Hi Guys, i was just testing out arcavir so i performed an online scan. It turned out that my c was clean. Then, I downloaded KAV personal 2006 and without tweaking any settings i started scanning... It detected the Istbar downloader ( trojan ) and also indicated the location. I traced the file and right-clicked scan with NOD. Nothing found... Scanned again with KAV and there it was...Strange....
Do you have NOD32 set to detect Adware/Spyware/Riskware? If you do, and it is still slipping through, try submitting the file to Eset.
NOD is full blown. Using NOD for a year now. Still keeping the faith but i remember seein the file before. Performed several scans since then. Data was called if it helps.
From the title of your thread and the link you provided @ virus list causes me to ask and not assume wrongly....do have yesterdays update ?
In Nod32 Open the Control Center-> nod32 system tools -> quarantine, click on the button Add. You will add a copy in quarantine. then select the file, and click on the button 'Submit for analysis' OR create a zip file with it inside, a password protected zip, password= 'infected', and send it to sample@nod32
To submit to Eset, hit quarantine in the tray icon, and then, submit. KAV: zip it up and put it in a password protected zip file. Password being "infected". newvirus @ kaspersky.com
I had this same problem a few weeks back. I did a scan with NOD and it found nothing, but I also did one with Panda online scanner and it found this Trojan in my Opera temp internet files folder. So I simply deleted the entire contents of the folder and rescanned. The scan with NOD was setup to detect everything with all options full on.
You wouldn't happen to have the full name of the trojan that was detected would you? If so, would you mind posting it here?
I have many samples that other AV detect as a threat, but when run come back as an "Invalid Win32 application" (i.e. non-functional sample). One may think that it is a file that should not be there. On the other hand, adding broken (non-functional) signatures also creates more false positives. I would rather have less false positives than less non-functional files.
During weekends, you should'nt expect any reply from Eset. They did however add it to the signature db today. http://www.eset.sk/support/info.htm#CurVersion
Also, let's not forget that this dangerous 'trojan' is actually *just* an adware downloader, not a real Remote Administration Tool.... ESET are doing great! Also, a few days ago I submitted a new threat submitted by a poster at this board, a file called svchelper.exe. VirusTotal Results: AntiVir 6.31.0.9 07.09.2005 no virus found AVG 718 07.08.2005 no virus found Avira 6.31.0.9 07.09.2005 no virus found BitDefender 7.0 07.10.2005 no virus found ClamAV devel-20050501 07.08.2005 no virus found DrWeb 4.32b 07.10.2005 no virus found eTrust-Iris 7.1.194.0 07.10.2005 no virus found eTrust-Vet 11.9.1.0 07.08.2005 no virus found Fortinet 2.36.0.0 07.09.2005 no virus found Ikarus 2.32 07.08.2005 no virus found Kaspersky 4.0.2.24 07.10.2005 no virus found McAfee 4531 07.08.2005 no virus found NOD32v2 1.1164 07.08.2005 probably unknown NewHeur_PE virus Norman 5.70.10 07.07.2005 no virus found Panda 8.02.00 07.10.2005 no virus found Sybari 7.5.1314 07.10.2005 no virus found Symantec 8.0 07.09.2005 no virus found TheHacker 5.8.2.069 07.10.2005 no virus found VBA32 3.10.4 07.10.2005 no virus found I subsequently submitted it to a number of developers, and Sophos are now adding it as W32/Monkbd-A, Kaspersky as Backdoor.Win32.RBot.uj ESET are now calling it Win32/VB.NAN But remember they were the ONLY one to actually recognize it as malware before anyone had seen it ! http://malware-research.co.uk/Smileys/default/yeah.gif