I found a virus that doesn't exist with anyone else?

Discussion in 'NOD32 version 2 Forum' started by windstrings, Oct 22, 2004.

Thread Status:
Not open for further replies.
  1. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    Ok.... I found this virus called "win32/ddos.boxed.n".... it has actually been out a few weeks according to nod32 page http://www.nod32.com/support/info.htm you will find it at position
    NOD32 - v.1.869 (20040913)
    Virus signature database updates:

    However, if you go to nod32's virus page..http://www.nod32.com/pedia/w.htm, it can't be found?

    Now if you go to google and type it in http://www.google.com/search?hl=en&lr=&q=win32/ddos.boxed.n&btnG=Search
    All you get is nod32 again?

    So is nod32 renaming this to make it appear to be a new virus?.. or is it really new?

    I found this virus on my dad's machine of which has been plagued with the protoride virus as of late and it wouldn't go away with mcaffee's "even though it kept cleaning it!".... a sidenote... I found 9 viruses total all kissin cousins to the same name..... and mcafees found none? Bye Bye Mcafee!

    I was also very pleasantly surprised to find that Nod32 scans in "system restore" where 4 of them were! under some funky A000349uo.exe type name.
    I only thought mks_vir could do that!.... Although I think they really have promise.. MkS_Vir if far too incompatible and slow on app startups to compete! oh and by the way... of the nine that nod32 found... mks_vir only found the 4 in system restore.. the other 5 on the hardrive it didn't find!

    i tried to send the file to samples@nod32.com and instantly before I could blink, it arrested it and wouldn't let me send it... I finally had to disable AMON to send it!...

    So far I'm impressed with the horsepower and speed of NOD32 around the curves!.... Now if we can just get the control panel a little less confusing, we will be in good shape!
    Keep up the good work!
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    That’s ok, believe the database over the website, website is slow to be updated ;)


    It’s a recent one and in comes in a few flavors, just like Baskin and Robins ;)


    May I suggest that being you have placed Nod32 onto a compromised system that you follow the steps found in post number 2 here, just to be sure that system is clean. ;) :D


    Always good to zip the file before sending it :D

    Hope this helps.

    Let us know how you go…

    Cheers :D
     
    Last edited: Oct 22, 2004
  3. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Almopst all antiviruses DO scan inside system restore but NONE can clean inside the restore folder. The restore folder is designed that way by M$ so if a virus was found in that folder then to cure it follow this advice

    Turn off system restore by following instructions here
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039 for Xp
    or here
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239 for ME

    That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point.
     
  4. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    Good advice.. I do most of that.. about refreshing the system restore and all.

    I run spybot, registry mechanic, and pestpatrol....

    and by the way... nod32 finds viruses in zips just fine.. so emailing the virus zipped would have still given the same results.. but its prob safer than sending to someone unprotected... but I wouldn't do that at least on purpose.
     
  5. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    You could upload it here to see if the other AVs detect it under different names.

    http://virusscan.jotti.dhs.org/

    Also:

    http://www.virustotal.com/flash/index_en.html
     
    Last edited: Oct 22, 2004
  6. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    thanks for the info...I didn't know that existed...
    cool site!
     
Thread Status:
Not open for further replies.