infected by TrojanDownloader.Win32.Istbar.er

Discussion in 'NOD32 version 2 Forum' started by xTiNcTion, Jun 8, 2004.

Thread Status:
Not open for further replies.
  1. xTiNcTion

    xTiNcTion Registered Member

    Joined:
    Oct 25, 2003
    Posts:
    253
    Hello,

    NOD32 didnt detect this "TrojanDownloader.Win32.Istbar.er". i ran kaspersky online virus scanner and it did.

    this was last friday. i am really dissapointed NOD32 update arent available on weekend. i licensed NOD cause was tired of NAV not detecting virus or "sorry, cannot repair..." or update was too late.

    i downloaded this file knowing it contain a virus/trojan to see what will do NOD32. til now still not detect the virus.

    i saw it can detect ".es" variant. what about AH ?

    xTiNcTion
     
  2. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    Are you sure you searched the update info list at NOD32's web site thoroughly?

    Take a look here:

    "NOD32 - v.1.777 (20040528 )
    Virus signature database updates:
    Win32/Agobot.TH, Win32/Cholera.A, Win32/Dabber.A, Win32/Delf.CD, Win32/Delf.NA, Win32/FlyVB.B, Win32/Loony.K, Win32/Opaserv.AV, Win32/Protoride.P, Win32/Rbot.11.B, Win32/Reload.A, Win32/Sensode.A, Win32/Sicirc.A, Win32/Snart.L, Win32/Snart.NAA, Win32/Snart.NAB, Win32/Snart.NAC, Win32/Snart.NAD, Win32/Snart.NAE, Win32/Snart.NAF, Win32/Snart.NAG, Win32/Snowdoor.35, Win32/Snowdoor.37, Win32/Snusdoor.A, Win32/Splintex.A, Win32/SpyBot.ADQ, Win32/Spyboter.NAA, Win32/SpySender.C, Win32/Toledorz.14, Win32/TrojanClicker.Qupdate.F, Win32/TrojanDownloader.INService.D, Win32/TrojanDownloader.IstBar.ER, Win32/TrojanDropper.MultiDropper.AD, Win32/Uboot.A, Win32/Uboot.C, Win32/Ursus.A, Win32/VB.NAC, Win32/VB.OL, Win32/VB.ON, Win32/Wisdoor.C, Win32/Wisdoor.G, Win32/Wisdoor.H1"

    Anyway, NOD32 is fairly good at catching most common trojans, although people often say it is weak. I can agree that Kaspersky, DrWeb and McAfee have a bigger detection rate when it comes to trojans. But still, there are lots of other antivirus products that NOD32 beats when it comes to trojan detection. If you should find a trojan which NOD32 fails to detect, you could always try submitting it to ESET. If it's found to be a real threat, then most likely the people at ESET will add it to NOD32's definitions base.
     
  3. xTiNcTion

    xTiNcTion Registered Member

    Joined:
    Oct 25, 2003
    Posts:
    253
    ok, you right :p

    but i dont undestand how NOD32 didnt alert about this "trojan". or maybe kaspersky online scanner result is false positive?

    few minutes ago i tried "housecall" and didnt find anything. no trojans! o_O

    i sent a copy of the file to ESET support.

    thankx anyway!
     
  4. Sandish

    Sandish Registered Member

    Joined:
    Apr 29, 2004
    Posts:
    51
    Please keep in mind that there is no central malware-naming comission. The KAV TrojanDownloader.Win32.Istbar.er doesn´t has to be the same as the NOD Istbar.er. And if housecall can´t find anything, it doesn´t mean there is nothing. Same with NOD or any other AV - none of them knows them all.
     
  5. Are you sure your trojan is functionnal?
    For example I recieved a damaged version of Netsky D
    Trend and f-secure for DOS detected it as damaged version
    Kasperski and Dr Wed as a live specimen, and detect also a virus in the message itself (the worm is only in the attachment)
    NOD and Symantec detect nothing (NOD says unpack error)
     
  6. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,360
    Location:
    The Netherlands
    Let's not get overly carried away; Istbar is NOT a remote control trojan, let alone a virus.

    It's relatively harmless adware, which IMHO would be best left to spyware removers like Ad-Aware and SpyBot S&D anyway.

    This is NOT the end of the world....
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.