Nod is not detecting W32/YahLover.worm.gen

Discussion in 'ESET NOD32 Antivirus' started by tahaa, Dec 24, 2009.

Thread Status:
Not open for further replies.
  1. tahaa

    tahaa Registered Member

    Joined:
    Dec 24, 2009
    Posts:
    4
    Dear Sir,

    Nod is not detecting W32/YahLover.worm.gen

    i.e a virus creates a same folder exe and hides the original one.

    e.g original file data and it hides and make a exe name data.exe on main usb root.

    Nod32 v 4 is not detecting it while Mcafee antivirus is detecting it as W32/YahLover.worm.gen

    Nod32 v 4 is running with the latest definition update ie 4715

    Thanks
     
  2. dorgane

    dorgane Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    362
  3. Rmuffler

    Rmuffler Former Eset Moderator

    Joined:
    Jun 26, 2008
    Posts:
    995
    Location:
    San Diego, CA USA
  4. tahaa

    tahaa Registered Member

    Joined:
    Dec 24, 2009
    Posts:
    4
    Dear Sir,


    The exe file size shows 1.34MB and it creates a hidden file in system32 folder with random names like 80DCAF or 880E34.EXE , etc and contains 1.34 MB file . As soon as i get the usb infected with this virus will be emailed.

    File information
    File name: 880E34.EXE
    File size: 1.34 MB (1403535 bytes)
    Md5: a87c43e580e21b542912e55b9b203230

    Loading point information
    Execution type: REGISTRY
    Registry section: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
    Entry: 880E34

    Entry time: 2009-11-18

    after searching on google finally i found that it is
    Trojan.FlyStudio.I or Troj/Dropr-K Virus which is not detected by NOD32 v 4


    ===================



    other user views



    Code:
    http://forums.techguy.org/malware-removal-hijackthis-logs/853454-virus-makes-my-folders-hidden.html
    

    Code:
    http://www.pc1news.com/virus/file-880e34-exe-361403.html

    Code:
    http://sgforums.com/forums/2250/topics/375248
    please visit this for more details .

    Code:
    http://www.spywareremove.com/removeTrojanFlyStudioI.html

    It is requested from you to update definitions so that it can be detected and removed by nod32 because ESET IS best and i dont wanna use any other antivirus.

    Thanks
     
    Last edited: Dec 24, 2009
  5. tahaa

    tahaa Registered Member

    Joined:
    Dec 24, 2009
    Posts:
    4
    Virus file has been emailed to samples@eset.com for analyzing
    and can be downloaded via


    ~Link to possible malware removed.~
    password: infected

    Thanks
     
    Last edited by a moderator: Dec 25, 2009
  6. tahaa

    tahaa Registered Member

    Joined:
    Dec 24, 2009
    Posts:
    4
    Thanks Eset to remove the said virus (Win32/FlyStudio_OCJ) in 4717 Update definition.

    Regards
    Muhammad Tahaa
     
Thread Status:
Not open for further replies.