new virus detected, i cannot upload to the eset support link, please read now.

Discussion in 'ESET Smart Security' started by bonafide, Jan 6, 2010.

Thread Status:
Not open for further replies.
  1. bonafide

    bonafide Registered Member

    Joined:
    Jan 6, 2010
    Posts:
    2
    suspected infection | verified infiltration | urgent

    this file appears to have some sort of stealth trojan attached to it. the file included was obtained from torrent, however the file from the developer's site should be here:

    lavalys.com/products.php?ps=&page=11&dlid=35&lang=en

    it is supposed to be the installer for Lavalys Everest Ultimate 5.30.
    After installing it, it really is, but it is bundled with something that slipped right through nod32's defenses which really amazes me and
    I am quite shocked by that.
    I launched the included .exe file and noticed that a baloon popup by windows security center (on windows 7 64-bit) notifying me that
    eset firewall 4.2 has been disabled, after which it was immediately re-enabled transparently and the icon turned green once again. then
    I noticed a new strange task in my task manager called 'explorers.exe' which appears tobe the focus of this infiltration.
    after activating the interactive mode of the firewall, it notified me that a connection is being made to the following socket:
    port 60123 at 80-254-74-149.dynamic.swissvpn.net (80.254.74.149) from explorers.exe
    I rebooted, and the same program was launched again, by itself, as a setup screen. it may have apparently opened up a hole in my
    system. and written to the registry.
    I am using the latest nod32 smart security across 3 machines, some beta and some current version. I scanned with both versions and nothing
    came up. I uploaded this file to virustotal.com and only kapersky flagged it as a virus.
    Nod32 update: 4749 (20100106).

    this appears to be a new virus, and I must say again, I know its impossible to catch everything but I am quite amazed that it slipped the eset labs which
    has so far protected me since 2003.

    I would like to know more about this when you follow up if possible.

    :ninja:


    I have tried to send the file in email and through the interface but it always fails. please - someone from ESET provide me with a link to send or upload the necessary attachment of 10mb to you immediately.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    PM sent. By the way, any smaller samples should be sent to ESET per the instructions here.
     
  3. bonafide

    bonafide Registered Member

    Joined:
    Jan 6, 2010
    Posts:
    2
    Ok, we have this one under the wraps. Expect an update and don't click on anything phishy! Thanks.:cool:
     
Thread Status:
Not open for further replies.