New virus - VERY DANGEROUS!

Discussion in 'NOD32 version 2 Forum' started by zilla1126, Jul 14, 2005.

Thread Status:
Not open for further replies.
  1. zilla1126

    zilla1126 Registered Member

    Joined:
    Jun 26, 2005
    Posts:
    4
    Nod32 does not know what it is, but sees it as a "Unknown win32 virus" and it still stops it. This virus replaces nearly ALL of the exe files on a machine with virus inefected files. Most AV products do not detect it; McAfee discovered it yesterday.


    This ended up on three machines yesterday at a client of mine; I had not
    been out in quite a while (he is incredibly cheap) so all his stuff was
    out of date or broken. His Norton AV would not have caught it anyway.



    FYI:

    AntiVir 6.31.0.9 07.14.2005 W32/Stanit
    AVG 718 07.14.2005 Win32/Gaelicum.A
    Avira 6.31.0.9 07.14.2005 W32/Stanit
    BitDefender 7.0 07.14.2005 no virus found
    CAT-QuickHeal 7.03 07.14.2005 no virus found
    ClamAV devel-20050501 07.14.2005 no virus found
    DrWeb 4.32b 07.14.2005 Win32.Gael.3666
    eTrust-Iris 7.1.194.0 07.13.2005 no virus found
    eTrust-Vet 11.9.1.0 07.14.2005 no virus found
    Fortinet 2.36.0.0 07.14.2005 suspicious
    F-Prot 3.16c 07.14.2005 could be infected with an unknown virus
    Ikarus 2.32 07.14.2005 no virus found
    Kaspersky 4.0.2.24 07.14.2005 Virus.Win32.Tenga.a
    McAfee 4535 07.14.2005 W32/Gael
    NOD32v2 1.1168 07.14.2005 probably unknown WIN32 virus
    Norman 5.70.10 07.14.2005 no virus found
    Panda 8.02.00 07.14.2005 no virus found
    Sybari 7.5.1314 07.14.2005 W32/Gael
    Symantec 8.0 07.13.2005 no virus found
    TheHacker 5.8.2.070 07.13.2005 no virus found
    VBA32 3.10.4 07.14.2005 no virus found
     
  2. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Well atleast NOD's heuristics stops it untill they add it to the signature db :)
    If you can, send it to Eset for analysis.
     
  3. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    Good to have that zero-hour protection.:)
     
  4. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    I believe SARC is on this and have ID'd it as win32.licum.

    At any rate, it appears they have a def:

    Here
     
  5. JoCool

    JoCool Registered Member

    Joined:
    Jun 6, 2005
    Posts:
    46
    Does NOD detect Kirvo.B ?

    Cannot nowhere find anything about that. Was this Version knwon by ESET ?
     
  6. Happy Bytes

    Happy Bytes Guest

    Here... Read this :D
     

    Attached Files:

  7. JoCool

    JoCool Registered Member

    Joined:
    Jun 6, 2005
    Posts:
    46
  8. Happy Bytes

    Happy Bytes Guest

    Ich verstehe kein Wort was Du mir versuchst in Englisch zu erzaehlen :D
    Also nochmal - was ist los? :D
     
  9. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Very detailed description indeed :cool:
     
  10. Happy Bytes

    Happy Bytes Guest

    Says who? :D
     
  11. Happy Bytes

    Happy Bytes Guest

    There's always some background information and "educational" stuff in my virus descriptions. So basicly you can read them even if you are not infected :rolleyes: :D

    Example here - a trojan downloader description spammed 2 days ago:
    http://www.eset.com/msgs/vidloq.htm
     
  12. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Says me. I didn't understand a word of it, so it must be detailed :) j/k
     
  13. hin123

    hin123 Registered Member

    Joined:
    Mar 24, 2005
    Posts:
    12
    The title of that page is "Win32/Mytob.DQ" :D
    It is the same for Win32.Mydoom.BI, Win95/Tenrobot.B and Win32/Tenga.A :D
     
Thread Status:
Not open for further replies.