Does Nod32 detect Win32.Bube.d -or any variety thereof?

Discussion in 'NOD32 version 2 Forum' started by jayt, Jul 11, 2005.

Thread Status:
Not open for further replies.
  1. jayt

    jayt Registered Member

    From viruslist.com:

    We are currently seeing an increase in cases which involve file infecting AdWare.

    These new viruses are more sophisticated than the one we previously reported and append malicious code to Windows' explorer.exe. The viruses belong to the Virus.Win32.Bube family.

    For example, Virus.Win32.Bube.d downloads AdWare and Trojans, including: AdWare.ISearch.d, Trojan-Clicker.Win32.Agent.bn, Trojan.Win32.LowZones.ai and PornWare.Dialer.Salc.

    Disinfection in this case is tricky, as explorer.exe is an important Windows process. Additionally, the malware tries to prevent removal by disabling system restore, infecting the explorer.exe residing in %sysdir%\dllcache and lowering overall system security.
     
    jayt, Jul 11, 2005
    #1
  2. Stan999

    Stan999 Registered Member

    Last edited: Jul 11, 2005
    Stan999, Jul 11, 2005
    #2
  3. jayt

    jayt Registered Member

    I did but didn't find any reference to Bube.d
     
    jayt, Jul 11, 2005
    #3
  4. Stan999

    Stan999 Registered Member


    NOD32 - v.1.1027 (20050316)
    Virus signature database updates:
    IRC/SdBot.DTK, VBS/TrojanDropper.Inor.CJ, VBS/TrojanDropper.Small.A, Win32/Afcore.BV, Win32/Agobot.ASS, Win32/Bube.D,...............
     
    Stan999, Jul 11, 2005
    #4
  5. jayt

    jayt Registered Member

    Yep, you are correct. Thanks. :)

    The next question (just curious, my pc does not have this infection): Does Nod32 clean it without deleting the desktop? I found this info at:
    http://www.thespykiller.co.uk/bube.htm
     
    Last edited: Jul 11, 2005
    jayt, Jul 11, 2005
    #5
  6. webyourbusiness

    webyourbusiness Registered Member

    I didn't find it at first - I mis-read your virus name as bude.d - after searching for the CORRECT virus, it was found and other members of the family were found in lots of updates:

    NOD32 - v.1.1077 (20050425)
    Virus signature database updates:
    IRC/SdBot.DUQ, IRC/SdBot.DUR, IRC/SdBot.DUS, MSAccess/Exploit.Jet.A, SymbOS/Fontal.A, SymbOS/Hobble.A, SymbOS/Skulls.I, Win32/Adware.ISTbar, Win32/Bube.M, Win32/Delf.NAI, Win32/Delf.NBA, Win32/Delf.YS, Win32/Dislex.A, Win32/Kelvir.AD, Win32/Kelvir.AE, Win32/Kelvir.AF, Win32/Kelvir.AG, Win32/Kelvir.AH, Win32/Kelvir.AI, Win32/Kelvir.AJ, Win32/Mytob.BJ, Win32/Mytob.BK, Win32/Nethief.N, Win32/Rbot.DSQ, Win32/RiskWare.FreeScratchCards, Win32/RiskWare.FreeScratchCards.downloader, Win32/Spy.Bancos.EO, Win32/Spyboter.NFC, Win32/TrojanDownloader.Delf.KP, Win32/TrojanDownloader.IstBar.IS, Win32/TrojanDownloader.Small.AQS, Win32/TrojanDropper.Agent.JI, Win32/TrojanDropper.Small.NBU, Win32/TrojanDropper.VB.NAF

    NOD32 - v.1.1059 (20050412)
    Virus signature database updates:
    VBS/TrojanDownloader.Psyme.NAN, Win32/Agent.CP, Win32/Antinny.AE, Win32/Bube.L, Win32/Buchon.N, Win32/Mytob.AM, Win32/Mytob.AN, Win32/Mytob.AO, Win32/Protoride.NBD, Win32/PSW.Lineage.AW, Win32/Riler.E, Win32/Small.EF, Win32/Spy.Qukart.W, Win32/Spy.Turtuk.17, Win32/Tjspec.11.A, Win32/TrojanDownloader.Agent.NCH, Win32/TrojanDownloader.Ani.C, Win32/TrojanDownloader.Dluca, Win32/TrojanDownloader.INService.DW, Win32/TrojanDownloader.IstBar.IO, Win32/TrojanDownloader.Qoologic.I, Win32/TrojanDownloader.Small.ARO, Win32/TrojanDownloader.Small.ARR, Win32/TrojanDropper.Small.WN, Win32/TrojanProxy.Mitglieder, Win32/VB.TH

