Mydoom.B and AV's responses:

Discussion in 'NOD32 version 2 Forum' started by sir_carew, Jan 30, 2004.

Thread Status:
Not open for further replies.
  1. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Here are the different responses of some antivirus in order to detect Mydoom variant B:
    [TrendMicro] 28/01/2004 18:09:56 :: WORM_MYDOOM.B
    [Kaspersky] 28/01/2004 19:13:33 :: I-Worm.Mydoom.b
    [Panda] 28/01/2004 19:47:46 :: W32/Mydoom.B.worm
    [NOD32] 28/01/2004 20:38:44 :: Win32/Mydoom.B
    [McAfee] 28/01/2004 20:57:17 :: W32/Mydoom.b@MM
    [Sophos] 28/01/2004 20:57:40 :: W32/MyDoom-B [InoculateIT] 28/01/2004 23:05:09 :: Win32/Mydoom.B.
    [Norton] 29/01/2004 00:45:41 :: W32.Mydoom.B@mm

    Source: www.hispasec.com
     
  2. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    And for variant A:
    TrendMicro, el 26/01/2004 at 23:52:29 as WORM_MIMAIL.R
    NOD32, 27/01/2004 at 00:55:43 as Win32/Mydoom.A
    Antigen, 27/01/2004 at 01:39:51 as MyDoom.A@mm
    Norton, 27/01/2004 at 01:50:13 as W32.Novarg.A@mm
    Kaspersky, 27/01/2004 at 02:08:53 as I-Worm.Novarg
    Sophos, el 27/01/2004 at 02:09:19 as Win32/MyDoom-A
    InoculateIT, el 27/01/2004 at 02:28:42 as Win32.Shimg.Worm
    Panda, 27/01/2004 a las 05:39:04 as W32/Mydoom.A.worm
    McAfee, 27/01/2004 a las 05:57:49 como W32/Mydoom@MM

    NOD in this case was first than other that release updates every 3 hours like Kaspersky. Congratulations to ESET ;)
     
  3. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
  4. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    I had my first copy at 22.50 GMT on 26/1/2004

    at that time none of the online scanners found mydoom.A

    I sent copies to Pieter & Tony at 23.05 gmt on 26th Jan because I was so worried about it

    None of these detected it online until well after midnight on that day

    http://security.symantec.com/default.asp?
    http://housecall.trendmicro.com/
    http://www.pandasoftware.com/activescan/
    http://www.ravantivirus.com/scan/
    http://www.anti-trojan.net/en/onlinecheck.aspx

    http://www.kaspersky.com/remoteviruschk.html
    http://www.dials.ru/english/www_av/
     
  5. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    These are spain time.
     
  6. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    CET=Spain time
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Here is an evidence that NOD32 updated the database much earlier (the time was in Slovakia which is GMT+1). It updates once an hour so the real update might have been released a bit sooner.

    Time   Module   Event   User
    28. 1. 2004 19:51:19   Kernel   The virus signature database has been updated successfully to version 1.613 (2004012:cool:.   
     
  8. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Thanks for the corrections, so hispasec isn't a good source of information :eek:
     
Thread Status:
Not open for further replies.