Nod is not detecting W32/YahLover.worm.gen

Discussion in 'ESET NOD32 Antivirus' started by tahaa, Dec 24, 2009.

Thread Status:
Not open for further replies.
  1. tahaa

    tahaa Registered Member

    Joined:
    Dec 24, 2009
    Posts:
    4
    Dear Sir,

    Nod is not detecting W32/YahLover.worm.gen

    i.e a virus creates a same folder exe and hides the original one.

    e.g original file data and it hides and make a exe name data.exe on main usb root.

    Nod32 v 4 is not detecting it while Mcafee antivirus is detecting it as W32/YahLover.worm.gen

    Nod32 v 4 is running with the latest definition update ie 4715

    Thanks
     
    tahaa, Dec 24, 2009
    #1
  2. dorgane

    dorgane Guest

    dorgane, Dec 24, 2009
    #2
  3. Rmuffler

    Rmuffler Former Eset Moderator

    Joined:
    Jun 26, 2008
    Posts:
    1,000
    Location:
    Bismarck, ND USA
    Rmuffler, Dec 24, 2009
    #3
  4. tahaa

    tahaa Registered Member

    Joined:
    Dec 24, 2009
    Posts:
    4
    Dear Sir,


    The exe file size shows 1.34MB and it creates a hidden file in system32 folder with random names like 80DCAF or 880E34.EXE , etc and contains 1.34 MB file . As soon as i get the usb infected with this virus will be emailed.

    File information
    File name: 880E34.EXE
    File size: 1.34 MB (1403535 bytes)
    Md5: a87c43e580e21b542912e55b9b203230

    Loading point information
    Execution type: REGISTRY
    Registry section: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
    Entry: 880E34

    Entry time: 2009-11-18

    after searching on google finally i found that it is
    Trojan.FlyStudio.I or Troj/Dropr-K Virus which is not detected by NOD32 v 4


    ===================



    other user views



    Code:
    http://forums.techguy.org/malware-removal-hijackthis-logs/853454-virus-makes-my-folders-hidden.html

    Code:
    http://www.pc1news.com/virus/file-880e34-exe-361403.html

    Code:
    http://sgforums.com/forums/2250/topics/375248
    please visit this for more details .

    Code:
    http://www.spywareremove.com/removeTrojanFlyStudioI.html

    It is requested from you to update definitions so that it can be detected and removed by nod32 because ESET IS best and i dont wanna use any other antivirus.

    Thanks
     
    Last edited: Dec 24, 2009
    tahaa, Dec 24, 2009
    #4
  5. tahaa

    tahaa Registered Member

    Joined:
    Dec 24, 2009
    Posts:
    4
    Virus file has been emailed to samples@eset.com for analyzing
    and can be downloaded via


    ~Link to possible malware removed.~
    password: infected

    Thanks
     
    Last edited by a moderator: Dec 25, 2009
    tahaa, Dec 25, 2009
    #5
  6. tahaa

    tahaa Registered Member

    Joined:
    Dec 24, 2009
    Posts:
    4
    Thanks Eset to remove the said virus (Win32/FlyStudio_OCJ) in 4717 Update definition.

    Regards
    Muhammad Tahaa
     
    tahaa, Dec 26, 2009
    #6
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...