    NOD32 - v.1.1033 (20050323)
    Virus signature database updates:
    IRC/SdBot.DTZ, IRC/SdBot.DUA, SymbOS/Cabir.U, SymbOS/Skulls.C, Win32/Adware.FunWeb, Win32/Bube.K, Win32/Crowt.C, Win32/Haxdoor.CG, Win32/KeyLogger.Casper, Win32/Kipis.T, Win32/Kipis.U, Win32/Mytob.I, Win32/SpyBot.APE, Win32/TrojanClicker.Agent.NAE

    NOD32 - v.1.1027 (20050316)
    Virus signature database updates:
    IRC/SdBot.DTK, VBS/TrojanDropper.Inor.CJ, VBS/TrojanDropper.Small.A, Win32/Afcore.BV, Win32/Agobot.ASS, Win32/Bube.D, Win32/Buchon, Win32/Buchon.J, Win32/Dialer.Egroup.1058, Win32/Dialer.Egroup.M, Win32/Poebot, Win32/Poebot.NAK, Win32/Poebot.NAL, Win32/Radmin.J, Win32/Rammer.A, Win32/Rammer.B, Win32/Rbot.DRE, Win32/Rbot.DRF, Win32/Rbot.DRG, Win32/RiskWare.ExitWin.B, Win32/Shellfur.A, Win32/StartPage.NDE, Win32/StartPage.NDF, Win32/StartPage.NDG, Win32/StartPage.NDH, Win32/StartPage.NDI, Win32/StartPage.NDJ, Win32/TrojanClicker.Agent.BR, Win32/TrojanDownloader.Agent.NBW, Win32/TrojanDownloader.Dyfica.DX, Win32/TrojanDownloader.FZ, Win32/TrojanDownloader.NAG, Win32/TrojanDownloader.Small.AKJ, Win32/TrojanDownloader.WarSpy.B, Win32/TrojanDownloader.WinShow.NAL, Win32/TrojanDropper.Small.NBI, Win32/TrojanDropper.Small.NBJ, Win32/TrojanDropper.Small.NBK, Win32/TrojanDropper.Small.NBL, Win32/TrojanDropper.Small.SC, Win32/TrojanDropper.Small.SH, Win32/TrojanDropper.Small.SJ, Win32/TrojanDropper.Small.SL, Win32/TrojanDropper.Small.SM, Win32/TrojanDropper.Small.SO, Win32/TrojanDropper.Small.SU, Win32/TrojanDropper.Small.SX, Win32/TrojanDropper.Small.SY, Win32/TrojanDropper.Small.TO, Win32/TrojanProxy.Agent.CC, Win32/TrojanProxy.Agent.DS, Win32/TrojanProxy.Mitglieder.CW, Win32/VB.D, Win32/VB.M

