IRC Bot not flagged by NOD32

Hello,

This one : h***://<removed>/virus/picture-14.exe

Bitdefender, KAV, MacAfee and Panda received a sample on 0515 like NOD32 and other AVers.

KAV adds it to its DB 2 hours later, Bitdefender 8 hours later. MacAfee and Panda today.

NOD32 doesnot detect it even with advanced heuristic till now.

Regards,

No links on this forum to malware--Ron

[Marcos]

Please refrain from posting urls pointing to malicious files here. If you find a suspicious file not detected by NOD32 send it to samples@eset.com for further analysis. Also, bear in mind the following:
1. No AV scanner detects 100% of all threats in the world
2. Many other AV scanners flag also corrupted and non-functional files as infected

PS: the url doesn't seem to work now

Quote:

Originally Posted by Marcos

Please refrain from posting urls pointing to malicious files here. If you find a suspicious file not detected by NOD32 send it to samples@eset.com for further analysis. Also, bear in mind the following:
1. No AV scanner detects 100% of all threats in the world
2. Many other AV scanners flag also corrupted and non-functional files as infected

PS: the url doesn't seem to work now

As you may see, I altered the URL before posting and if you replace *** by ttp, it 's still working and of course I sent a sample to samples@eset.com like to the other AVers 2 days ago.

1. Of course (see Cohen theoreme ) . The question is why some other AVers are more reactive than ESET.
2. This one is no false positive nor corrupted and fully functional as you could see if you run or decompile the sample I sent to you or d/l from the rebuild address

Hello,

Now with DB 1.1100 the malware is detected.

KAV detected it 2 hours after sample submission.
NOD32 after 4 days...
No other comment

[Marcos]

It's been said numerous times here that Eset picks up signatures on a per-need basis. Worms and in-the-wild malware has the highest priority.

[NOD32 user]

Thank You Marcos

Quote:

Originally Posted by Marcos

It's been said numerous times here that Eset picks up signatures on a per-need basis. Worms and in-the-wild malware has the highest priority.

FYI it's a worm

[.....]

FYI... its a trojan

Quote:

Originally Posted by .....

FYI... its a trojan

It is a worm with backdoor Trojan functionality, like a lot of worms nowadays....

When first run the worm copies itself to the Windows system folder as MSNMSGRS.EXE and is run at Windows start up awaiting for commands from a remote attacker

Do you mean as this worm install a backdoor it should not be considered as important for an AV/AT to detect it and protect its customers as soon as possible if they happend to get a sample ? Would it be more important in your opinion to detect a simple worm without armfull payload but just spreading in a larger scale ?

[dvk01]

I think what ESET are saying is that it is an IRC bot so needs USER intervention to activate and spread and they prioritize the worms that spread without user intervention and those that will infect the greatest number of people first

In an ideal world every sample would be analysed and include within minutes of being submitted, just as in the ideal world, you ring your doctor for an appointment, see him 5 minutes later and walk away cured, after one injection or pill, it just doesn't happen and you wait to see the doctor according to the priority of the illness

Quote:

Originally Posted by dvk01

I think what ESET are saying is that it is an IRC bot so needs USER intervention to activate and spread and they prioritize the worms that spread without user intervention and those that will infect the greatest number of people first

In an ideal world every sample would be analysed and include within minutes of being submitted, just as in the ideal world, you ring your doctor for an appointment, see him 5 minutes later and walk away cured, after one injection or pill, it just doesn't happen and you wait to see the doctor according to the priority of the illness

Hello,

As most virus, trojans and other malwares, you have to click on the PE to activate it of course All the recent worms and virus do require user intervention, no recent malwares on an up to date Windows OS can activate itself without user action. The fact that it"s an IRC bot does not mean you have to run IRC to activate it

What is surprising is that NOD32 is renowned for its strong heuristic and it did not catch it with advanced heuristic. Other products catched it heuristically without updating their DB.
Surprising too : it takes 3 updates between submission and adding a simple sig in the DB.
Also strange, no answer, even automatic after sample submission. It does not look very professional from a simple customer point of view : I knew it was a backdoor when submitting, it took me 2 minutes to verify by myself

Does not seem to be "high priority" this last days for AVers, very few adding in the DBs.

