New virus not detected by NOD at this time

Discussion in 'NOD32 version 2 Forum' started by Mack Jones, Mar 29, 2004.

Thread Status:
Not open for further replies.
  1. Mack Jones

    Mack Jones Registered Member

    Joined:
    Jul 9, 2003
    Posts:
    174
    Location:
    France
    I've just received a file from

    http://nick.vallet.free.fr/samples/Image2.png

    detected as

    http://nick.vallet.free.fr/samples/Image1.png

    by KAV Online
    McAfee and NOD32 aren't able to detect it for the moment...
    It adds two dll in Winnt/system32 (kloginfo.dll if I remember).
    Take care !
    ;)
    Regards,
    Nick


    Edit: it uses w32_ss.exe and koginfo and connect itself to the net :doubt:
    but I'm unable to stop this process at startup, there is no "w32_ss.exe" key in the registry... o_O

    may be a backdoor:
    http://www.megasecurity.org/trojans/a/a-311death/A-311death1.20.html

    I will format my HD, I'm unable to stop the process at startup and delete it :'(
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Nick,

    Do us a favor and send a copy to samples@eset.com as well as one to my email addres please (see my profile) ;)

    Thanks in advance,

    paul
     
  3. Mack Jones

    Mack Jones Registered Member

    Joined:
    Jul 9, 2003
    Posts:
    174
    Location:
    France
    Dear Paul,
    WYWIWYG, done !
    ;)
     
  4. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Interesting... could you send a copy by my email address ( see profile )
     
  5. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Thanks Nick - I'll check my inbox in a minute or so :cool:

    Flux,

    No doubt you are entitled to ask for malware this way.

    Overall, we do not encourage sending malware if requested. Call us old fashioned - but the essence from this recommendation is preventing people to put there system at risk. I do hope you see my point of view ;)

    regards.

    paul
     
  6. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    In regard to your statement Paul,

    I completely understand.
    It out of curiosity has this ain't going to affect much but I'm running on a secured Linux enviroment :)

    But if asked to, I will not asked further on for samples.
     
  7. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Flux,

    As stated: anyone is free over here to ask - and for sure you are no expection to the rule ;)

    Glad to hear you've got your defenses covered! The statement made has been a general one - as said, we would hate to see people having their system wrecked as a result from asking and receiving malware, and I'm pretty sure this could/would happen (too) often.

    regards.

    paul
     
  8. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Very True.

    But something to remember ( nothing is impossible and Linux is no exeption it does and can get infected pretty badly ) ;)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.