in this regards



because the file is gone but the reg key is not (most likely) <-QUOTE}



v3 data base virus setup installation

v4 data base virus setup installation


not update internet connection


you can see for myself if the virus was present in v3 database?




Regards,
NF

{QUOTE-> Of course, as soon as PM's are available again <-QUOTE}


I got it . thanks! :thumb:

{QUOTE-> Of course, as soon as PM's are available again <-QUOTE}

As far as I'm concerned, exchanging malware samples is not allowed at Wilders, but correct me if I'm wrong. Could you please send a log from SysInspector to samples[at]eset.com with this thread's url in the subject?

{QUOTE-> v3 data base virus setup installation

v4 data base virus setup installation


not update internet connection

<-QUOTE}


I just noticed from your screenshot that the program is not up-to-date but with old signatures . Do you mean that you were running v3 with definitions out of date - the one that came integrated in the installer ? If so , it is normal because the v4 installer does have newer signature version than the one from the v3 installer of 3.0.672

{QUOTE-> As far as I'm concerned, exchanging malware samples is not allowed at Wilders, but correct me if I'm wrong. <-QUOTE}

He didn't post them for the public , just sent them for me in-private. This way nobone can get infected .

{QUOTE-> As far as I'm concerned, exchanging malware samples is not allowed at Wilders, but correct me if I'm wrong. Could you please send a log from SysInspector to samples[at]eset.com with this thread's url in the subject? <-QUOTE}

It is not malware, its a keygen, and i'm sure it didnt do anything at all, but the strange thing, is that is detected in V3 as a variant of Win32/Agent Trojan, but V2 do not detect it with all options enabed

Ah, BTW Marcos, i think u should show more interesting in answering things very important like this http://www.wilderssecurity.com/showthread.php?t=225634

And no worrying about such trivial stuff.

{QUOTE-> I just noticed from your screenshot that the program is not up-to-date but with old signatures . Do you mean that you were running v3 with definitions out of date - the one that came integrated in the installer ? If so , it is normal because the v4 installer does have newer signature version than the one from the v3 installer of 3.0.672 <-QUOTE}



yes friend, signatures database setup, no updates internet connection



Most Regards,
NF

Hello,

Please submit the file in a password-protected archive to samples@eset.sk with a link to this message thread.

Regards,

Aryeh Goretsky

{QUOTE-> Hello

1 - scanning

2 - after reboot pc


any ideas?



Most regards,

NF <-QUOTE}

{QUOTE->
And no worrying about such trivial stuff. <-QUOTE}

It's not a trivial stuff at all, maybe it seems so to you, but it's not. I cannot answer the other question right now. Please send the ESI log as requested to samples[at]eset.com with this thread's url in the subject. The file is 100% Virtumonde, but I'd like to check the log to see where it's registered and what application could have dropped it.

{QUOTE-> It's not a trivial stuff at all, maybe it seems so to you, but it's not. I cannot answer the other question right now. Please send the ESI log as requested to samples[at]eset.com with this thread's url in the subject. The file is 100% Virtumonde, but I'd like to check the log to see where it's registered and what application could have dropped it. <-QUOTE}



Send tomorrow Marcos



Thank you

{QUOTE-> It is not malware, its a keygen <-QUOTE}

By the way , you should submit the keygen file as false positive because it really isn't malware (IMO) .

{QUOTE-> By the way , you should submit the keygen file as false positive because it really isn't malware (IMO) . <-QUOTE}

I for one think that keygens are not desired stuff in corporate environment. Should we really spend precious time removing detection for keyloggers instead of dealing with malware? :-\

{QUOTE-> I for one think that keygens are not desired stuff in corporate environment. Should we really spend precious time removing detection for keyloggers instead of dealing with malware? :-\ <-QUOTE}

If it is not malware, u should.

{QUOTE-> I for one think that keygens are not desired stuff in corporate environment. <-QUOTE}

I agree .

{QUOTE-> Should we really spend precious time removing detection for keyloggers instead of dealing with malware? :-\ <-QUOTE}

Do you have this file ? You detect it as a variant of Trojan Agent . Is it trojan actually ? I doubt . "It's a keygen so let's detect it even though it is not a malware" - I didn't expect to hear such thing from you.

I think if you want to you use a keygen, just exclude it :)

{QUOTE-> I think if you want to you use a keygen, just exclude it :) <-QUOTE}

I am not using cracks . We are talking about something else , the fact this sample is not actually a trojan.

Indeed, if it's not a trojan, don't tell us it's one. Totally misleading, and to make things worse, you're bloating up the DB.

Makes me wonder if it is true that some companies pays some money to the AV's developers to detect some stuff that can affect their sells.

REsolved Post


1 - restore dll file

2 - scanning full options

3 - disappear rundll dependence after reboot pc

{QUOTE->
3 - disappear rundll dependence after reboot pc <-QUOTE}


Do this mean that NOD32 actually removed the reg key