Does Nod32 detect Win32.Bube.d -or any variety thereof?

From viruslist.com:

We are currently seeing an increase in cases which involve file infecting AdWare.

These new viruses are more sophisticated than the one we previously reported and append malicious code to Windows' explorer.exe. The viruses belong to the Virus.Win32.Bube family.

For example, Virus.Win32.Bube.d downloads AdWare and Trojans, including: AdWare.ISearch.d, Trojan-Clicker.Win32.Agent.bn, Trojan.Win32.LowZones.ai and PornWare.Dialer.Salc.

Disinfection in this case is tricky, as explorer.exe is an important Windows process. Additionally, the malware tries to prevent removal by disabling system restore, infecting the explorer.exe residing in %sysdir%\dllcache and lowering overall system security.

 

You could do a search here for Bube

http://www.nod32usa.com/nod32-updates/

 

I did but didn't find any reference to Bube.d

 

NOD32 - v.1.1027 (20050316)
Virus signature database updates:
IRC/SdBot.DTK, VBS/TrojanDropper.Inor.CJ, VBS/TrojanDropper.Small.A, Win32/Afcore.BV, Win32/Agobot.ASS, Win32/Bube.D,...............

 

Yep, you are correct. Thanks.

The next question (just curious, my pc does not have this infection): Does Nod32 clean it without deleting the desktop? I found this info at:
http://www.thespykiller.co.uk/bube.htm

 

I didn't find it at first - I mis-read your virus name as bude.d - after searching for the CORRECT virus, it was found and other members of the family were found in lots of updates:

NOD32 - v.1.1077 (20050425)
Virus signature database updates:
IRC/SdBot.DUQ, IRC/SdBot.DUR, IRC/SdBot.DUS, MSAccess/Exploit.Jet.A, SymbOS/Fontal.A, SymbOS/Hobble.A, SymbOS/Skulls.I, Win32/Adware.ISTbar, Win32/Bube.M, Win32/Delf.NAI, Win32/Delf.NBA, Win32/Delf.YS, Win32/Dislex.A, Win32/Kelvir.AD, Win32/Kelvir.AE, Win32/Kelvir.AF, Win32/Kelvir.AG, Win32/Kelvir.AH, Win32/Kelvir.AI, Win32/Kelvir.AJ, Win32/Mytob.BJ, Win32/Mytob.BK, Win32/Nethief.N, Win32/Rbot.DSQ, Win32/RiskWare.FreeScratchCards, Win32/RiskWare.FreeScratchCards.downloader, Win32/Spy.Bancos.EO, Win32/Spyboter.NFC, Win32/TrojanDownloader.Delf.KP, Win32/TrojanDownloader.IstBar.IS, Win32/TrojanDownloader.Small.AQS, Win32/TrojanDropper.Agent.JI, Win32/TrojanDropper.Small.NBU, Win32/TrojanDropper.VB.NAF

NOD32 - v.1.1059 (20050412)
Virus signature database updates:
VBS/TrojanDownloader.Psyme.NAN, Win32/Agent.CP, Win32/Antinny.AE, Win32/Bube.L, Win32/Buchon.N, Win32/Mytob.AM, Win32/Mytob.AN, Win32/Mytob.AO, Win32/Protoride.NBD, Win32/PSW.Lineage.AW, Win32/Riler.E, Win32/Small.EF, Win32/Spy.Qukart.W, Win32/Spy.Turtuk.17, Win32/Tjspec.11.A, Win32/TrojanDownloader.Agent.NCH, Win32/TrojanDownloader.Ani.C, Win32/TrojanDownloader.Dluca, Win32/TrojanDownloader.INService.DW, Win32/TrojanDownloader.IstBar.IO, Win32/TrojanDownloader.Qoologic.I, Win32/TrojanDownloader.Small.ARO, Win32/TrojanDownloader.Small.ARR, Win32/TrojanDropper.Small.WN, Win32/TrojanProxy.Mitglieder, Win32/VB.TH

