infected by TrojanDownloader.Win32.Istbar.er

Hello,

NOD32 didnt detect this "TrojanDownloader.Win32.Istbar.er". i ran kaspersky online virus scanner and it did.

this was last friday. i am really dissapointed NOD32 update arent available on weekend. i licensed NOD cause was tired of NAV not detecting virus or "sorry, cannot repair..." or update was too late.

i downloaded this file knowing it contain a virus/trojan to see what will do NOD32. til now still not detect the virus.

i saw it can detect ".es" variant. what about AH ?

xTiNcTion

 

Are you sure you searched the update info list at NOD32's web site thoroughly?

Take a look here:

"NOD32 - v.1.777 (20040528 )
Virus signature database updates:
Win32/Agobot.TH, Win32/Cholera.A, Win32/Dabber.A, Win32/Delf.CD, Win32/Delf.NA, Win32/FlyVB.B, Win32/Loony.K, Win32/Opaserv.AV, Win32/Protoride.P, Win32/Rbot.11.B, Win32/Reload.A, Win32/Sensode.A, Win32/Sicirc.A, Win32/Snart.L, Win32/Snart.NAA, Win32/Snart.NAB, Win32/Snart.NAC, Win32/Snart.NAD, Win32/Snart.NAE, Win32/Snart.NAF, Win32/Snart.NAG, Win32/Snowdoor.35, Win32/Snowdoor.37, Win32/Snusdoor.A, Win32/Splintex.A, Win32/SpyBot.ADQ, Win32/Spyboter.NAA, Win32/SpySender.C, Win32/Toledorz.14, Win32/TrojanClicker.Qupdate.F, Win32/TrojanDownloader.INService.D, Win32/TrojanDownloader.IstBar.ER, Win32/TrojanDropper.MultiDropper.AD, Win32/Uboot.A, Win32/Uboot.C, Win32/Ursus.A, Win32/VB.NAC, Win32/VB.OL, Win32/VB.ON, Win32/Wisdoor.C, Win32/Wisdoor.G, Win32/Wisdoor.H1"

Anyway, NOD32 is fairly good at catching most common trojans, although people often say it is weak. I can agree that Kaspersky, DrWeb and McAfee have a bigger detection rate when it comes to trojans. But still, there are lots of other antivirus products that NOD32 beats when it comes to trojan detection. If you should find a trojan which NOD32 fails to detect, you could always try submitting it to ESET. If it's found to be a real threat, then most likely the people at ESET will add it to NOD32's definitions base.

 

ok, you right

but i dont undestand how NOD32 didnt alert about this "trojan". or maybe kaspersky online scanner result is false positive?

few minutes ago i tried "housecall" and didnt find anything. no trojans!

i sent a copy of the file to ESET support.

thankx anyway!

 

Please keep in mind that there is no central malware-naming comission. The KAV TrojanDownloader.Win32.Istbar.er doesn´t has to be the same as the NOD Istbar.er. And if housecall can´t find anything, it doesn´t mean there is nothing. Same with NOD or any other AV - none of them knows them all.

 

Are you sure your trojan is functionnal?
For example I recieved a damaged version of Netsky D
Trend and f-secure for DOS detected it as damaged version
Kasperski and Dr Wed as a live specimen, and detect also a virus in the message itself (the worm is only in the attachment)
NOD and Symantec detect nothing (NOD says unpack error)

 

Let's not get overly carried away; Istbar is NOT a remote control trojan, let alone a virus.

It's relatively harmless adware, which IMHO would be best left to spyware removers like Ad-Aware and SpyBot S&D anyway.

This is NOT the end of the world....