Hi peeps.

Well just curious why nod 32 couldent find this virus.
(not sure its a virus doh)

Downloaded a file and scaned it with nod32 and it was clean
but 2 be sure it was clean i did a online scan and jikes
guess i was surprised when it told me this:

BitDefender 7.0 09.27.2004 -
ClamWin devel-20040822 09.27.2004 -
F-Prot 3.15a 09.27.2004 security risk or backdoor
Kaspersky 4.0.2.24 09.28.2004 VirTool.Win32.Allinwon
McAfee 4394 09.22.2004 -
NOD32v2 1.879 09.27.2004 -
Norman 5.70.10 09.24.2004 -
Panda 7.02.00 09.27.2004 -
Sybari 7.5.1314 09.28.2004 VirTool.Win32.Allinwon
Symantec 8.0 09.27.2004 -
TrendMicro 7.100 09.26.2004 -


btw sry for my poor english.

{QUOTE-> Hi peeps.

Well just curious why nod 32 couldent find this virus.
(not sure its a virus doh)

Downloaded a file and scaned it with nod32 and it was clean
but 2 be sure it was clean i did a online scan and jikes
guess i was surprised when it told me this... <-QUOTE}
Hi Emniman, welcome to Wilders.

Can you please ZIP that file and send it to samples@nod32.com

Let us know how you go...

Cheers ;D

Thnx for the fast response.

Iv sent the file and lets see what they have 2 say.
Will tell u how it goes.

{QUOTE-> ...Iv sent the file and lets see what they have 2 say.
Will tell u how it goes. <-QUOTE}
Thanks for that...

Cheers ;D

could u tell me the details of the file you downloaded?

it looks as thought the other AV's have only picked it up as a possible,
so your probably safe.

do u have a firewall, if so is there any new suspicious outbound traffic?
somtimes trojan downloaders behave like this, a file is downloaded that sends out requests for the rest of the file[eg in 2 or more parts, 2 try an beat detection] u could check the firewall logs if u have already deleted it.

ive heard of similar false positives though latlely with webroot software[windows washer and other pros]

after a bit of investigating that file "VirTool.Win32.Allinwon" is a virus generator,
not tech a virus, its classed as spyware/maleware. if it came with a program that has an end user agreement, pros such as adaware probably wont pick it up, for legal reasons.

check your task manager for a running process "aiw.exe"
kill this task if present.
then search with explorer for the same file and delete.

this file is quite old an should have been detected if that is what it really is.

Thnx peeps for the info.
Havent got any mail from nod32 yet.

Yepp iv got a fire wall - one software and one hardware - :)
but i havent executed the file yet b/c i didnt know what virus/trojan it was.

that file i downloaded was a simple exe file - found it on a forum and some said it was a virus in it and some said it wasnt - so i downloaded the file 2 see for my self and in that way it is - what this file does? - i havent got a clue - :)

Just a little update - with the newest pattern 1.881 so finds Nod32 the virus.
:D

Keep up the good work Eset.

Along the same lines, I submitted a file to http://virusscan.jotti.dhs.org/ for analysis and NOD32 was the only scanner that didn't pick up the trojan. The malware was TrojanDropper.Win32.Kuang, so yesterday I submitted to Eset and I was pleasantly surprised to see that today NOD32 now detects this. At present, I'm only trialing this AV, but if the response is always this quick I just might get the 2 yr license that I've been considering.

Good to see the results Emniman and Se7engreen...

Thanks for keeping us up to date...

Cheers ;D