I know KAV is often first on the ball, but other products where updated the day after, NOD32 4 days after : that's a bad point for ESET whatever they may say about their so called priorities...

[Tinribs]

I will be interested to read any further discussions on this matter, I was an avid user and promoter of Nod32 once, but several instances turned me away from them and this is another example.On three occassions I forwarded a file that Kav had detected but Nod had not, I had zero feedback, and it took, on one occassion, three emails to get a response that it indeed was an infected file.

I fear they, as a company, may be resting on their laurels and believing their own hype.
It is a shame, as they have the technology to 'take over the world' in an a/v stance but they seem to be more concerned polishing their VB100 awards than reacting to0 new and in the wild threats. Please prove me wrong.

[Stan999]

Quote:

Originally Posted by BTW

Hello,

I know KAV is often first on the ball, but other products where updated the day after, NOD32 4 days after : that's a bad point for ESET whatever they may say about their so called priorities...

I run both NOD32 and KAV on different machines.

Seems to me KAV is starting to get behind more and more in adding detections that other AVs detect.

Last piece of malware found was Trojan.DragonBot in aimbot.exe, detected by:

Code:

Scanner  Malware name  
AntiVir  X  
Avast  Win32:Trojano-1302  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
Dr.Web  Trojan.DragonBot  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  X  
Norman Virus Control  X  
VBA32  Trojan.DragonBot  

 
---
 
Last piece of malware found was !LargeGroup^.Backdoor.AntiLamer^.Backdoor.Delphi^.Trojan.LdPinch^
Worm.Bagle^Backdoor.APRE.1 in undetected.exe, detected by:


Scanner  Malware name  
AntiVir  TR/Madtol.A  
Avast  X  
AVG Antivirus  X  
BitDefender  BehavesLike:Win32.ExplorerHijack  
ClamAV  Trojan.W32.Madtol.A.1  
Dr.Web  X  
F-Prot Antivirus  unknown virus  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  Sandbox: W32/Malware  
VBA32  !LargeGroup^.Backdoor.AntiLamer^.Backdoor.Delphi^.
Trojan.LdPinch^.Worm.Bagle^Backdoor.APRE.1  

 
---
 
Last piece of malware found was Backdoor.Small.DL in dfg.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  Backdoor.Small.DL  
ClamAV  Trojan.Small-39  
Dr.Web  BackDoor.Teh  
F-Prot Antivirus  unknown virus  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  Sandbox: W32/Malware  
VBA32  X  

 
Last piece of malware found was Backdoor.Win32.Ciadoor.13 in server4.exe, detected by:

Scanner  Malware name  
AntiVir  BDS/Ciadoor.13.B  
Avast  Win32:Ciadoor-024  
AVG Antivirus  X  
BitDefender  GenPack:Backdoor.Ciadoor.13  
ClamAV  Trojan.Ciadoor.13.C  
Dr.Web  X  
F-Prot Antivirus  W32/Ciadoor.AQ@bd  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  Win32/Ciadoor.13  
Norman Virus Control  X  
VBA32  Backdoor.Win32.Ciadoor.13  

 
Last piece of malware found was probably unknown WIN32 in server1.exe, detected by:

Scanner  Malware name  
AntiVir  BDS/VB.adn.1  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown WIN32  
Norman Virus Control  X  
VBA32  X  

 
---
 
Last piece of malware found was Embedded.Trojan.Win32.Rootkit.h in lx2.exe, detected by:

Scanner  Malware name  
AntiVir  Worm/Rbot.MM.2  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  Exploit.DCOM.Gen  
Dr.Web  Win32.HLLW.MyBot.based  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  X  
VBA32  Embedded.Trojan.Win32.Rootkit.h  

 
---
 
Last piece of malware found was BackDoor.Generic.947 in goettin.zip, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  Trojan.Mosucker-28  
Dr.Web  BackDoor.Generic.947  
F-Prot Antivirus  X  
Fortinet  W32/Mosuck.X-tr  
Kaspersky Anti-Virus  X  
mks_vir  Trojan.Mosucker.Ah  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  X  
VBA32  BackDoor.Generic.947  

