A new malware sample, can't submit via email or nod32 because file is to big

Discussion in 'ESET NOD32 Antivirus' started by JuliusB, Oct 9, 2008.

Thread Status:
Not open for further replies.
  1. JuliusB

    JuliusB Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    82
  2. Fixer

    Fixer Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    141
    Location:
    Bulgaria, EU
    I send this suspicious archive to ESET Lab. Now we have to wait their response.

    I recommend you to take up the same way in that situation.
     
  3. JuliusB

    JuliusB Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    82
    I tried sending the file via email and both my ISPs and Gmail mail servers responded file is to big. Also when I tried to send the file manually from NOD32 quarantine I got error too.
    I looked on the Internet and Ardamax seems to be a commercial keylogger, however I have selected "Detect potentially unsafe applications" option in NOD2 configuration.
    Other malware may be present in this file too, like some kind of spyware. Users reported spyware similar activity after running the file, however I am not sure this is the exact same torrent, because it is being removed from torrent sites.

    And by the way of course I'm using a legit version of NOD32 :)

    Also I would like to ask ESET moderators where it is better to send suspicious files to? To samples@eset.com or directly from NOD32 quarantine?
    In the past few weeks I got two new samples of malware and sent them too both samples@eset.com and directly from NOD32. After about a week they were aded the database and I got one email reply saying detection will be added in the next version of definition files. That was after it was already added.
     
  4. Fixer

    Fixer Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    141
    Location:
    Bulgaria, EU
    The letter that I sent to ESET Lab, I gave the link you provided us. The file is too large to be attached or sent by function embedded in EAV/ESS.

    I send e-mail to samples@eset.com
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Maybe it's better to upload it to a file sharing service and then just send a link to it to samples[at]eset.com. I've just checked the mailbox and there's no such sample yet, most likely it hasn't got through an email server somewhere.
     
  6. JuliusB

    JuliusB Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    82
    My Internet at this time is very slow, but I will upload it in password protected .rar archive to rapidshare.com and post a link here.

    Edit:
    here is the rapidshare link for the file:
    removed
    It is compressed with WinRAR.
    Archive password is: eset
     
    Last edited: Oct 10, 2008
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's against TOS to post links to potential malware here. Please rather email it to samples[at]eset.com with this thread's url in the subject.
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's an installer, we don't detect them. After I ran it, it extracted files that were immediately detected and quarantined by the real-time protection.
     
  9. JuliusB

    JuliusB Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    82
    Thanks for taking care of it promptly.
    Link edited according to TOS.
     
  10. Stubborn

    Stubborn Registered Member

    Joined:
    Apr 7, 2008
    Posts:
    22
    Location:
    Brazil
    I experienced a problem like that and I've decided to run the malware installer into a sandbox. It happens just like Marcos said.
     
  11. Stubborn

    Stubborn Registered Member

    Joined:
    Apr 7, 2008
    Posts:
    22
    Location:
    Brazil
    Edit: double.
     
Thread Status:
Not open for further replies.