Another NOD32 miss, please, add a signature for this..

Please Eset guys, there is another Trojan Banker here in Brazil... add a signature for this file, ´cause I´m reiciving a lot of trojan banker in my mail...

Is not possible to add a generic signature or something like that? (I don´t understand a lot about AVs and signature, correct me if I´m wrong)

http://tinypic.com/i19t3d.jpg

Happy Bytes, I´ll send it to your e-mail..

 

Already under progress.

 

thanks!

 

Fast like electroshock tanks......

 

Hey Pain,
Are you Brazilian ?
If you are, take care from an e-mail about Roberto Jefferson, that came from a Bulgarian server.Eset Team is adding it to database.

 

kkkkkkkkkkk!!! Roberto Jefferson?? Meu deus do ceu, é cada uma!

 

Should it be a surprise?

 

No, it's not a surprise, but to tell you to click that link to see photos of his murder, it's too funny.

 

huhuhuhu

By the way, how is going the work on these signatures, Happy Bytes?

--------
Edit:

I think the work is done..

http://tinypic.com/i1fsbr.jpg

 

I submitted this exe few days ago but NOD still misses it

Service
Service load:
0% 100%
File: 126547.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 31dc90567e7f5a1c85fa7a8cdb9f118b
Packers detected:
WISESFX DROPPER
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found Trojan.Downloader.Small.BKE, Application.Adware.NewDotNet.B.Dropper
ClamAV
Found Adware.NewDotNet.B-4
Dr.Web
Found Trojan.DownLoader.3945, Adware.NewDotNet
F-Prot Antivirus
Found nothing
Fortinet
Found Adware/SmallShopper
Kaspersky Anti-Virus
Found Trojan-Downloader.Win32.Small.bke, not-a-virus:AdWare.Win32.NewDotNet
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found AdWare.Win32.NewDotNet

 

I'll try to look up the file, but remember the file is WISE SFX packed which means NOD32 might detect the files after being extracted from the archive. Did you check that?

 

i downloaded this file but never run it because i always check suspicious files on jottis so after these results i repacked and named "infected" and submitted to eset.

 

I think NOD does unpack WISE SFX.....

 

Just a heads up on girls.exe (http://www.dartanyan.******/girls.exe) about 1.4Mb

12/1/2005 18:52:20 PM Kernel The file 'C:\Documents and Settings\Username\Desktop\girls.exe' has been sent to Eset's labs for analysis.

Kaspersky Anti-Virus Found Virus.Win32.Parite.b, Virus.Win32.FunLove.4070, Email-Worm.Win32.Rays
NOD32 Nothing

Hope you detect it soon and add it to the database because it is not detected via AH

 

That's a setup package. The malware gets nailed upon start of this archive via AMON before any infection could be done.

 

Again, another SFX archive/installer. After the files had been unpacked they were detected by NOD32 as follows:

Scan performed at: 1. 12. 2005 12:49:22
Scanning Log
NOD32 version 1.1309 (20051130) NT
Command line: C:\unpack

Date: 1.12.2005 Time: 12:49:46
Scanned disks, folders and files: C:\unpack\
C:\unpack\click.dll - IRC/Flood application
C:\unpack\mrsn.exe - Win32/Parite.B virus
C:\unpack\SVCHOST.exe - Win32/FunLove.4070 virus
C:\unpack\System32.exe - Win32/Wukill.B worm
C:\unpack\windows.exe - Win32/Wukill.B worm
C:\unpack\windowsxp.dll - IRC/Flood application
Number of scanned files: 12
Number of threats found: 6
Time of completion: 12:49:46 Total scanning time: 0 sec (00:00:00)

 

I see.. thanks both for replying. But why it will not check the file for the contents before you run/download it?