View Full Version : Istbar Trojan
DON23
July 8th, 2005, 01:46 PM
Hi Guys,
i was just testing out arcavir so i performed an online scan. It turned out that my c was clean.
Then,
I downloaded KAV personal 2006 and without tweaking any settings i started scanning...
It detected the Istbar downloader ( trojan ) and also indicated the location. I traced the file and right-clicked scan with NOD.
Nothing found...
Scanned again with KAV and there it was...Strange....
ronjor
July 8th, 2005, 01:56 PM
Send it to KAV and get an analysis.
zashita
July 8th, 2005, 01:59 PM
-{ Quote: "Send it to KAV and get an analysis." }-
And send it to ESET too :)
DON23
July 8th, 2005, 02:00 PM
Didnt think of that...
Deleted already...
alglove
July 8th, 2005, 02:01 PM
Do you have NOD32 set to detect Adware/Spyware/Riskware? If you do, and it is still slipping through, try submitting the file to Eset.
DON23
July 8th, 2005, 02:04 PM
NOD is full blown. Using NOD for a year now. Still keeping the faith but i remember seein the file before. Performed several scans since then.
Data was called if it helps.
DON23
July 8th, 2005, 02:09 PM
VIRUS LIST EXPLANATION (http://www.viruslist.com/en/search?VN=Trojan-Downloader.Win32.IstBar.kc)
DON23
July 8th, 2005, 02:14 PM
Recovered the file.
Can someone direct me on how can i submit the file to ESET and KAV?
DON23
July 8th, 2005, 02:18 PM
Screenshot
Bubba
July 8th, 2005, 02:20 PM
From the title of your thread and the link you provided @ virus list causes me to ask and not assume wrongly....do have yesterdays update ? :-\
rothko
July 8th, 2005, 02:21 PM
NOD32 does detect variants of Istbar: http://www.nod32.com/support/info.htm#CurVersion
zashita
July 8th, 2005, 02:21 PM
-{ Quote: "Recovered the file.
Can someone direct me on how can i submit the file to ESET and KAV?" }-
In Nod32
Open the Control Center-> nod32 system tools -> quarantine, click on the button Add. You will add a copy in quarantine.
then select the file, and click on the button 'Submit for analysis'
OR
create a zip file with it inside, a password protected zip, password= 'infected', and send it to sample@nod32
ronjor
July 8th, 2005, 02:24 PM
-{ Quote: "Recovered the file.
Can someone direct me on how can i submit the file to ESET and KAV?" }-
To submit to Eset, hit quarantine in the tray icon, and then, submit.
KAV: zip it up and put it in a password protected zip file. Password being "infected".
newvirus @ kaspersky.com
DON23
July 9th, 2005, 05:19 PM
sTILL NO ANSWER OR DETECTION SIGNATURE BY ESET....
Concened user
July 9th, 2005, 09:08 PM
I had this same problem a few weeks back. I did a scan with NOD and it found nothing, but I also did one with Panda online scanner and it found this Trojan in my Opera temp internet files folder. So I simply deleted the entire contents of the folder and rescanned. The scan with NOD was setup to detect everything with all options full on.
ronjor
July 9th, 2005, 10:04 PM
You wouldn't happen to have the full name of the trojan that was detected would you?
If so, would you mind posting it here? :)
rumpstah
July 9th, 2005, 11:57 PM
I have many samples that other AV detect as a threat, but when run come back as an "Invalid Win32 application" (i.e. non-functional sample). One may think that it is a file that should not be there. On the other hand, adding broken (non-functional) signatures also creates more false positives. I would rather have less false positives than less non-functional files.
DON23
July 10th, 2005, 02:17 AM
Here it is.
It is in a normal file, no temp...
rothko
July 11th, 2005, 10:25 AM
Win32/TrojanDownloader.IstBar.KC added to the database today :)
Brian N
July 11th, 2005, 11:14 AM
During weekends, you should'nt expect any reply from Eset.
They did however add it to the signature db today.
http://www.eset.sk/support/info.htm#CurVersion
shamsay
July 11th, 2005, 12:50 PM
Keep good work ESET.:)signature db always update day by day.feel very protected :)
TonyKlein
July 11th, 2005, 01:17 PM
Also, let's not forget that this dangerous 'trojan' is actually *just* an adware downloader, not a real Remote Administration Tool....
ESET are doing great!
Also, a few days ago I submitted a new threat submitted by a poster at this board, a file called svchelper.exe.
VirusTotal Results:
AntiVir 6.31.0.9 07.09.2005 no virus found
AVG 718 07.08.2005 no virus found
Avira 6.31.0.9 07.09.2005 no virus found
BitDefender 7.0 07.10.2005 no virus found
ClamAV devel-20050501 07.08.2005 no virus found
DrWeb 4.32b 07.10.2005 no virus found
eTrust-Iris 7.1.194.0 07.10.2005 no virus found
eTrust-Vet 11.9.1.0 07.08.2005 no virus found
Fortinet 2.36.0.0 07.09.2005 no virus found
Ikarus 2.32 07.08.2005 no virus found
Kaspersky 4.0.2.24 07.10.2005 no virus found
McAfee 4531 07.08.2005 no virus found
NOD32v2 1.1164 07.08.2005 probably unknown NewHeur_PE virus
Norman 5.70.10 07.07.2005 no virus found
Panda 8.02.00 07.10.2005 no virus found
Sybari 7.5.1314 07.10.2005 no virus found
Symantec 8.0 07.09.2005 no virus found
TheHacker 5.8.2.069 07.10.2005 no virus found
VBA32 3.10.4 07.10.2005 no virus found
I subsequently submitted it to a number of developers, and Sophos are now adding it as W32/Monkbd-A, Kaspersky as Backdoor.Win32.RBot.uj
ESET are now calling it Win32/VB.NAN
But remember they were the ONLY one to actually recognize it as malware before anyone had seen it ! http://malware-research.co.uk/Smileys/default/yeah.gif
vBulletin® Copyright ©2000-2012, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2012, Wilders Security Forums