Email Archive Scanning

Discussion in 'ESET NOD32 Antivirus' started by Mwh65, Sep 8, 2008.

Thread Status:
Not open for further replies.
  1. Mwh65

    Mwh65 Registered Member

    Joined:
    May 8, 2008
    Posts:
    17
    I have been having problems with certain emails that have a Zip file attached with a filename of Fees_2008-2009.exe.doc.

    If I extract the file from the Zip EAV does nothing and happily extracts it.

    If I execute the file EAV does nothing until the worms get downloaded and then they are removed.

    When this happens though due to the nature of one of the worms, Win32/AutoRun.YK, a registry entry is added which prevents the display of the desktop icons upon reboot.

    The following are detected ...

    Win32/AutoRun.YK worm
    Win32/TrojanDownloader.FakeAlert.IQ trojan
    Win32/Adware.UltimateDefender application
    Win32/TrojanDownloader.Wigon.AI trojan
    Win32/RootKit.Agent.NGN trojan

    I have set EAV to scan for everything so I now wonder why this file does not get scanned and quarantined when the email arrives !!!

    Your help is much appreciated.
     
  2. PaulB2005

    PaulB2005 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    525
    Probably because the initial file (Fees_2008-2009.exe.doc) isn't detected yet. Have you submitted it to ESET yet? These downloader viruses change all the time so it's difficult to keep on top of them.
     
Thread Status:
Not open for further replies.