IRC-Flooder ?

Discussion in 'NOD32 version 2 Forum' started by basti, Jul 28, 2006.

Thread Status:
Not open for further replies.
  1. basti

    basti Registered Member

    Joined:
    Jul 28, 2006
    Posts:
    48
    At what Sign. Update are we protect against this kind of Backdoor etc. ?

    Because, this are the results of other av-companies dated 27.07.2006

    AntiVir BDS/Zapchast.BT
    Avast! Win32:Hidewnd [Trj]
    AVG HideWindow (Trojan horse)
    BitDefender Spyware.Adspace.DLL
    ClamAV Trojan.IRC.Flood.AQ
    Command -/-
    Dr Web Trojan.Flood.22016
    eSafe Win32.Polipos.sus
    eTrust-INO Win32/IRCFLood.6ra!Dropper
    eTrust-VET -/-
    Ewido -/-
    F-Prot virus dropper
    F-Secure Backdoor.IRC.Zapchast
    Fortinet Misc/MIRC
    Ikarus -/-
    Kaspersky not-a-virus:RiskTool.Win32.HideWindows
    McAfee HideWindow (potentially unwanted program)
    Microsoft Tool:Win32/HideWindows
    Nod32 -/-
    Norman -/-
    Panda Trj/Multidropper.BLU
    QuickHeal -/-
    Sophos Troj/Zapchas-BT
    Symantec -/-
    Trend Micro -/-
    UNA -/-
    VBA32 BackDoor.IRC.based
    VirusBuster Trojan.DR.Flood.BM
    WebWasher Trojan.Zapchast.BT
     
  2. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    Backdoor? Why do you say that? Does the sample, when run, give outside users remote access to your PC? It doesn't look like a backdoor trojan according to most of the results in what you've listed (i.e. "not-a-virus...", "... potentially unwanted program", "Tool..." etc.)

    Where do you get your results from? NOD32 is usually good at detecting these "not-a-virus:RiskTool.Win32.HideWindows" samples if you have set it to also detect Potentially dangerous applications. NOD32 detects all 7 variants I have of this sample at least.
     
  3. basti

    basti Registered Member

    Joined:
    Jul 28, 2006
    Posts:
    48
    @kjempen

    Sorry, you're right. I do not exactly know what it was, an trojan, Backdoor or something like that. I just find an article on an german Online Magazin. I cannot post the link, because i think it is forbidden here to post an extern link in an foreign, or another language than english.
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    No it is ok, just don't post links to live malware.

    Cheers :D
     
  5. basti

    basti Registered Member

    Joined:
    Jul 28, 2006
    Posts:
    48
  6. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    mmm...Panda calls it multidropper and Kaspersky not-a-virus. Let's see what ESET have to say. Perhaps they'll add it.
     
  7. ASpace

    ASpace Guest

    According to the names which other companies give to it , it seems it is not so dangerous PUP . I guess files dropped later are detected .
     
  8. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Well, you guess ...but are they really detected? :D
     
  9. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    Be aware that the article speaks of an archive containing 13 files; five INI files, six EXE files, one DLL file, and one COM file. There may be multiple baddies in this archive, probably not as harmless as I wrote earlier (before seeing the article).
     
  10. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    well, is it an archive or a packed exe file? In the last case perhaps NOD doesn't have support for those packers.
     
  11. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    From what I can understand, it says in the article that it's a self-extracting archive. So maybe that's why NOD32 doesn't report anything.
     
  12. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    perhaps. ;) Generally NOD should scan insidee SFX, but maybe this one is encrypted using a special method.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.