New virus not detected by NOD at this time

Discussion in 'NOD32 version 2 Forum' started by Mack Jones, Mar 29, 2004.

Thread Status:
Not open for further replies.
  1. Mack Jones

    Mack Jones Registered Member

    Joined:
    Jul 9, 2003
    Posts:
    174
    Location:
    France
    I've just received a file from

    http://nick.vallet.free.fr/samples/Image2.png

    detected as

    http://nick.vallet.free.fr/samples/Image1.png

    by KAV Online
    McAfee and NOD32 aren't able to detect it for the moment...
    It adds two dll in Winnt/system32 (kloginfo.dll if I remember).
    Take care !
    ;)
    Regards,
    Nick


    Edit: it uses w32_ss.exe and koginfo and connect itself to the net :doubt:
    but I'm unable to stop this process at startup, there is no "w32_ss.exe" key in the registry... o_O

    may be a backdoor:
    http://www.megasecurity.org/trojans/a/a-311death/A-311death1.20.html

    I will format my HD, I'm unable to stop the process at startup and delete it :'(
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Nick,

    Do us a favor and send a copy to samples@eset.com as well as one to my email addres please (see my profile) ;)

    Thanks in advance,

    paul
     
  3. Mack Jones

    Mack Jones Registered Member

    Joined:
    Jul 9, 2003
    Posts:
    174
    Location:
    France
    Dear Paul,
    WYWIWYG, done !
    ;)
     
  4. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Interesting... could you send a copy by my email address ( see profile )
     
  5. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Thanks Nick - I'll check my inbox in a minute or so :cool:

    Flux,

    No doubt you are entitled to ask for malware this way.

    Overall, we do not encourage sending malware if requested. Call us old fashioned - but the essence from this recommendation is preventing people to put there system at risk. I do hope you see my point of view ;)

    regards.

    paul
     
  6. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    In regard to your statement Paul,

    I completely understand.
    It out of curiosity has this ain't going to affect much but I'm running on a secured Linux enviroment :)

    But if asked to, I will not asked further on for samples.
     
  7. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Flux,

    As stated: anyone is free over here to ask - and for sure you are no expection to the rule ;)

    Glad to hear you've got your defenses covered! The statement made has been a general one - as said, we would hate to see people having their system wrecked as a result from asking and receiving malware, and I'm pretty sure this could/would happen (too) often.

    regards.

    paul
     
  8. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Very True.

    But something to remember ( nothing is impossible and Linux is no exeption it does and can get infected pretty badly ) ;)
     
Thread Status:
Not open for further replies.