    NOD32 - v.1.1022 (20050309)
    Virus signature database updates:
    HTML/Mht.AM, HTML/Mht.AN, IRC/SdBot.DTC, IRC/SdBot.DTF, JS/TrojanDownloader.Psyme.AB, JS/TrojanDownloader.Psyme.AH, JS/TrojanDownloader.Small.V, SymbOS/CommWarrior.A, SymbOS/Dampig.A, VBS/Exploit.Phel.F, VBS/TrojanDownloader.Phel.G, Win32/Adware.GloboSearch, Win32/Adware.IGetNet, Win32/Adware.MegaSearch, Win32/Adware.Serch, Win32/Adware.WildTangent, Win32/Agobot.ASO, Win32/Agobot.ASP, Win32/BackAttack.16, Win32/Bropia, Win32/Bropia.N, Win32/Bube.F, Win32/DarkMoon.B, Win32/Delf.NAN, Win32/Delf.QL, Win32/Delf.UW, Win32/Dialer, Win32/Dialer.RAS.J, Win32/EvilNet.B, Win32/Exploit.Roxo.A, Win32/ExplorerRemoto.A, Win32/Goldid.F, Win32/Lowzones, Win32/Lowzones.AX, Win32/Lowzones.AY, Win32/Myfip.Q, Win32/Protoride.NBA, Win32/PSW.LdPinch.NAY, Win32/PSW.Lmir.YK, Win32/PSW.StealPass.A, Win32/PSW.StealPass.B, Win32/Rbot.DQB, Win32/Rbot.DQC, Win32/Rbot.DQD, Win32/Rbot.DQE, Win32/Robobot.P, Win32/SdBoter.L, Win32/Singu.Q, Win32/Singu.R, Win32/Small.B, Win32/Small.CU, Win32/Spy.Banker, Win32/Spy.Banker.gen, Win32/Spy.Banker.NDQ, Win32/Sumom.B, Win32/TrojanDownloader.Agent.KF, Win32/TrojanDownloader.Agent.NBV, Win32/TrojanDownloader.IstBar.HQ, Win32/TrojanDownloader.IstBar.NAX, Win32/TrojanDownloader.Keenval.NAA, Win32/TrojanDownloader.Murlo.C, Win32/TrojanDownloader.Small.AKA, Win32/TrojanDownloader.Small.AMX, Win32/TrojanDownloader.Small.NCN, Win32/TrojanDownloader.Small.NCO, Win32/TrojanDownloader.WarSpy.A, Win32/TrojanDownloader.Wintrim.AR, Win32/TrojanDropper.Agent.FM, Win32/TrojanDropper.Microjoin.I, Win32/TrojanDropper.Microjoin.NAB, Win32/TrojanDropper.Microjoin.NAC, Win32/TrojanDropper.Microjoin.Q, Win32/TrojanDropper.Microjoin.R, Win32/TrojanDropper.Microjoin.S, Win32/TrojanDropper.Microjoin.U, Win32/TrojanDropper.Microjoin.V, Win32/TrojanDropper.MultiJoiner.17, Win32/TrojanDropper.MultiJoiner.17.drp, Win32/TrojanDropper.Small.PA, Win32/TrojanDropper.Small.SE, Win32/TrojanDropper.Small.SW, Win32/TrojanDropper.Small.TY, Win32/TrojanDropper.Small.UE, Win32/TrojanProxy.Migmaf.NAA, Win32/TrojanProxy.Mitglieder.BI, Win32/TrojanProxy.Small.BH, Win32/Tsack.E, Win32/VB.TA, Win32/Wootbot.AD, Win32/Wootbot.NIA, Win32/Wootbot.NIB

    NOD32 - v.1.1016 (20050301)
    Virus signature database updates:
    Java/Flooder.NewsAgent.110, Java/Flooder.NewsAgent.111.C, Win32/Agobot.AOT, Win32/Bube.G, Win32/Codbot.O, Win32/Dialer.AD, Win32/Haxdoor.BZ, Win32/Lowzones.B, Win32/PSW.LdPinch.EI, Win32/Rbot.CZE, Win32/Rbot.CZF, Win32/Rbot.CZG, Win32/Rbot.CZH, Win32/Rbot.CZI, Win32/Rbot.CZJ, Win32/Rbot.DAA, Win32/StartPage.NCZ, Win32/StartPage.NDA, Win32/StartPage.NDB, Win32/StartPage.QY, Win32/TrojanDownloader.Agent.JV, Win32/TrojanDownloader.Delf.JF, Win32/TrojanDownloader.Domcom.C, Win32/TrojanDownloader.VB.HF, Win32/TrojanDownloader.Vivia.C, Win32/TrojanDownloader.Vivia.D, Win32/TrojanDownloader.Vivia.F, Win32/TrojanDownloader.Vivia.H, Win32/TrojanDownloader.Vivia.I, Win32/TrojanDownloader.Vivia.M, Win32/TrojanDownloader.Vivia.O, Win32/TrojanDropper.Agent.EB

