Mydoom.B and AV's responses:

Discussion in 'NOD32 version 2 Forum' started by sir_carew, Jan 30, 2004.

Thread Status:
Not open for further replies.
  1. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Here are the different responses of some antivirus in order to detect Mydoom variant B:
    [TrendMicro] 28/01/2004 18:09:56 :: WORM_MYDOOM.B
    [Kaspersky] 28/01/2004 19:13:33 :: I-Worm.Mydoom.b
    [Panda] 28/01/2004 19:47:46 :: W32/Mydoom.B.worm
    [NOD32] 28/01/2004 20:38:44 :: Win32/Mydoom.B
    [McAfee] 28/01/2004 20:57:17 :: W32/Mydoom.b@MM
    [Sophos] 28/01/2004 20:57:40 :: W32/MyDoom-B [InoculateIT] 28/01/2004 23:05:09 :: Win32/Mydoom.B.
    [Norton] 29/01/2004 00:45:41 :: W32.Mydoom.B@mm

    Source: www.hispasec.com
     
  2. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    And for variant A:
    TrendMicro, el 26/01/2004 at 23:52:29 as WORM_MIMAIL.R
    NOD32, 27/01/2004 at 00:55:43 as Win32/Mydoom.A
    Antigen, 27/01/2004 at 01:39:51 as MyDoom.A@mm
    Norton, 27/01/2004 at 01:50:13 as W32.Novarg.A@mm
    Kaspersky, 27/01/2004 at 02:08:53 as I-Worm.Novarg
    Sophos, el 27/01/2004 at 02:09:19 as Win32/MyDoom-A
    InoculateIT, el 27/01/2004 at 02:28:42 as Win32.Shimg.Worm
    Panda, 27/01/2004 a las 05:39:04 as W32/Mydoom.A.worm
    McAfee, 27/01/2004 a las 05:57:49 como W32/Mydoom@MM

    NOD in this case was first than other that release updates every 3 hours like Kaspersky. Congratulations to ESET ;)
     
  3. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
  4. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    I had my first copy at 22.50 GMT on 26/1/2004

    at that time none of the online scanners found mydoom.A

    I sent copies to Pieter & Tony at 23.05 gmt on 26th Jan because I was so worried about it

    None of these detected it online until well after midnight on that day

    http://security.symantec.com/default.asp?
    http://housecall.trendmicro.com/
    http://www.pandasoftware.com/activescan/
    http://www.ravantivirus.com/scan/
    http://www.anti-trojan.net/en/onlinecheck.aspx

    http://www.kaspersky.com/remoteviruschk.html
    http://www.dials.ru/english/www_av/
     
  5. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    These are spain time.
     
  6. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    CET=Spain time
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    Here is an evidence that NOD32 updated the database much earlier (the time was in Slovakia which is GMT+1). It updates once an hour so the real update might have been released a bit sooner.

    Time   Module   Event   User
    28. 1. 2004 19:51:19   Kernel   The virus signature database has been updated successfully to version 1.613 (2004012:cool:.   
     
  8. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Thanks for the corrections, so hispasec isn't a good source of information :eek:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.