 
---
 
Last piece of malware found was probably unknown NewHeur_PE in winwy.exe, detected by:

Scanner  Malware name  
AntiVir  TR/Dldr.Delf.CQ  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
Dr.Web  Trojan.PWS.Lineage  
F-Prot Antivirus  unknown virus  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  X  
VBA32  X  

 
---
 
Last piece of malware found was Trojan.Spybi in aurora.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
Dr.Web  Trojan.Spybi  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  X  
Norman Virus Control  X  
VBA32  Trojan.Spybi  

 
--
 
Last piece of malware found was Embedded.Trojan-Downloader.Win32.ConHook.d in 1_VIRUS.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  Dropped:Trojan.Downloader.ConHook.D  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  X  
Norman Virus Control  X  
VBA32  Embedded.Trojan-Downloader.Win32.ConHook.d  

 
---
 
Last piece of malware found was probably unknown NewHeur_PE in 00005.SPL, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
Dr.Web  Win32.HLLW.Agobot  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  X  
VBA32  X  

 
---
 
Last piece of malware found was Heuristic/Trojan.PwdStealer in 092E89E5.exe, detected by:

Scanner  Malware name  
AntiVir  Heuristic/Trojan.PwdStealer  
Avast  Win32:Haltura-B  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  X  
Norman Virus Control  Sandbox: W32/Backdoor  
VBA32  X  

 
--
 
Last piece of malware found was Trojan.Bankfraud in Important Information From LaSalle Bank Billing Department.eml, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  HTML.Phishing.Bank-1  
Dr.Web  Trojan.Bankfraud  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  X  
Norman Virus Control  X  
VBA32  X  

 
----
 
Last piece of malware found was BehavesLike:Trojan.Downloader in note.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  BehavesLike:Trojan.Downloader  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  Sandbox: W32/Downloader  
VBA32  X  

 
----
 
Last piece of malware found was Trojan.MulDrop.1732 in yod12st275.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
Dr.Web  Trojan.MulDrop.1732  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  Win32.4  
NOD32  X  
Norman Virus Control  X  
VBA32  X  

 
---
 
Last piece of malware found was probably unknown NewHeur_PE in HomeVideo.txt, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
Dr.Web  BackDoor.Generic.806  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  X  
VBA32  X  

 
---
 
Last piece of malware found was Backdoor.VisualBasic.12 in BRAT.zip, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  Backdoor.Generic.941  
ClamAV  X  
Dr.Web  modification of BackDoor.Generic.941  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  X  
VBA32  Backdoor.VisualBasic.12  

 
---
 
Last piece of malware found was Dropped:Trojan.PWS.Ldpinch.AK in krtqvyuh.virus exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  Dropped:Trojan.PWS.Ldpinch.AK  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  Win32  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  Sandbox: W32/Downloader  
VBA32  X  

 
---
 
Last piece of malware found was probably unknown NewHeur_PE in popuper.exe, detected by:

Scanner  Malware name  
AntiVir  TR/Drop.Puper.D.1  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  X  
VBA32  X  

 
---
 
Last piece of malware found was Dropped:Backdoor.Prorat.19 in UPXServer.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  Dropper.Small.15.S  
BitDefender  Dropped:Backdoor.Prorat.19  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  X  
Norman Virus Control  X  
VBA32  X  

 
-----
 
Last piece of malware found was DIAL/Generic dialer in uk_nm.exe, detected by:

Scanner  Malware name  
AntiVir  DIAL/Generic dialer  
Avast  X  
AVG Antivirus  Dialer.26.AC  
BitDefender  BehavesLike:Trojan.StartPage  
ClamAV  Dialer-135  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  Dial/256  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  Sandbox: W32/Malware  
VBA32  X  

 
-----------------
 
Last piece of malware found was probably unknown NewHeur_PE in MMD_Svr.exe, detected by:

