Email Archive Scanning

Discussion in 'ESET NOD32 Antivirus' started by Mwh65, Sep 8, 2008.

Thread Status:
Not open for further replies.
  1. Mwh65

    Mwh65 Registered Member

    May 8, 2008
    I have been having problems with certain emails that have a Zip file attached with a filename of Fees_2008-2009.exe.doc.

    If I extract the file from the Zip EAV does nothing and happily extracts it.

    If I execute the file EAV does nothing until the worms get downloaded and then they are removed.

    When this happens though due to the nature of one of the worms, Win32/AutoRun.YK, a registry entry is added which prevents the display of the desktop icons upon reboot.

    The following are detected ...

    Win32/AutoRun.YK worm
    Win32/TrojanDownloader.FakeAlert.IQ trojan
    Win32/Adware.UltimateDefender application
    Win32/TrojanDownloader.Wigon.AI trojan
    Win32/RootKit.Agent.NGN trojan

    I have set EAV to scan for everything so I now wonder why this file does not get scanned and quarantined when the email arrives !!!

    Your help is much appreciated.
  2. PaulB2005

    PaulB2005 Registered Member

    Apr 19, 2005
    Probably because the initial file (Fees_2008-2009.exe.doc) isn't detected yet. Have you submitted it to ESET yet? These downloader viruses change all the time so it's difficult to keep on top of them.
Thread Status:
Not open for further replies.