New version of Byte-Verifier not caught

http://www.dslreports.com/forum/remark,9085665~mode=flat

Iwent to the site indicated ( ww w.netcult.ch/elmue/ElmueSoft-en.htm ), I have the two files in my JAR cache and neither a right-click scan by NOD32 v.2 - and one by the "Advanced Heuristic" scanner - pick anything up. Nor does a full scan.

What's up? New version? Not really a variant of BV? Do I have to click on one or both of those files to get NOD to "see" it? Pete

*Oh, yeah, the full-scan screen is telling me this in relation to the jar_cache: G:\Documents and Settings\Pete Yevchak\Local Settings\Temp\jar_cache31638.tmp - error opening (file locked) [4]

 

BUMP

 

Hi,
The worker.class file is a new trojan, I've sent it to ESET.
The others file are exploits, I've sent it to ESET.
Waiting for a Eset reply,

 

Does anyone know if today's update addressed this?

sc

 

Not yet, I've sent it today.

 

I actually sent a copy to Eset on Saturday, so I figured this would be the first major update after the weekend and that perhaps they would include it.

Thanks. sc

 

Hello,
Eset analyze more important samples like the recent Bagle and viruses that maybe can be in-the-wild.
I believe that Eset is working in this sample and will made a update to cover it ASAP. Anyway, I've sent it directly to Eset's virus analysts.

 

I recently check this, and NOD detect it as:
Java/Exploit.Bytverify Trojan.
The extrange is that it isn't appear in the NOD32 Update.

 

NOD does detect the original ByteVerifier from way back when - it's the latest version/permutation of it that's referred to in that thread that I was posting about. It may not even have the same name.

TrendMicro lists it as JAVA_FEMAD.B ( http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA_FEMAD.B )

Kaspersky detects it also, but i can't find any info on it on their site for some reason. Pete

 

NOD now detect this variant, I've downloaded all files from the web page that you indicate.

 

It would be nice if you'd clue me in on what NOD's calling the thing, s_c.

A screenie of the detection would be even better. Pete

 

Look at screenshot.

 

Thank you. Pete