NOD32, (and not only-almost ALL AV products),are not able to detect it: it's an AV killer specifically targeting NOD32,it circulates on the Net for at least 6 (!) months... and even more,it has it's source code publicly available! I really don't want to make guesses about "private" versions... Personally,it took me LESS than half an hour to find it:just followed some links found in the Chasenet forum, probably the most widely-known trojaner's forum,since they are the developers of Bifrost... I wonder,not just for Eset...(their product is WAY better compared to others), but for all major AV companies...do they ever EVEN use Google? Because my experience has shown me that most of them,don't keep an eye on what's going on, not even in the major VX/trojan/exploit boards and sites... I've even seen sample trojans posted over at PacketStorm,to go undetected for years... VirusTotal Results - 03.17.2007: Ikarus T220.127.116.11 - Trojan-PWS.Win32.Delf.JS All others,NADA... (And no,I'm not advertising "Ikarus":there's been a lot of other samples that went undetected under it...) Check here - Use Google Translate or whatever,it's in French: hxxp://fahde.free.fr/bug/IPB/index.php?categoryid=8&p13_sectionid=3&p13_fileid=27 Also,this paper might be of interest... hxxp://fahde.free.fr/bug/IPB/index.php?categoryid=11&p2000_articleid=8 P.S:Eset has been notified for this issue,by it's "Technical Support Request" web page. I made the info..."public" here,because I believe that customers also have a RIGHT, of knowing what's going for...over 6 months, not only malware writers...(wouldn't call them "hackers" not even in their wildest dreams).