This afternoon I laughed really loud. Please allow me to share this with you, NOD32 Forum Members. Hopefully it will advise Mr. "I'llkeepthenameprivate" at ESET's support the dos and dont's about sending e-mails.

Here's my question to Suppport: "Yesterday, visiting a web site, NOD32 warned me about a "probably modified trojan VBS/Wisis.D". This is included in your NOD32 - v.1.837 (20040810). Since I can't find it's description in your Virus descriptions database, can you please send me further information on what is this trojan, and what it does".

Today, 24 hours after my e-mail (and that's VERY good), I got ESET's reply. English is not my mother language, maybe I didn't place the question in a good English, so Mr. X answered me the meaning for "probably modified":
"NOD32 was finding too many false positives so the description was modified".

I'll be grateful if someone will come with further information on what is this trojan, and what it does.

The funny thing: The e-mail I receive had a Aqua color background, a Blue font, and a .bmp screen shot attached. The e-mail size was 3,7MB plus.
I believe the 3,616KB attachement would be a bit more then 300KB converted to jpeg. C'mon Mr. X. Even M$ Paint can convert files and colored backgrounds do not give your customers a Professional feeling.

Thanks for making me laugh, anyway. I forgot the last time I did it ;D ;)

{QUOTE-> ...I'll be grateful if someone will come with further information on what is this trojan, and what it does.... <-QUOTE}
Detected by Nod32 since v.1.837 (20040810)

More info here:

http://www.sophos.com/virusinfo/analyses/vbswisisa.html

Hope this helps...

Cheers ;D

Why do we have to go to other companies web sites to find out about detections with NOD?

{QUOTE-> Why do we have to go to other companies web sites to find out about detections with NOD? <-QUOTE}I certainly agree in principle; however given a likely situation of limited manpower, I guess that I personally would prefer that those really knowledgeable about these things just keep pounding out detection code. That's to say, even without a great online/offline virus description database, I think that Eset is doing many other things so much better than its far larger rivals (i.e., Symantec/Norton, McAfee, Trend Micro, etc.) that I'm a pretty happy camper overall.

BTW, many of you probably already know about this site (since I probably learned of it myself here at Wilders), but I think that this Virus Bulletin VGrep (http://www.virusbtn.com/resources/vgrep/) utility is pretty handy. You enter a search term and it shows how the various AV products list that particular entry. It's perhaps not extremely current, but nevertheless fairly useful, IMHO.

{QUOTE-> Why do we have to go to other companies web sites to find out about detections with NOD? <-QUOTE}
Exactly, I do know they are working on something, have been for a while...

Cheers ;D

OK OK, I was just asking a question. I agree the detection code is way more important, It's just frustrating to tell people, Hey NOD stopped this but you have to go to Symantec's ( or Sophos or KAV or whatever) site to find out about the particulars.

{QUOTE-> ...It's just frustrating to tell people, Hey NOD stopped this but you have to go to Symantec's ( or Sophos or KAV or whatever) site to find out about the particulars. <-QUOTE}
Agreed, it's also not good for Eset, as in, we don't have the information available, you will have to go our opposition...

Cheers ;D