abest.exe is it a virus/trojan!

Discussion in 'NOD32 version 2 Forum' started by hadi, Apr 24, 2005.

Thread Status:
Not open for further replies.
  1. hadi

    hadi Guest

    just hit "eTrust Antivirus Web Scanner" and it founds "abest.exe"
    checked it with NOD the result is OK.
    Then uploaded it to "jotti.org" the results are below

    File: abest.exe
    Status: INFECTED/MALWARE
    Packers detected: PE_PATCH.PECOMPACT, PECBUNDLE, PECOMPACT
    Scanner results
    AntiVir Found TR/Dldr.Juntador.C
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found Trojan.Dropper.Agent.HH
    ClamAV Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found Trojan-Dropper.Win32.Agent.hh
    mks_vir Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    VBA32 Found Embedded.Trojan-Downloader.Win32.Small.amg (probable variant)

    Any advice please. Thanks

    OS:XPSP2,IE6, NOD32,spywareblaster,spywareguard,M$ antispyware,spybot S&D,adaware etc,etc
     
  2. hadi

    hadi Guest

    Further search in C:windows/sestem32 this exe appears "abestlc.exe"
    straight to jotti: results are


    File: abestlc.exe
    Status: INFECTED/MALWARE (Note: only non-destructive malware has been found. Considering the non-destructive nature of samples like these - although they can be a pain -, results will not be stored in the database.)
    Packers detected: -
    Scanner results
    AntiVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found Dropped:Adware.WinAD
    ClamAV Found Worm.Mydoom.Gen-1
    Dr.Web Found not a virus Adware.Winad
    F-Prot Antivirus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found not-a-virus:AdWare.WinAD.e
    mks_vir Found .Winadd
    NOD32 Found nothing
    Norman Virus Control Found nothing
    VBA32 Found AdWare.WinAD.e

    So please what are these files and if they are dangerous why NOD didnt detect them. Thanks
     
  3. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Apparently are only Adware. Submit them to Eset zipped to samples@eset.com or send it using the new beta feature.
     
  4. hadi

    hadi Guest

    alredy sent.
    Thanks
     
Thread Status:
Not open for further replies.