Another NOD32 miss, please, add a signature for this..

Discussion in 'NOD32 version 2 Forum' started by Pain of Salvation, Nov 29, 2005.

Thread Status:
Not open for further replies.
  1. Pain of Salvation

    Pain of Salvation Registered Member

    Joined:
    Apr 21, 2005
    Posts:
    398
    Please Eset guys, there is another Trojan Banker here in Brazil... add a signature for this file, ´cause I´m reiciving a lot of trojan banker in my mail...

    Is not possible to add a generic signature or something like that? (I don´t understand a lot about AVs and signature, correct me if I´m wrong)

    http://tinypic.com/i19t3d.jpg

    Happy Bytes, I´ll send it to your e-mail..
     
  2. Happy Bytes

    Happy Bytes Guest

    Already under progress. ;)
     
  3. Pain of Salvation

    Pain of Salvation Registered Member

    Joined:
    Apr 21, 2005
    Posts:
    398
  4. DonKid

    DonKid Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    566
    Location:
    S?o Paulo, Brazil
    :D :D :D

    Fast like electroshock tanks......:D :D :D
     
  5. Happy Bytes

    Happy Bytes Guest

    :eek: :eek: :eek: :mad: :mad: :mad: :D :D :D
     
  6. DonKid

    DonKid Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    566
    Location:
    S?o Paulo, Brazil
    Hey Pain,
    Are you Brazilian ?
    If you are, take care from an e-mail about Roberto Jefferson, that came from a Bulgarian server.Eset Team is adding it to database.
     
  7. Pain of Salvation

    Pain of Salvation Registered Member

    Joined:
    Apr 21, 2005
    Posts:
    398
    kkkkkkkkkkk!!! Roberto Jefferson?? Meu deus do ceu, é cada uma! ;)
     
    Last edited: Nov 29, 2005
  8. Marcelo

    Marcelo Registered Member

    Joined:
    Oct 11, 2005
    Posts:
    74
    Location:
    Rio de Janeiro, Brazil.
    Should it be a surprise? :rolleyes: :)
     
  9. DonKid

    DonKid Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    566
    Location:
    S?o Paulo, Brazil
    No, it's not a surprise, but to tell you to click that link to see photos of his murder, it's too funny.
     
  10. Pain of Salvation

    Pain of Salvation Registered Member

    Joined:
    Apr 21, 2005
    Posts:
    398
    huhuhuhu :eek:

    By the way, how is going the work on these signatures, Happy Bytes?

    --------
    Edit:

    I think the work is done.. :D

    http://tinypic.com/i1fsbr.jpg
     
    Last edited: Nov 29, 2005
  11. olcay

    olcay Registered Member

    Joined:
    Nov 17, 2005
    Posts:
    24
    I submitted this exe few days ago but NOD still misses ito_O

    Service
    Service load:
    0% 100%
    File: 126547.exe
    Status:
    INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
    MD5 31dc90567e7f5a1c85fa7a8cdb9f118b
    Packers detected:
    WISESFX DROPPER
    Scanner results
    AntiVir
    Found nothing
    ArcaVir
    Found nothing
    Avast
    Found nothing
    AVG Antivirus
    Found nothing
    BitDefender
    Found Trojan.Downloader.Small.BKE, Application.Adware.NewDotNet.B.Dropper
    ClamAV
    Found Adware.NewDotNet.B-4
    Dr.Web
    Found Trojan.DownLoader.3945, Adware.NewDotNet
    F-Prot Antivirus
    Found nothing
    Fortinet
    Found Adware/SmallShopper
    Kaspersky Anti-Virus
    Found Trojan-Downloader.Win32.Small.bke, not-a-virus:AdWare.Win32.NewDotNet
    NOD32
    Found nothing
    Norman Virus Control
    Found nothing
    UNA
    Found nothing
    VBA32
    Found AdWare.Win32.NewDotNet
     
    Last edited: Nov 29, 2005
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'll try to look up the file, but remember the file is WISE SFX packed which means NOD32 might detect the files after being extracted from the archive. Did you check that?
     
  13. olcay

    olcay Registered Member

    Joined:
    Nov 17, 2005
    Posts:
    24
    i downloaded this file but never run it because i always check suspicious files on jottis so after these results i repacked and named "infected" and submitted to eset.
     
  14. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    I think NOD does unpack WISE SFX.....
     
  15. CyberMew

    CyberMew Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    128
    Just a heads up on girls.exe (http://www.dartanyan.******/girls.exe) about 1.4Mb

    12/1/2005 18:52:20 PM Kernel The file 'C:\Documents and Settings\Username\Desktop\girls.exe' has been sent to Eset's labs for analysis.

    Kaspersky Anti-Virus Found Virus.Win32.Parite.b, Virus.Win32.FunLove.4070, Email-Worm.Win32.Rays
    NOD32 Nothing

    Hope you detect it soon and add it to the database because it is not detected via AH
     
  16. Happy Bytes

    Happy Bytes Guest

    That's a setup package. The malware gets nailed upon start of this archive via AMON before any infection could be done.
     
  17. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Again, another SFX archive/installer. After the files had been unpacked they were detected by NOD32 as follows:

    Scan performed at: 1. 12. 2005 12:49:22
    Scanning Log
    NOD32 version 1.1309 (20051130) NT
    Command line: C:\unpack

    Date: 1.12.2005 Time: 12:49:46
    Scanned disks, folders and files: C:\unpack\
    C:\unpack\click.dll - IRC/Flood application
    C:\unpack\mrsn.exe - Win32/Parite.B virus
    C:\unpack\SVCHOST.exe - Win32/FunLove.4070 virus
    C:\unpack\System32.exe - Win32/Wukill.B worm
    C:\unpack\windows.exe - Win32/Wukill.B worm
    C:\unpack\windowsxp.dll - IRC/Flood application
    Number of scanned files: 12
    Number of threats found: 6
    Time of completion: 12:49:46 Total scanning time: 0 sec (00:00:00)
     
  18. CyberMew

    CyberMew Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    128
    I see.. thanks both for replying. But why it will not check the file for the contents before you run/download it?
     
Thread Status:
Not open for further replies.