PDA

View Full Version : New virus not detected by NOD at this time

Mack Jones
March 29th, 2004, 12:39 PM
I've just received a file from

http://nick.vallet.free.fr/samples/Image2.png

detected as

http://nick.vallet.free.fr/samples/Image1.png

by KAV Online
McAfee and NOD32 aren't able to detect it for the moment...
It adds two dll in Winnt/system32 (kloginfo.dll if I remember).
Take care !
;)
Regards,
Nick


Edit: it uses w32_ss.exe and koginfo and connect itself to the net :-\
but I'm unable to stop this process at startup, there is no "w32_ss.exe" key in the registry... ???

may be a backdoor:
http://www.megasecurity.org/trojans/a/a-311death/A-311death1.20.html

I will format my HD, I'm unable to stop the process at startup and delete it :'(
Paul Wilders
March 29th, 2004, 12:55 PM
Nick,

Do us a favor and send a copy to samples@eset.com as well as one to my email addres please (see my profile) ;)

Thanks in advance,

paul
Mack Jones
March 29th, 2004, 01:16 PM
Dear Paul,
WYWIWYG, done !
;)
FluxGFX
March 29th, 2004, 01:20 PM
Interesting... could you send a copy by my email address ( see profile )
Paul Wilders
March 29th, 2004, 01:42 PM
{QUOTE-> quoting: Nick Jr III link=board=39;threadid=26156;start=0#msg151719 date=1080584183]
Dear Paul,
WYWIWYG, done !
;)
<-QUOTE}

Thanks Nick - I'll check my inbox in a minute or so 8)

Flux,

{QUOTE-> could you send a copy by my email address ( see profile ) <-QUOTE}

No doubt you are entitled to ask for malware this way.

Overall, we do not encourage sending malware if requested. Call us old fashioned - but the essence from this recommendation is preventing people to put there system at risk. I do hope you see my point of view ;)

regards.

paul
FluxGFX
March 29th, 2004, 01:48 PM
In regard to your statement Paul,

I completely understand.
It out of curiosity has this ain't going to affect much but I'm running on a secured Linux enviroment :)

But if asked to, I will not asked further on for samples.
Paul Wilders
March 29th, 2004, 02:01 PM
Flux,

As stated: anyone is free over here to ask - and for sure you are no expection to the rule ;)

Glad to hear you've got your defenses covered! The statement made has been a general one - as said, we would hate to see people having their system wrecked as a result from asking and receiving malware, and I'm pretty sure this could/would happen (too) often.

regards.

paul
FluxGFX
March 29th, 2004, 02:15 PM
Very True.

But something to remember ( nothing is impossible and Linux is no exeption it does and can get infected pretty badly ) ;)