infected by TrojanDownloader.Win32.Istbar.er

Discussion in 'NOD32 version 2 Forum' started by xTiNcTion, Jun 8, 2004.

Thread Status:
Not open for further replies.
  1. xTiNcTion

    xTiNcTion Registered Member

    Joined:
    Oct 25, 2003
    Posts:
    253
    Hello,

    NOD32 didnt detect this "TrojanDownloader.Win32.Istbar.er". i ran kaspersky online virus scanner and it did.

    this was last friday. i am really dissapointed NOD32 update arent available on weekend. i licensed NOD cause was tired of NAV not detecting virus or "sorry, cannot repair..." or update was too late.

    i downloaded this file knowing it contain a virus/trojan to see what will do NOD32. til now still not detect the virus.

    i saw it can detect ".es" variant. what about AH ?

    xTiNcTion
     
  2. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    Are you sure you searched the update info list at NOD32's web site thoroughly?

    Take a look here:

    "NOD32 - v.1.777 (20040528 )
    Virus signature database updates:
    Win32/Agobot.TH, Win32/Cholera.A, Win32/Dabber.A, Win32/Delf.CD, Win32/Delf.NA, Win32/FlyVB.B, Win32/Loony.K, Win32/Opaserv.AV, Win32/Protoride.P, Win32/Rbot.11.B, Win32/Reload.A, Win32/Sensode.A, Win32/Sicirc.A, Win32/Snart.L, Win32/Snart.NAA, Win32/Snart.NAB, Win32/Snart.NAC, Win32/Snart.NAD, Win32/Snart.NAE, Win32/Snart.NAF, Win32/Snart.NAG, Win32/Snowdoor.35, Win32/Snowdoor.37, Win32/Snusdoor.A, Win32/Splintex.A, Win32/SpyBot.ADQ, Win32/Spyboter.NAA, Win32/SpySender.C, Win32/Toledorz.14, Win32/TrojanClicker.Qupdate.F, Win32/TrojanDownloader.INService.D, Win32/TrojanDownloader.IstBar.ER, Win32/TrojanDropper.MultiDropper.AD, Win32/Uboot.A, Win32/Uboot.C, Win32/Ursus.A, Win32/VB.NAC, Win32/VB.OL, Win32/VB.ON, Win32/Wisdoor.C, Win32/Wisdoor.G, Win32/Wisdoor.H1"

    Anyway, NOD32 is fairly good at catching most common trojans, although people often say it is weak. I can agree that Kaspersky, DrWeb and McAfee have a bigger detection rate when it comes to trojans. But still, there are lots of other antivirus products that NOD32 beats when it comes to trojan detection. If you should find a trojan which NOD32 fails to detect, you could always try submitting it to ESET. If it's found to be a real threat, then most likely the people at ESET will add it to NOD32's definitions base.
     
  3. xTiNcTion

    xTiNcTion Registered Member

    Joined:
    Oct 25, 2003
    Posts:
    253
    ok, you right :p

    but i dont undestand how NOD32 didnt alert about this "trojan". or maybe kaspersky online scanner result is false positive?

    few minutes ago i tried "housecall" and didnt find anything. no trojans! o_O

    i sent a copy of the file to ESET support.

    thankx anyway!
     
  4. Sandish

    Sandish Registered Member

    Joined:
    Apr 29, 2004
    Posts:
    51
    Please keep in mind that there is no central malware-naming comission. The KAV TrojanDownloader.Win32.Istbar.er doesn´t has to be the same as the NOD Istbar.er. And if housecall can´t find anything, it doesn´t mean there is nothing. Same with NOD or any other AV - none of them knows them all.
     
  5. Are you sure your trojan is functionnal?
    For example I recieved a damaged version of Netsky D
    Trend and f-secure for DOS detected it as damaged version
    Kasperski and Dr Wed as a live specimen, and detect also a virus in the message itself (the worm is only in the attachment)
    NOD and Symantec detect nothing (NOD says unpack error)
     
  6. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Let's not get overly carried away; Istbar is NOT a remote control trojan, let alone a virus.

    It's relatively harmless adware, which IMHO would be best left to spyware removers like Ad-Aware and SpyBot S&D anyway.

    This is NOT the end of the world....
     
Thread Status:
Not open for further replies.