NOD32 - v.1.1033 (20050323)
Virus signature database updates:
IRC/SdBot.DTZ, IRC/SdBot.DUA, SymbOS/Cabir.U, SymbOS/Skulls.C, Win32/Adware.FunWeb, Win32/Bube.K, Win32/Crowt.C, Win32/Haxdoor.CG, Win32/KeyLogger.Casper, Win32/Kipis.T, Win32/Kipis.U, Win32/Mytob.I, Win32/SpyBot.APE, Win32/TrojanClicker.Agent.NAE

NOD32 - v.1.1027 (20050316)
Virus signature database updates:
IRC/SdBot.DTK, VBS/TrojanDropper.Inor.CJ, VBS/TrojanDropper.Small.A, Win32/Afcore.BV, Win32/Agobot.ASS, Win32/Bube.D, Win32/Buchon, Win32/Buchon.J, Win32/Dialer.Egroup.1058, Win32/Dialer.Egroup.M, Win32/Poebot, Win32/Poebot.NAK, Win32/Poebot.NAL, Win32/Radmin.J, Win32/Rammer.A, Win32/Rammer.B, Win32/Rbot.DRE, Win32/Rbot.DRF, Win32/Rbot.DRG, Win32/RiskWare.ExitWin.B, Win32/Shellfur.A, Win32/StartPage.NDE, Win32/StartPage.NDF, Win32/StartPage.NDG, Win32/StartPage.NDH, Win32/StartPage.NDI, Win32/StartPage.NDJ, Win32/TrojanClicker.Agent.BR, Win32/TrojanDownloader.Agent.NBW, Win32/TrojanDownloader.Dyfica.DX, Win32/TrojanDownloader.FZ, Win32/TrojanDownloader.NAG, Win32/TrojanDownloader.Small.AKJ, Win32/TrojanDownloader.WarSpy.B, Win32/TrojanDownloader.WinShow.NAL, Win32/TrojanDropper.Small.NBI, Win32/TrojanDropper.Small.NBJ, Win32/TrojanDropper.Small.NBK, Win32/TrojanDropper.Small.NBL, Win32/TrojanDropper.Small.SC, Win32/TrojanDropper.Small.SH, Win32/TrojanDropper.Small.SJ, Win32/TrojanDropper.Small.SL, Win32/TrojanDropper.Small.SM, Win32/TrojanDropper.Small.SO, Win32/TrojanDropper.Small.SU, Win32/TrojanDropper.Small.SX, Win32/TrojanDropper.Small.SY, Win32/TrojanDropper.Small.TO, Win32/TrojanProxy.Agent.CC, Win32/TrojanProxy.Agent.DS, Win32/TrojanProxy.Mitglieder.CW, Win32/VB.D, Win32/VB.M

