Disappearing probable WM/Nuclear.D variant

Discussion in 'NOD32 version 2 Forum' started by NOD32 user, Apr 5, 2005.

Thread Status:
Not open for further replies.
  1. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Scanning a customers HDD NOD32 2.5 beta detected "E:\CDROM\CYBEC.DOC - probably a variant of WM/Nuclear.D virus" on a scan operation. The file was not cleaned, modified or altered in any way I've been able to discover however it is now undetected by further scans.

    "CYBEC.DOC is a Microsoft Word document which will remove the
    WinWord.Concept Winword.Nuclear.A and Winword.Nuclear.B virus
    from your Word documents. The WinWord.Concept virus is also known
    as the Word Prank virus."


    Any suggestions - has the beta got some kind of AI for fine tuning its 'probable' detection?
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Can you forward that file to samples@nod32.com and see what they have to say.

    Also, would appreciate if you can keep us up-to-date with your progress, as we all learn this way...

    Cheers :D
     
  3. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    lol @ me
    In the virus log AMON had found and cleaned it automatically after the 'SCAN' operation and before I came back to look at it.
    I've got the 2.5 beta set to submit samples and statistics automatically. Would you suggest still emailng samples@ anyhow?
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    Of course, if you still have the original file (not already cleaned by AMON), send it to samples@eset.com. Other samples detected by heuristics should be submitted using the Early Warning System.
     
    Last edited: Apr 6, 2005
  5. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Do I still have the original file o_O :) (Step 1 - image HDD. Step 2 - 'Scan')
    ...
    Done

    and another happy customer upgrading to NOD32
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.