    NOD32 - v.1.1005 (20050221)
    Virus signature database updates:
    Exploit.HTML.IframeBof, IRC/SdBot.DDD, PSW.Joky.A, Reg.LowZones.E, VBS/Phel.A, Win32/Agobot.AGV, Win32/Agobot.AGW, Win32/Antilam.20.NAA, Win32/Bropia.I, Win32/Bropia.J, Win32/Bube.C, Win32/Codbot.J, Win32/Hiddenrun, Win32/HideExec.B, Win32/Korgo.AI, Win32/Makecall.NA, Win32/Muce.A, Win32/Nemsi.B, Win32/Padodor.AQ, Win32/Padowor.A, Win32/PassView.1_51, Win32/PassView.1_62, Win32/PerfectKeylogger, Win32/PSW.Antigen.A, Win32/PSW.Defeg.A, Win32/PSW.INet20, Win32/PSW.KeyLogger.CB, Win32/PSW.Legendmir.MG, Win32/PSW.Legendmir.Z, Win32/PSW.Lomaster.A, Win32/PSW.Madzumba.A, Win32/PSW.Mirpn.50.A, Win32/PSW.Mirpn.50.H, Win32/PSW.Mirpn.50.I, Win32/PSW.Netax.A, Win32/PSW.PdPinch.A, Win32/PSW.QQPass.AP, Win32/PSW.Teleb.A, Win32/Randon.BM, Win32/Rbot.CRK, Win32/Rbot.CRL, Win32/Rbot.CRM, Win32/Rbot.CRN, Win32/Rbot.CRO, Win32/Spy.Sigatarius.5401.B, Win32/Spy.Sincom.F, Win32/Spy.Small.AO, Win32/TrojanDownloader.Agent.NBR, Win32/TrojanDownloader.Devsog.741, Win32/TrojanDownloader.Small.AGG, Win32/TrojanDownloader.Small.DF, Win32/TrojanDownloader.Small.ES, Win32/TrojanDropper.Agent.DS, Win32/TrojanDropper.Delf.CH, Win32/TrojanDropper.Delf.DT, Win32/TrojanDropper.Delf.DU, Win32/TrojanDropper.Delf.HU, Win32/TrojanDropper.Mudrop.D, Win32/TrojanDropper.OnlineService.A, Win32/TrojanDropper.Small.PO, Win32/TrojanProxy.Agent.DO, Win32/TrojanProxy.Daemonize.E, Win32/Webdor.M, Win32/Wootbot.AR

    NOD32 - v.1.994 (20050209)
    Virus signature database updates:
    IRC/SdBot.DBX, IRC/SdBot.DBY, IRC/SdBot.DBZ, Java/Exploit.Bytverify.I, Java/TrojanDownloader.Beyond.D, Story.NAA, Win32/Agobot.AEU, Win32/Agobot.AEV, Win32/Bobax.P, Win32/Bube.B, Win32/Dialer.EroDial, Win32/Kipis.M, Win32/Onamu.B1, Win32/Rbot.CQH, Win32/Rbot.CQI, Win32/Rbot.CQJ, Win32/Rbot.CQK, Win32/Rbot.CQL, Win32/Robobot.NAA, Win32/Spy.Agent.CO, Win32/Spy.Banbra.BE, Win32/StartPage.PB, Win32/StartPage.UQ, Win32/TrojanClicker.Agent.BW, Win32/TrojanDownloader.Monurl.NAC, Win32/TrojanDownloader.Small.AAA, Win32/TrojanDownloader.Small.AGY, Win32/TrojanDownloader.Small.AIQ, Win32/TrojanDownloader.Small.AJB, Win32/TrojanDownloader.Small.ZD, Win32/TrojanDropper.Agent.CC, Win32/TrojanDropper.PurityScan.G.gen, Win32/TrojanDropper.Small.NBD, Win32/TrojanDropper.Small.OJ, Win32/TrojanDropper.Small.PE, Win32/TrojanDropper.Small.PG, Win32/TrojanProxy.Agent.CY, Win32/TrojanProxy.Agent.DF, Win32/TrojanProxy.Agent.NAJ, Win32/TrojanProxy.Small.BA, Win32/Wootbot.NHU

    Interestingly, I didn't find "Bube.A" anywhere...

    hth

    Greg
     
    webyourbusiness, Jul 12, 2005
    #6
  7. jayt

    jayt Registered Member

    Does Nod32 clean/delete Win32.bube.d without removing desktop

    The next question (just curious, my pc does not have this infection): Does Nod32 clean it without deleting the desktop? I found this info at:

    http://www.thespykiller.co.uk/bube.htm

    Since this part of my previous post was ignored, I am posting the question again.
     
    jayt, Jul 12, 2005
    #7
  8. Firecat

    Firecat Registered Member

    Re: Does Nod32 clean/delete Win32.bube.d without removing desktop

    Happy Bytes should be able to answer this question. You might want to send him a PM with this question. :)
     
    Firecat, Jul 12, 2005
    #8
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice