Nod not detecting new dumaru virus

I am a bit concernedthat NOD isn't detecting the new dumaru virus

I have advanced heuristics using the right click shell power extension

I though NOD had very good heuristics

When Dr webb and KAV detect heuristically and now have a virus definition for this one a part of the mydoom infections, whty haven't NOD

TDS detected as an unknown kety logger immediately, nod should have at least done that


Norton have had a write up about it for 2 days now and NOD haven't even got detection

I have sent copies of the viral files to them, ( from an infected machine via one of the tech forums) I can only assume that the NOD users are so well protected that they never got infected by any form of the virus so no-one could find any files to send in.

 

That's why I'm suprised it hasn't detected the latest one dumaru ah

I thought it must have a close enough signature for NOD heuristics to autodetect as KAV & Dr Webb and TDS have

this is Symantec write up about it
http://www.sarc.com/avcenter/venc/data/w32.dumaru.ah@mm.html

sorry the forum software won't make a link so copy & paste please

 

dvk,

NOD32 detects this one, named w32/Mimail.U - database update v1.624 (20040214)

regards.

paul

 

Hate to disagree paul, but It isn't detecting it

I have copies of this worm/virus in 2 different places on my computer, they are the exact copies that I sent to NOD & Pieter

TDS detects them, KAV detectsthem, Housecall online detects, DR webb online detects, Norton online detects

NOD does not detect, either by doing a full system sca, or by just scanning the folder nor does it detect by using Advanced Heuristics in the shell extension

I can only conclude that NOD is not detecting it

Any ideas why?

 

dvk,

Obviously a misunderstanding from my side as for naming the little bugger: this one shows up on other AV vendor sites as "aka" w32/Nimail.U - and is databased under that name by Eset.

I only can conclude this one hasn't been databased yet by Eset.

regards.

paul

 

I've seen it listed as mimail z on some sites

that is the main problem we have, Why can't teh Antivirus vendors get together and at least agree on a name for these so we can check a bit more easily

I've sent copies, Pieter has copies and I think he has sent them, all senyt yesterday am. I will resend in case they have been misplaced

IF you want a copy for your own interest or to check let me know please

EDIT:

I've resent again to NOD at 17.09 GMT let's see if they misplace this set

 

One practical reason: update the databases as soon as possible - coming with their own name - or verifying with all sortalike companies first, agreeing on just one name, and database a nastie at the least 24 hours later. Personally, I do opt for the first solution

Pieter no doubt has sent copies to all major players involved

Thanks for the offer! Pieter is a good source here.

I do applaud your effort! I'm pretty sure it will be a matter of time an this one will be databased.

regards.

paul

 

Pleased to announce that it was included in update 1.627 on 18.02.04

A bit slow in my book considering samples were sent on the 13th and I have personally seen several infected machines that I have had to manually clean for the users.

Especially since Nortona dn others including AVG also had samples at the same time and included them much quicker than NOD

Still all NOD users are protected now so that is one good thing

 

All I would assume is that because NOD were one of the first to have detection for the original DOOM virus and protected it's users, then they wouldn't be infected by the dropped worm.

This might be a reasonable view to take, except many people recommend NOD because the original antivirus wasn't protecting the user and they were infected and got NOD to cure the infections.

I know NO antivirus is 100% effective and on the whole I am more satisfied with NOD than other antiviruses, both is speed of scanning and in detecting and preventing or removing viruses.

They just need to be a little bit quicker in including some of the newer viruses/trojans/worms/ whatever

 

An antivirus can't compensate for all ills. It is just a tool. It is a mistake to rely on any one program to protect you. Practice safe computing instead. A link.

http://www.teamanti-virus.org/rules.html