Scanner  Malware name  
AntiVir  TR/Spy.Delf.EQ.1  
Avast  X  
AVG Antivirus  X  
BitDefender  BehavesLike:Win32.ExplorerHijack  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  unknown virus  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  X  
VBA32  X  

 
-----
 
Last piece of malware found was BehavesLike:Trojan.LowZones in gclib.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  BehavesLike:Trojan.LowZones  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  unknown virus  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  Sandbox: W32/Malware  
VBA32  X  


 
----
 
Last piece of malware found was Bifrose.D in server.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  Backdoor.Bifrose.D  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  Win32.4  
NOD32  X  
Norman Virus Control  Bifrose.D  
VBA32  X  

 
----
 
Last piece of malware found was Heuristic/Trojan.Downloader in ali.pif, detected by:

Scanner  Malware name  
AntiVir  Heuristic/Trojan.Downloader  
Avast  X  
AVG Antivirus  X  
BitDefender  BehavesLike:Win32.ExplorerHijack  
ClamAV  Trojan.Downloader.Small-213  
Dr.Web  Trojan.Elirt.101  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  Trojan.Trojandownloader.Small.Fk  
NOD32  X  
Norman Virus Control  Sandbox: W32/Downloader  
VBA32  X  

 
----
 
Last piece of malware found was JS/Relink.A in Htm2.zip, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  Exploit.Html.MhtRedir.Gen  
ClamAV  Exploit.HTML.MHTRedir-8  
Dr.Web  Exploit.MhtRedir  
F-Prot Antivirus  X  
Fortinet  HTML/Exploit.Mht  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  HTML/Mht.AP Exploit  
Norman Virus Control  JS/Relink.A  
VBA32  X  

 
---
 
Last piece of malware found was Backdoor.Win32.Evilsock in evilsocks.zip, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  Trojan.Evilsock  
NOD32  X  
Norman Virus Control  X  
VBA32  Backdoor.Win32.Evilsock  

 
----
 
Last piece of malware found was probably unknown NewHeur_PE in server.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  Trojan.Runup.10-srv-2  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  Trojan.Xcv  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  X  
VBA32  X  

 
------
 
Last piece of malware found was Trojan-Downloader.Win32.Agent.ex in testinst.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  Downloader.Agent.12.AF  
BitDefender  X  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  W32/Agent.EX-tr  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  X  
Norman Virus Control  X  
VBA32  Trojan-Downloader.Win32.Agent.ex  

 
----------
 
Last piece of malware found was Trojan-Downloader.Win32.Agent.ex in ViaSky.zip, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  Downloader.Agent.12.AF  
BitDefender  X  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  W32/Agent.EX-tr  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  X  
Norman Virus Control  X  
VBA32  Trojan-Downloader.Win32.Agent.ex  

 
-----
 
Last piece of malware found was Worm/SdBot.57334.A in Edited2.exe, detected by:

Scanner  Malware name  
AntiVir  Worm/SdBot.57334.A  
Avast  X  
AVG Antivirus  X  
BitDefender  BehavesLike:Win32.IRC-Backdoor  
ClamAV  Trojan.SdBot-279  
Dr.Web  X  
F-Prot Antivirus  unknown virus  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  Sandbox: W32/Malware  
VBA32  X  

 
----
 
Last piece of malware found was probably unknown NewHeur_PE in Data_1.bin, detected by:

Scanner  Malware name  
AntiVir  TR/Dldr.Bandos.C  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  X  
VBA32  X  

 
-----
 
Last piece of malware found was Trojan.LdPinch.1 in s3.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  Win32/Prorat.16  
Norman Virus Control  X  
VBA32  Trojan.LdPinch.1  

 
-----------
 
Last piece of malware found was probably unknown NewHeur_PE in burn.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  Win32:Ciadoor-024  
AVG Antivirus  X  
BitDefender  Backdoor.VB.ASB  
ClamAV  X  
Dr.Web  BackDoor.Generic.920  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  X  
VBA32  X  

 
------
 
Last piece of malware found was Win32.HLLW.NetSky.c in rx7-encrypt.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  Sandbox: W32/Gaobot.gen  
VBA32  Unknown.Win32Virus  

----
 
Last piece of malware found was Trojan.Trojandownloader.Small.Eo in mHOn.exe, detected by:

Scanner  Malware name  
AntiVir  TR/Dldr.Small.EO  
Avast  Win32:Trojano-271  
AVG Antivirus  X  
BitDefender  BehavesLike:Win32.ExplorerHijack  
ClamAV  Trojan.Downloader.TFWB  
Dr.Web  Trojan.DownLoader.3072  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  Trojan.Trojandownloader.Small.Eo  
NOD32  X  
Norman Virus Control  X  
VBA32  X  

 
 
----------
 
Last piece of malware found was Backdoor.Win32.Bifrose.d in server.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  Win95  
NOD32  probably unknown WIN32  
Norman Virus Control  Bifrose.D  
VBA32  Backdoor.Win32.Bifrose.d  

 
------
 
Last piece of malware found was Unknown.Win32Virus in (EFZ) LongBOt.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
Dr.Web  Trojan.DragonBot  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  X  
Norman Virus Control  X  
VBA32  Unknown.Win32Virus  

 
-------
 
Last piece of malware found was probably unknown NewHeur_PE in csmss32.exe, detected by:

Scanner  Malware name  
AntiVir  TR/Proxy.Agent.CK.1  
Avast  Win32:Trojan-gen.  
AVG Antivirus  X  
BitDefender  Trojan.Agent.DO  
ClamAV  X  
Dr.Web  BackDoor.Zorro  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  X  
VBA32  X  

 
-----
 
Last piece of malware found was Embedded.Trojan.Win32.Rootkit.h in shited.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  Sandbox: W32/Malware  
VBA32  Embedded.Trojan.Win32.Rootkit.h  

 
-------
 
Last piece of malware found was probably unknown NewHeur_PE in bogieman.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  Sandbox: W32/Malware  
VBA32  X  

 
 
-------
 
Last piece of malware found was probably unknown NewHeur_PE in rBot.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  BehavesLike:Win32.IRC-Backdoor  
ClamAV  X  
Dr.Web  Win32.HLLW.ForBot  
F-Prot Antivirus  unknown virus  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  X  
VBA32  X  

 
----------------
 
Last piece of malware found was probably unknown NewHeur_PE in sdbot05b.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  Backdoor.SDBot.78116B39  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  unknown virus  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  X  
VBA32  X  

 
-------------
 
Last piece of malware found was probably unknown NewHeur_PE in p1.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  Trojan.Mosucker-28  
Dr.Web  BackDoor.Generic.947  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  Trojan.Mosucker.Ah  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  X  
VBA32  X  

 
------
 
 
Last piece of malware found was Win32/VB.NAD in smss.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  Trojan.Vb.Nad  
NOD32  Win32/VB.NAD  
Norman Virus Control  X  
VBA32  X  

 
 
------
 
Last piece of malware found was BehavesLike:Win32.FileInfector in Stubbos.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  BehavesLike:Win32.FileInfector  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  unknown virus  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  Sandbox: W32/Malware  
VBA32  X  


 
-------
 
Last piece of malware found was probably unknown NewHeur_PE in ForBot-NoSSL.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  Backdoor.SDBot.68B55F76  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  X  
VBA32  X  

 
---------
 
Last piece of malware found was Dropped:Backdoor.Bifrose.D in tester.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  Dropped:Backdoor.Bifrose.D  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  Win32/TrojanDropper.Small.FK  
Norman Virus Control  Sandbox: W32/Malware  
VBA32  X  

 
-------
 
Last piece of malware found was probably unknown CRYPT.WIN32 in build3xing.exe, detected by:

Scanner  Malware name  
AntiVir  TR/Click.Small.DN.3  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  Trojan.Rbot.GEN-3  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  W32.Generic  
NOD32  probably unknown CRYPT.WIN32  
Norman Virus Control  X  
VBA32  X  

 
-----
 
Last piece of malware found was Heuristic/Backdoor.IRCBot in vegasbot.exe, detected by:

