Discussion in 'NOD32 version 2 Forum' started by De Hollander, Apr 3, 2006.

Thread Status:
Not open for further replies.
  1. De Hollander

    De Hollander Registered Member

    Sep 10, 2005
    Windmills and cows

    I have a file that nod32 reports clean.

    With a online scan from Kaspersky : Exploit.JS.CVE-2006-1359.a

    Antivirus Version Update Result
    AntiVir 04.03.2006 no virus found
    Avast 4.6.695.0 04.03.2006 no virus found
    AVG 386 03.31.2006 no virus found
    Avira 04.03.2006 no virus found
    BitDefender 7.2 04.03.2006 Exploit.HTML.CreateRange.Gen
    CAT-QuickHeal 8.00 03.31.2006 no virus found
    ClamAV devel-20060202 04.03.2006 Exploit.JS.CVE-2006-1359
    DrWeb 4.33 04.03.2006 Exploit.CVE1359
    eTrust-InoculateIT 23.71.118 04.02.2006 no virus found
    eTrust-Vet 12.4.2146 04.03.2006 JS/VU876678!exploit
    Ewido 3.5 04.03.2006 Not-A-Virus.Exploit.JS.CVE20061359.a
    Fortinet 04.03.2006 HTML/CreateTxtRng.A!tr
    F-Prot 3.16c 03.30.2006 JS/CVE-2006-1359.A@expl
    Ikarus 04.01.2006 no virus found
    Kaspersky 04.03.2006 Exploit.JS.CVE-2006-1359.a
    McAfee 4731 03.31.2006 no virus found
    NOD32v2 1.1467 04.02.2006 no virus found
    Norman 5.90.15 03.31.2006 no virus found
    Panda 04.02.2006 no virus found
    Sophos 4.04.0 04.03.2006 no virus found
    Symantec 8.0 04.03.2006 Bloodhound.Exploit.61
    TheHacker 04.03.2006 no virus found
    UNA 1.83 03.30.2006 no virus found
    VBA32 3.10.5 04.03.2006 no virus found

    When I look at the virus signature database updates from Nod32:
    1.1457 (20060324) JS/Exploit.CVE-2006-1359
    1.1466 (20060331) JS/Exploit.CVE-2006-1359 (7),

    I have already send the file towards samples@nod32.com / support@nod32.com / servis@eset.sk with the subject : Sample, and that the file was encrypted with a password.( "infected" )

    My question is:
    Is this file part of the Zero Day IE Exploit?, ..and if so why does nod32 report this file clean.
  2. SSK

    SSK Registered Member

    Nov 28, 2004
    Probably because this version is not detected by the current signature used by NOD. But it could be a false positive as well... o_O

    BTW Ja lekker, doe maar een Brand :D
  3. De Hollander

    De Hollander Registered Member

    Sep 10, 2005
    Windmills and cows
    :D :D

    Virus signature database updates: 1.1468 (20060403)

    F:\Downloads\TextRange[1]\TextRange[1].htm - JS/Exploit.CVE-2006-1359 trojan

    Its time to take a beer, perhaps a Brand:D

    Thank you. :thumb:
Thread Status:
Not open for further replies.