A Question to Moderator

Discussion in 'ESET NOD32 Antivirus' started by krypton_harsh, Apr 15, 2008.

Thread Status:
Not open for further replies.
  1. krypton_harsh

    krypton_harsh Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    84
    I have a sent a mail to sample(at) eset.com
    with a new variant of brontok virus....
    how much time will it take to get a new defination for it...
    i have sent it from the id
    mycybercafe@rediffmail.com

    actually the update release was very urgent...and i dint even get the confirmation of reciept of delivery from eset....not sure if eset got them or what....coz the same virus was detected by norton when i was uploading it via yahoo..... and it dint get detected with f-secure that rediffmail uses....

    all my clients and services uses eset...and that virus is all over the city... when can i except the update for it....thanking u
    the mail was uploaded 2 hrs before this thread
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    May I know the password to the archive? None of the standard ones work.
     
  3. krypton_harsh

    krypton_harsh Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    84
    i gave t has infected

    "infected"
     
  4. krypton_harsh

    krypton_harsh Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    84
  5. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hi, password "infected" is usually used for archives send to Eset, so analysts type this everytime, if any other wasn't written in mail text. You might have done a mistake, when you typed it.
     
  6. krypton_harsh

    krypton_harsh Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    84
    but i have a copy of that zipped file.... and it opens with the password "infected" i also have posted another copy of the sample to eset...
    and also mentioned the password
    please help
    its sort a urgent
     
  7. krypton_harsh

    krypton_harsh Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    84
    i have also zipped the files again used the password as "infected"
    and mailed it from another id.... krypton_harsh @ myway.com

    please check it and reply soon....
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    Right, it worked. I'd bet I tried it several times before I asked here :) It seems to be a trivial Autoit script that disables the task manager, we'll add it in one of the next updates.
     
  9. krypton_harsh

    krypton_harsh Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    84
    exactly sir...its an autoit script... same symptoms as of rontokbro...
    only diffrences is no same names .exe in ever folder...
    it only creates some standard folder in every drive's root...
    likely...
    secrets.exe
    jokes.exe
    documents.exe
    new folder(2).exe
    etc...
    and the execution file at startup is ....khatarnak.exe in system32 and windows root directory...
    boots to memory on startup using the shell command...at shell=explorer.exe, c:\windows\system32\khatarnak.exe ..in regedit....

    i am glad u got my sample...

    awaiting for u'r reply and updates...thanku sir

    and 1 more thing....there is also an another virus outbreak here last week...
    but its a bit of nuisanse.... i will mail the sample now...
    its actually a single file virus....called svchost.exe....icon is like a .dll file
    it loads in the memory at startup...using... startmenu > programs > startup > svchost.exe

    and gives a message at startup showing that the windows is not genuine and click here to make it genuine...and disable playing music from windows media player and winamp.....
    thankz i will upload the second smaple...be in touch
    thankz again
     
  10. krypton_harsh

    krypton_harsh Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    84
    update 3029 released but still no cure..... please help
     
  11. krypton_harsh

    krypton_harsh Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    84
    Thankz Sir.
    I got the update cure in v3030

    gr8 work eset

    thankz a lot

    uploading new samples now.
     
Thread Status:
Not open for further replies.