Scanner  Malware name  
AntiVir  Heuristic/Backdoor.IRCBot  
Avast  X  
AVG Antivirus  IRC/BackDoor.SdBot  
BitDefender  Backdoor.SDBot.3667B92B  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  unknown virus  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  Sandbox: W32/Backdoor  
VBA32  X  

 
-------------
 
Last piece of malware found was Win32/Beastdoor.207.B in 91826740_server.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  Backdoor.Beastdoor.207.B  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  Win32.4  
NOD32  Win32/Beastdoor.207.B  
Norman Virus Control  X  

 
--------
 
Last piece of malware found was HackerTool/Cracksearch in CrackSearcher.rar, detected by:

Scanner  Malware name  
AntiVir  PMS/CrackSearch.A possible malicious software  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
Dr.Web  not a virus Tool.CrackSearch  
F-Prot Antivirus  X  
Fortinet  HackerTool/Cracksearch  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  X  
Norman Virus Control  X  


 
--------
 
Last piece of malware found was probably unknown NewHeur_PE in virus.eee, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  Win32.Mydoom.1.Gen@mm  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  Win32.4  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  X  

 
-----
 
Last piece of malware found was Win32/TrojanDropper.Small.NBO in rocked.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  Win32.4  
NOD32  Win32/TrojanDropper.Small.NBO  
Norman Virus Control  X  

 
-------
 
Last piece of malware found was W32/StartPage-tr in geoe.dll, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  Win32:StartPage-080  
AVG Antivirus  X  
BitDefender  X  
ClamAV  Trojan.Startpage-215  
Dr.Web  Trojan.StartPage.581  
F-Prot Antivirus  X  
Fortinet  W32/StartPage-tr  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  X  
Norman Virus Control  X  

 
-----
 
Last piece of malware found was probably unknown NewHeur_PE in document.htm.pi_, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  Win32.Mydoom.1.Gen@mm  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  Win32.4  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  X  

 
---------
 
 
Last piece of malware found was W32/Bagle.Gen!Rar in Encrypted.rar, detected by:

Scanner  Malware name  
AntiVir  Heuristic/PwdRAR  
Avast  RarPSW  
AVG Antivirus  X  
BitDefender  Win32.Bagle.M (RAR)  
ClamAV  Worm.Bagle.Gen-rarpwd  
Dr.Web  Win32.HLLM.Beagle.pswzip  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  Win32/Bagle.gen.rar  
Norman Virus Control  W32/Bagle.Gen!Rar  

 
-----------
 
Last piece of malware found was Win32/DSNX.05 in 999.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  Win32/DSNX.05  
Norman Virus Control  Sandbox: W32/Malware  

 
--------
 
 
Last piece of malware found was Trojan.Littlewitch.61.Aa in Pena ;(.exe, detected by:

Scanner  Malware name  
AntiVir  Heuristic/Trojan.PwdStealer  
Avast  X  
AVG Antivirus  BackDoor.LittleWitch.DD  
BitDefender  Backdoor.LittleWitch.6.1.V  
ClamAV  X  
Dr.Web  BackDoor.LWitch.61  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  Trojan.Littlewitch.61.Aa  
NOD32  X  
Norman Virus Control  X  

 
------------
 
Last piece of malware found was BackDoor.Seed.11 in pic1.exe, detected by:

Scanner  Malware name  
AntiVir  BDS/Seed.11.A  
Avast  X  
AVG Antivirus  X  
BitDefender  X  
ClamAV  Trojan.Seed-1  
Dr.Web  BackDoor.Seed.11  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  X  
Norman Virus Control  X  

 
------
 
Last piece of malware found was W32/PWSteal-tr in IFinst25.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  Backdoor.IzRam.1.7  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  W32/PWSteal-tr  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  X  
Norman Virus Control  X  

 
--------
 
Last piece of malware found was Trojan.Downloader.Delf.Jy in cartao.scr, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  Trojan.Downloader.Delf.JI  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  X  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  Trojan.Downloader.Delf.Jy  
NOD32  X  
Norman Virus Control  X  

 
----------------------
Last piece of malware found was BehavesLike:Trojan.Downloader in ifc.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  BehavesLike:Trojan.Downloader  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  unknown virus  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  X  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  Sandbox: W32/Downloader  

 
---------
 
Last piece of malware found was Dropped:Win32.Worm.Kiph.A in main.exe, detected by:

Scanner  Malware name  
AntiVir  X  
Avast  X  
AVG Antivirus  X  
BitDefender  Dropped:Win32.Worm.Kiph.A  
ClamAV  X  
Dr.Web  X  
F-Prot Antivirus  unknown virus  
Fortinet  X  
Kaspersky Anti-Virus  X  
mks_vir  Win32  
NOD32  probably unknown NewHeur_PE  
Norman Virus Control  Sandbox: W32/P2PWorm  

 
-----------
 
Last piece of malware found was W32/SDBot.CWI in rfc.exe, detected by:

Scanner  Malware name  Time taken  
AntiVir  Worm/SdBot-43744  0.39 seconds  
Avast  Win32:SdBot-1245  1.53 seconds  
AVG Antivirus  IRC/BackDoor.SdBot.154.AT  0.54 seconds  
BitDefender  X  0.53 seconds  
ClamAV  X  0.61 seconds  
Dr.Web  X  0.91 seconds  
F-Prot Antivirus  X  0.13 seconds  
Fortinet  X  0.45 seconds  
Kaspersky Anti-Virus  X  1.03 seconds  
mks_vir  Win32  0.23 seconds  
NOD32  X  0.49 seconds  
Norman Virus Control  W32/SDBot.CWI  0.23 seconds  

 
-----------------
 
Last piece of malware found was Dropped:Trojan.Agent.DN in m2.exe, detected by:

Scanner  Malware name  Time taken  
AntiVir  X  0.42 seconds  
Avast  X  1.53 seconds  
AVG Antivirus  X  0.56 seconds  
BitDefender  Dropped:Trojan.Agent.DN  0.60 seconds  
ClamAV  Trojan.Dropper.Purityscan.F  0.66 seconds  
Dr.Web  X  0.94 seconds  
F-Prot Antivirus  X  0.18 seconds  
Fortinet  X  0.49 seconds  
Kaspersky Anti-Virus  X  1.07 seconds  
mks_vir  X  0.47 seconds  
NOD32  Win32/TrojanDropper.PurityScan.G.gen  0.60 seconds  
Norman Virus Control  Sandbox: W32/Malware  22.03 

----------------------------------------------------------------------------------
 
Last piece of malware found was probably unknown NewHeur_PE in hmzz.exe, detected by:

Scanner  Malware name  Time taken  
AntiVir  BDS/Optix.Pro.13.28  0.81 seconds  
Avast  Win32:Optix-J  3.08 seconds  
AVG Antivirus  X  1.12 seconds  
BitDefender  Backdoor.OptixPro.1.Gen  1.16 seconds  
ClamAV  Trojan.PWS.Wexd  1.54 seconds  
Dr.Web  X  1.71 seconds  
F-Prot Antivirus  X  0.19 seconds  
Fortinet  X  0.88 seconds  
Kaspersky Anti-Virus  X  2.12 seconds  
mks_vir  Trojan.Optix.Pro.13  0.43 seconds  
NOD32  probably unknown NewHeur_PE  1.07 seconds  
Norman Virus Control  X  0.64 seconds

[Marcos]

Yep, we've got hundreds (if not thousands) of samples detected only by NOD32 that all other AV/AS/AT have missed. But this is not the right thread for comparing NOD32 vs other AV.

[Tinribs]

Do you also keep the examples detected by other a/v firms before Nod32 does? if so can we have a list?
My only example I can go on does entail the three files I provided via Marco and Jan that were (all of a sudden ) detected several days after |I admitted them, and still with zero email response until I went through wilders

Quote:

Originally Posted by Marcos

Yep, we've got hundreds (if not thousands) of samples detected only by NOD32 that all other AV/AS/AT have missed. But this is not the right thread for comparing NOD32 vs other AV.

