Disappearing probable WM/Nuclear.D variant

Discussion in 'NOD32 version 2 Forum' started by NOD32 user, Apr 5, 2005.

Thread Status:
Not open for further replies.
  1. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Scanning a customers HDD NOD32 2.5 beta detected "E:\CDROM\CYBEC.DOC - probably a variant of WM/Nuclear.D virus" on a scan operation. The file was not cleaned, modified or altered in any way I've been able to discover however it is now undetected by further scans.

    "CYBEC.DOC is a Microsoft Word document which will remove the
    WinWord.Concept Winword.Nuclear.A and Winword.Nuclear.B virus
    from your Word documents. The WinWord.Concept virus is also known
    as the Word Prank virus."


    Any suggestions - has the beta got some kind of AI for fine tuning its 'probable' detection?
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Can you forward that file to samples@nod32.com and see what they have to say.

    Also, would appreciate if you can keep us up-to-date with your progress, as we all learn this way...

    Cheers :D
     
  3. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    lol @ me
    In the virus log AMON had found and cleaned it automatically after the 'SCAN' operation and before I came back to look at it.
    I've got the 2.5 beta set to submit samples and statistics automatically. Would you suggest still emailng samples@ anyhow?
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Of course, if you still have the original file (not already cleaned by AMON), send it to samples@eset.com. Other samples detected by heuristics should be submitted using the Early Warning System.
     
    Last edited: Apr 6, 2005
  5. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Do I still have the original file o_O :) (Step 1 - image HDD. Step 2 - 'Scan')
    ...
    Done

    and another happy customer upgrading to NOD32
     
Thread Status:
Not open for further replies.