Hi There, A pc on my network has been sending traffic to an ip 89.39.110.250 from incrementing soure ports starting around 1212 and trying 3 times on each port to send to dest port 443. I ran an eset sysinspector log and it suggests that the file nvsvc32.exe is dangerous because it has no versioning information. To add to this the computer it was on did not have a nvidia video card in it, it was a intel based notebook. So i submitted the file to virustotal.com and 24/35 scanners suggest that it is a trojan. My problem is that nod32 was running on this system and it did not pick the virus up. I have submitted it to eset via the nod shell intergrated submission tool, when do you think that this will be added to the defs. Thanks Will
When will it be added is hard to say. Eset tends to prioritize the submissions they receive although they're probably not alone in doing that.
Please compress the suspicious files with WinRAR or another common packer, protect the archive with the password "infected" and send it to samples[at]eset.com with as much information about the files as possible (e.g. the url you downloaded it from before you ran it, a link to your post dealing with that threat at Wilders's, etc.). Also enclose a log from ESET SysInspector.
Sorry Marcos, I have done away with the little critter, not the kind of thing that i wanted hanging around. I hope that you can find it in amongst the submissions from the nod32 shell intergration Regards Will