NOD32 - v.1.1022 (20050309)
Virus signature database updates:
HTML/Mht.AM, HTML/Mht.AN, IRC/SdBot.DTC, IRC/SdBot.DTF, JS/TrojanDownloader.Psyme.AB, JS/TrojanDownloader.Psyme.AH, JS/TrojanDownloader.Small.V, SymbOS/CommWarrior.A, SymbOS/Dampig.A, VBS/Exploit.Phel.F, VBS/TrojanDownloader.Phel.G, Win32/Adware.GloboSearch, Win32/Adware.IGetNet, Win32/Adware.MegaSearch, Win32/Adware.Serch, Win32/Adware.WildTangent, Win32/Agobot.ASO, Win32/Agobot.ASP, Win32/BackAttack.16, Win32/Bropia, Win32/Bropia.N, Win32/Bube.F, Win32/DarkMoon.B, Win32/Delf.NAN, Win32/Delf.QL, Win32/Delf.UW, Win32/Dialer, Win32/Dialer.RAS.J, Win32/EvilNet.B, Win32/Exploit.Roxo.A, Win32/ExplorerRemoto.A, Win32/Goldid.F, Win32/Lowzones, Win32/Lowzones.AX, Win32/Lowzones.AY, Win32/Myfip.Q, Win32/Protoride.NBA, Win32/PSW.LdPinch.NAY, Win32/PSW.Lmir.YK, Win32/PSW.StealPass.A, Win32/PSW.StealPass.B, Win32/Rbot.DQB, Win32/Rbot.DQC, Win32/Rbot.DQD, Win32/Rbot.DQE, Win32/Robobot.P, Win32/SdBoter.L, Win32/Singu.Q, Win32/Singu.R, Win32/Small.B, Win32/Small.CU, Win32/Spy.Banker, Win32/Spy.Banker.gen, Win32/Spy.Banker.NDQ, Win32/Sumom.B, Win32/TrojanDownloader.Agent.KF, Win32/TrojanDownloader.Agent.NBV, Win32/TrojanDownloader.IstBar.HQ, Win32/TrojanDownloader.IstBar.NAX, Win32/TrojanDownloader.Keenval.NAA, Win32/TrojanDownloader.Murlo.C, Win32/TrojanDownloader.Small.AKA, Win32/TrojanDownloader.Small.AMX, Win32/TrojanDownloader.Small.NCN, Win32/TrojanDownloader.Small.NCO, Win32/TrojanDownloader.WarSpy.A, Win32/TrojanDownloader.Wintrim.AR, Win32/TrojanDropper.Agent.FM, Win32/TrojanDropper.Microjoin.I, Win32/TrojanDropper.Microjoin.NAB, Win32/TrojanDropper.Microjoin.NAC, Win32/TrojanDropper.Microjoin.Q, Win32/TrojanDropper.Microjoin.R, Win32/TrojanDropper.Microjoin.S, Win32/TrojanDropper.Microjoin.U, Win32/TrojanDropper.Microjoin.V, Win32/TrojanDropper.MultiJoiner.17, Win32/TrojanDropper.MultiJoiner.17.drp, Win32/TrojanDropper.Small.PA, Win32/TrojanDropper.Small.SE, Win32/TrojanDropper.Small.SW, Win32/TrojanDropper.Small.TY, Win32/TrojanDropper.Small.UE, Win32/TrojanProxy.Migmaf.NAA, Win32/TrojanProxy.Mitglieder.BI, Win32/TrojanProxy.Small.BH, Win32/Tsack.E, Win32/VB.TA, Win32/Wootbot.AD, Win32/Wootbot.NIA, Win32/Wootbot.NIB

NOD32 - v.1.1016 (20050301)
Virus signature database updates:
Java/Flooder.NewsAgent.110, Java/Flooder.NewsAgent.111.C, Win32/Agobot.AOT, Win32/Bube.G, Win32/Codbot.O, Win32/Dialer.AD, Win32/Haxdoor.BZ, Win32/Lowzones.B, Win32/PSW.LdPinch.EI, Win32/Rbot.CZE, Win32/Rbot.CZF, Win32/Rbot.CZG, Win32/Rbot.CZH, Win32/Rbot.CZI, Win32/Rbot.CZJ, Win32/Rbot.DAA, Win32/StartPage.NCZ, Win32/StartPage.NDA, Win32/StartPage.NDB, Win32/StartPage.QY, Win32/TrojanDownloader.Agent.JV, Win32/TrojanDownloader.Delf.JF, Win32/TrojanDownloader.Domcom.C, Win32/TrojanDownloader.VB.HF, Win32/TrojanDownloader.Vivia.C, Win32/TrojanDownloader.Vivia.D, Win32/TrojanDownloader.Vivia.F, Win32/TrojanDownloader.Vivia.H, Win32/TrojanDownloader.Vivia.I, Win32/TrojanDownloader.Vivia.M, Win32/TrojanDownloader.Vivia.O, Win32/TrojanDropper.Agent.EB

