NOD32 not detecting mblast.exe

Hi People,
Was having some problems with internet access, contacted customer service at my provider. Turns out I was infected with the W32/Blaster worm.

As infections go, it is relatively benign, but I was dismayed that NOD32 did not detect this worm.

mblast.exe was one of my processes running when I pressed ctrl-alt-del and the mblast file was in \system32, so it was very easy for ME to see that the worm was active.

Yet when I run nod32 scan it did not detect it.

I am running with a virus definition update from earlier this week.

Any suggestions? When I do a scan, I have ALWAYS received a couple error messages about MBR records, but from reading the forum I think I see how to avoid these in the future, but otherwise scans seem to be normal and don't find anything.

Thanks for any help.

 

Comparing the SARC with the NOD32 update site, it sure looks like NOD32 has issued definitions for all of the worm versions.

NOD32 - v.1.480 (20030812)
Virus signature database updates:
Win32/Lovsan.A, Win32/PSW.Pet.F

From the update list here: http://www.nod32.com/support/info.htm#CurVersion

On the 13th: Win32/Lovsan.A.unp
On the 13th: Win32/Lovsan.C
On the 18th: Win32/Lovsan.A:AsPack
On the 19th: Win32/Lovsan.D

http://www.symantec.com/avcenter/venc/data/w32.blaster.worm.html

http://www.symantec.com/avcenter/venc/data/w32.blaster.b.worm.html

http://www.symantec.com/avcenter/venc/data/w32.blaster.c.worm.html

 

Dear People,

I really appreciate the effort. Database information is below. I have attached a screenshot of the NOD32 scan. At this point I had removed the mblast worm file (mblast.exe) but not the registry entry.

I have purchased, and am running Version 2 on another computer and this morning it identified a blast virus as an attachment in an email. So that computer/NOD32 setup seems to be working fine.

Any thoughts on why the worm was not identified would be appreciated.


Mike M

NOD32 system information
Version:         1.474 (20030804)
Installed on:      08/04/2003
Virus database build:   3136
Environment version:   1.047
Last Update attempt:   08/14/03 16:18:01

Operating system information
Platform:   Windows XP
Version:   5.1.2600
Common controls version: 5.82.2600
RAM:   255 MB

Diagnostics information
Base module build:   3084

 

Dear Paul,

I appreciate the response. I will assume then that the software was performing correctly, but my failure to update the database lead to my demise.

Thanks, Mike M

 

Also, I recommend that you install version 2 instead. Just download it using your current username and password, uninstall the old version, reboot, and install the new version.

You should also leave the scheduled updates at their default settings/interval, and just make sure after a day or two that you got the latest updates.

Best regards,
Anders

 

Dear Anders and Paul,

Thanks for your help. I think it's all sorted now. I downloaded version 2 last night after I saw how well it worked on another computer we have.

So now it is happily updating and hopefully I should be safer.

Bye, Mike M

 

msblaster (or luvsan) is not an email borne worm.

If you were infected that means that a) you didn't have your PC patched with the MS critical update that was available in July and b) you had ports open on the internet and either weren't running a firewall or if you had a firewall it was misconfigured. Such open and vulnerable machines could be infected within 30 seconds of going online. This particular worm wasn't particularly destructive to the infected host, but the next one could be. If you're not running a firewall of some sort get one. There are good free ones available. Even a properly configured NAT router that filters incoming ports should help.

Don't just rely just on your AV to protect you (especially from worms and trojans that take advantage of open ports on the internet) and an AV certainly can't offer its best protection against the newest threats if it isn't regularly updated.

NOD version 2 has an automatic update feature which is extemely convenient. I set mine so it checks for updates every three hours ( I think the default is every hour). It downloads and installs the update without any fuss. The auto updater works so well it's the first time I've ever allowed any application to auto update itself. ESET's made it as easy as it can be to maintain an updated AV so might as well take advantage of it.

 

>NOD version 2 has an automatic update feature which is extemely convenient.

Yes. The auto update feature is great. However, some of us like to have a bit more control. I really like that I can have it set to look every hour and then to ask me before updating when it finds an update. I agree that the auto update is very fast and doesn't cause problems. I especially like that Eset corrected the problem in version 1 and version 2 beta where the mouse would become unusable during the update. Even though the update is fast, I still didn't like that my mouse wouldn't work. Now though, the mouse continues to work and the update is fast.