nvsvc32.exe

Discussion in 'ESET NOD32 Antivirus' started by m00t, Aug 19, 2008.

Thread Status:
Not open for further replies.
  1. m00t

    m00t Registered Member

    Joined:
    May 12, 2008
    Posts:
    3
    Hi There,

    A pc on my network has been sending traffic to an ip 89.39.110.250 from incrementing soure ports starting around 1212 and trying 3 times on each port to send to dest port 443. I ran an eset sysinspector log and it suggests that the file nvsvc32.exe is dangerous because it has no versioning information.

    To add to this the computer it was on did not have a nvidia video card in it, it was a intel based notebook.

    So i submitted the file to virustotal.com and 24/35 scanners suggest that it is a trojan.

    My problem is that nod32 was running on this system and it did not pick the virus up. I have submitted it to eset via the nod shell intergrated submission tool, when do you think that this will be added to the defs.

    Thanks

    Will
     
  2. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    When will it be added is hard to say. Eset tends to prioritize the submissions they receive although they're probably not alone in doing that.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please compress the suspicious files with WinRAR or another common packer, protect the archive with the password "infected" and send it to samples[at]eset.com with as much information about the files as possible (e.g. the url you downloaded it from before you ran it, a link to your post dealing with that threat at Wilders's, etc.). Also enclose a log from ESET SysInspector.
     
  4. m00t

    m00t Registered Member

    Joined:
    May 12, 2008
    Posts:
    3
    Sorry Marcos,

    I have done away with the little critter, not the kind of thing that i wanted hanging around.

    I hope that you can find it in amongst the submissions from the nod32 shell intergration

    Regards

    Will
     
Thread Status:
Not open for further replies.