NOD32 - v.1.1005 (20050221)
Virus signature database updates:
Exploit.HTML.IframeBof, IRC/SdBot.DDD, PSW.Joky.A, Reg.LowZones.E, VBS/Phel.A, Win32/Agobot.AGV, Win32/Agobot.AGW, Win32/Antilam.20.NAA, Win32/Bropia.I, Win32/Bropia.J, Win32/Bube.C, Win32/Codbot.J, Win32/Hiddenrun, Win32/HideExec.B, Win32/Korgo.AI, Win32/Makecall.NA, Win32/Muce.A, Win32/Nemsi.B, Win32/Padodor.AQ, Win32/Padowor.A, Win32/PassView.1_51, Win32/PassView.1_62, Win32/PerfectKeylogger, Win32/PSW.Antigen.A, Win32/PSW.Defeg.A, Win32/PSW.INet20, Win32/PSW.KeyLogger.CB, Win32/PSW.Legendmir.MG, Win32/PSW.Legendmir.Z, Win32/PSW.Lomaster.A, Win32/PSW.Madzumba.A, Win32/PSW.Mirpn.50.A, Win32/PSW.Mirpn.50.H, Win32/PSW.Mirpn.50.I, Win32/PSW.Netax.A, Win32/PSW.PdPinch.A, Win32/PSW.QQPass.AP, Win32/PSW.Teleb.A, Win32/Randon.BM, Win32/Rbot.CRK, Win32/Rbot.CRL, Win32/Rbot.CRM, Win32/Rbot.CRN, Win32/Rbot.CRO, Win32/Spy.Sigatarius.5401.B, Win32/Spy.Sincom.F, Win32/Spy.Small.AO, Win32/TrojanDownloader.Agent.NBR, Win32/TrojanDownloader.Devsog.741, Win32/TrojanDownloader.Small.AGG, Win32/TrojanDownloader.Small.DF, Win32/TrojanDownloader.Small.ES, Win32/TrojanDropper.Agent.DS, Win32/TrojanDropper.Delf.CH, Win32/TrojanDropper.Delf.DT, Win32/TrojanDropper.Delf.DU, Win32/TrojanDropper.Delf.HU, Win32/TrojanDropper.Mudrop.D, Win32/TrojanDropper.OnlineService.A, Win32/TrojanDropper.Small.PO, Win32/TrojanProxy.Agent.DO, Win32/TrojanProxy.Daemonize.E, Win32/Webdor.M, Win32/Wootbot.AR

NOD32 - v.1.994 (20050209)
Virus signature database updates:
IRC/SdBot.DBX, IRC/SdBot.DBY, IRC/SdBot.DBZ, Java/Exploit.Bytverify.I, Java/TrojanDownloader.Beyond.D, Story.NAA, Win32/Agobot.AEU, Win32/Agobot.AEV, Win32/Bobax.P, Win32/Bube.B, Win32/Dialer.EroDial, Win32/Kipis.M, Win32/Onamu.B1, Win32/Rbot.CQH, Win32/Rbot.CQI, Win32/Rbot.CQJ, Win32/Rbot.CQK, Win32/Rbot.CQL, Win32/Robobot.NAA, Win32/Spy.Agent.CO, Win32/Spy.Banbra.BE, Win32/StartPage.PB, Win32/StartPage.UQ, Win32/TrojanClicker.Agent.BW, Win32/TrojanDownloader.Monurl.NAC, Win32/TrojanDownloader.Small.AAA, Win32/TrojanDownloader.Small.AGY, Win32/TrojanDownloader.Small.AIQ, Win32/TrojanDownloader.Small.AJB, Win32/TrojanDownloader.Small.ZD, Win32/TrojanDropper.Agent.CC, Win32/TrojanDropper.PurityScan.G.gen, Win32/TrojanDropper.Small.NBD, Win32/TrojanDropper.Small.OJ, Win32/TrojanDropper.Small.PE, Win32/TrojanDropper.Small.PG, Win32/TrojanProxy.Agent.CY, Win32/TrojanProxy.Agent.DF, Win32/TrojanProxy.Agent.NAJ, Win32/TrojanProxy.Small.BA, Win32/Wootbot.NHU

Interestingly, I didn't find "Bube.A" anywhere...

hth

Greg

 

Does Nod32 clean/delete Win32.bube.d without removing desktop

The next question (just curious, my pc does not have this infection): Does Nod32 clean it without deleting the desktop? I found this info at:

http://www.thespykiller.co.uk/bube.htm

Since this part of my previous post was ignored, I am posting the question again.

 

Re: Does Nod32 clean/delete Win32.bube.d without removing desktop

Happy Bytes should be able to answer this question. You might want to send him a PM with this question.