My purpose is not to compare AV, I like and run NOD32 but to understand why a simple variant of a well known worm is not detected by advanced heuristic, why it takes so long to add a sig in the DB and why no feedback after a sample submission ?
After all, I don't care about this malware, even without AV it could not infect me and even if I infected myself purposely I could clean up manually in a breeze
I do think the biggest problem about NOD32 is communication with their users and never admitting that as any other product it's not perfect.

[NOD32 user]

Quote:

Originally Posted by BTW

... and why no feedback after a sample submission ?

I heard on the grapevine that ESET recieved in the order of 1300 samples yesterday(or the day before). I don't expect them to personally respond to each of them.

Quote:

Originally Posted by BTW

...and never admitting that as any other product it's not perfect.

"Some antivirus companies claim "100% virus detection" for their programs.

We wouldn't dare to insult your intelligence with such a claim !!!" -->HERE<--

Quote:

Originally Posted by NOD32 user

I heard on the grapevine that ESET recieved in the order of 1300 samples yesterday(or the day before). I don't expect them to personally respond to each of them."Some antivirus companies claim "100% virus detection" for their programs.

They should be able to send an automatic answer, shouldn't they ?

Quote:

We wouldn't dare to insult your intelligence with such a claim !!!" -->HERE<--

Nobody but Viguard from TEGAM claimed such a stupidity and it is no antivirus but a blocker...
BTW, saying there are other priorities than protecting against a worm installing a trojan backdoor : sneak oil too :-D

Read my post : I don't say NOD32 should detect all malwares, I wonder why they don't add a sig faster and why advanced heuristic does not detect a simple variant of a well know worm.

[Stan999]

Quote:

Originally Posted by BTW

Read my post : I don't say NOD32 should detect all malwares, I wonder why they don't add a sig faster and why advanced heuristic does not detect a simple variant of a well know worm.

Just because it didn't detect this specific IRC Bot with their AH, I would still have to say that NOD32's advance heuristic is one of the best and provides some significan zero-hour detection over some of the other AVs.

I suppose one could single out any AV and then show they were a bit slow on the uptake for some specific threat at times.

[NOD32 user]

Quote:

Originally Posted by BTW

They should be able to send an automatic answer, shouldn't they ?



Nobody but Viguard from TEGAM claimed such a stupidity and it is no antivirus but a blocker...
BTW, saying there are other priorities than protecting against a worm installing a trojan backdoor : sneak oil too :-D

Read my post : I don't say NOD32 should detect all malwares, I wonder why they don't add a sig faster and why advanced heuristic does not detect a simple variant of a well know worm.

I'm sorry, I probably should have elaborated on what I meant a little more. I was really just wanting to mention that as any other AV vendor ought to admit freely, NOD32 is not trying to suggest it's perfect. This was a specific response to your post 'never admitting that as any other product it's not perfect'. I really wasn't trying to have a dig at you or anything like that - just passing on some information that I though might be helpful to you in light of your post.
I have to admit that even an automatic response to submissions would be welcomed - at least then people know it has been recieved. I don't know what else specifically ESET had on their plate at the time but I'm glad that they have a system for prioritising the adding signatures - even if it doesn't always work out perfectly. I'm glad they have a specific intent to provide the best possible protection.

[Marcos]

There is a system for automatic and manual submission of samples in v. 2.50. After a file has been submitted successfully, a record will appear in the Event log.

Its under early warning/Advanced, it gives you an option for Nod32 to ask if you want to submit the sample or submit the sample without asking.

Quote:

Originally Posted by Carver

Its under early warning/Advanced, it gives you an option for Nod32 to ask if you want to submit the sample or submit the sample without asking.

Seems to me but didn't check that's for submitting suspected files found by NOD32 and/or in quarantine. This file was not suspected by NOD32 => I sent it from Outlook.

That still doesn't confirm or acknowledge that ESET got the file.......only that it was sent by the user. How difficult would it be to have the submission email address send back an autoreply? Thousands of folks do it........why can't ESET?

[Marcos]

The message a file has been submitted to Eset for analysis appears in the log after the server has confirmed receipt of the file.