Email Archive Scanning

Discussion in 'ESET NOD32 Antivirus' started by Mwh65, Sep 8, 2008.

Thread Status:
Not open for further replies.
  1. Mwh65

    Mwh65 Registered Member

    Joined:
    May 8, 2008
    Posts:
    17
    I have been having problems with certain emails that have a Zip file attached with a filename of Fees_2008-2009.exe.doc.

    If I extract the file from the Zip EAV does nothing and happily extracts it.

    If I execute the file EAV does nothing until the worms get downloaded and then they are removed.

    When this happens though due to the nature of one of the worms, Win32/AutoRun.YK, a registry entry is added which prevents the display of the desktop icons upon reboot.

    The following are detected ...

    Win32/AutoRun.YK worm
    Win32/TrojanDownloader.FakeAlert.IQ trojan
    Win32/Adware.UltimateDefender application
    Win32/TrojanDownloader.Wigon.AI trojan
    Win32/RootKit.Agent.NGN trojan

    I have set EAV to scan for everything so I now wonder why this file does not get scanned and quarantined when the email arrives !!!

    Your help is much appreciated.
     
    Mwh65, Sep 8, 2008
    #1
  2. PaulB2005

    PaulB2005 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    525
    Probably because the initial file (Fees_2008-2009.exe.doc) isn't detected yet. Have you submitted it to ESET yet? These downloader viruses change all the time so it's difficult to keep on top of them.
     
    PaulB2005, Sep 8, 2008
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...