At what Sign. Update are we protect against this kind of Backdoor etc. ? Because, this are the results of other av-companies dated 27.07.2006 AntiVir BDS/Zapchast.BT Avast! Win32:Hidewnd [Trj] AVG HideWindow (Trojan horse) BitDefender Spyware.Adspace.DLL ClamAV Trojan.IRC.Flood.AQ Command -/- Dr Web Trojan.Flood.22016 eSafe Win32.Polipos.sus eTrust-INO Win32/IRCFLood.6ra!Dropper eTrust-VET -/- Ewido -/- F-Prot virus dropper F-Secure Backdoor.IRC.Zapchast Fortinet Misc/MIRC Ikarus -/- Kaspersky not-a-virus:RiskTool.Win32.HideWindows McAfee HideWindow (potentially unwanted program) Microsoft Tool:Win32/HideWindows Nod32 -/- Norman -/- Panda Trj/Multidropper.BLU QuickHeal -/- Sophos Troj/Zapchas-BT Symantec -/- Trend Micro -/- UNA -/- VBA32 BackDoor.IRC.based VirusBuster Trojan.DR.Flood.BM WebWasher Trojan.Zapchast.BT
Backdoor? Why do you say that? Does the sample, when run, give outside users remote access to your PC? It doesn't look like a backdoor trojan according to most of the results in what you've listed (i.e. "not-a-virus...", "... potentially unwanted program", "Tool..." etc.) Where do you get your results from? NOD32 is usually good at detecting these "not-a-virus:RiskTool.Win32.HideWindows" samples if you have set it to also detect Potentially dangerous applications. NOD32 detects all 7 variants I have of this sample at least.
@kjempen Sorry, you're right. I do not exactly know what it was, an trojan, Backdoor or something like that. I just find an article on an german Online Magazin. I cannot post the link, because i think it is forbidden here to post an extern link in an foreign, or another language than english.
mmm...Panda calls it multidropper and Kaspersky not-a-virus. Let's see what ESET have to say. Perhaps they'll add it.
According to the names which other companies give to it , it seems it is not so dangerous PUP . I guess files dropped later are detected .
Be aware that the article speaks of an archive containing 13 files; five INI files, six EXE files, one DLL file, and one COM file. There may be multiple baddies in this archive, probably not as harmless as I wrote earlier (before seeing the article).
well, is it an archive or a packed exe file? In the last case perhaps NOD doesn't have support for those packers.
From what I can understand, it says in the article that it's a self-extracting archive. So maybe that's why NOD32 doesn't report anything.
perhaps. Generally NOD should scan insidee SFX, but maybe this one is encrypted using a special method.