SCKeyLog.g

How long does it take for Eset to include a definition of a virus into their signature database? To this date they have 10 different versions of SCKeyLog included in the database and I stumbled across another version, which is not yet included, SCKeyLog.g and submitted it to Eset the same day (2004-10-17).

SCKeyLog.g was NOT detected by NOD32, despite deep heuristics and all bells and whistles on, but was detected with AVPDOS32.

Because I live in Sweden I sent the file to support@eurosecure.com (http://www.eurosecure.com/) and the reply I got was, roughly translated, "It looks like a new version of SCKeyLog. Thank you for the submitted file." It will be detected with a future update of definitions."

So, how long does it take for a virus to be included in the signature database?

 

Hi, many AV companies use different names for the same virus, which can make it difficult to tell when that virus is in the detections.

If you get an unidentified virus please send it to samples@eset.com

The latest update [1.900] has added detections for a few win32/spy trojans,
I believe your trojan is covered here.

A link to the latest definitions

http://www.nod32.com/support/info.htm

 

even the webpage you posted seems alittle behind, they list the current definitons as 1897, not 1900.

 

It was 1.900 when I looked at it.

 

If you get an unidentified virus please send it to samples@eset.com

Sent!

The latest update [1.900] has added detections for a few win32/spy trojans,
I believe your trojan is covered here.

I don't. NOD32 still doesn't detect the virus/trojan.

 

Could I just ask a few questions,

Did Nod32 identifiy the trojan at all?

Which scanner gave you the name SCKeyLog.g?


Hopefully ESET will get back to you shortly regarding the sample you have sent to them.

Some web research I have done shows very little info available on this name, Sophos virus info has some, but Symantic, Mcafee do not. This leads me to believe that it has other aliases.

Please let us know when ESET get back to you, and any details they might have, thanks.

 

There seem to be quite a few variants of it...

It is a very new Trojan, and Eset seem to behind the eightball on this one...

Cheers

 

Thanks for that Blackspear, where did you get that image from if u dont mind me asking?

 

Under "Resorces" at www.virusbtn.com or direct link here

Cheers

 

Like I stated in my first post: SCKeyLog.g was NOT detected by NOD32, despite deep heuristics and all bells and whistles on, but was detected with AVPDOS32.

NOD32 didn't detect anything suspicious at all with the file.

I had some problems with my SMTP so the mail with included file to samples@eset.com has probably just arrived at their offices.

The AVPDOS32 scan was not done by me, but I submitted the file to http://virusscan.jotti.dhs.org/ and both Kaspersky and BitDefender detected SCKeyLog.g.

 

Forgot to mention that Eset have 10 different definitions of SCKeyLog in their database:

20040924 Win32/Spy.SCKeyLog.O
20040524 Win32/Spy.SCKeyLog.224
20040511 Win32/Spy.SCKeyLog.J
20040123 Win32/Spy.SCKeyLog.C
20030503 Win32/Spy.SCKeyLog.E
20030428 Win32/Spy.SCKeyLog.F
20030210 Win32/Spy.SCKeyLog, Win32/Spy.SCKeyLog.20, Win32/Spy.SCKeyLog.A, Win32/Spy.SCKeyLog.B

 

I have put the question to Eset, and are awaiting a response, either here or by email...

Cheers

 

I guess I should have contacted Eset headquarters immediately, instead och their Swedish affiliate...:

Hello,

thanks for the sample. It is a setup package of a trojan NOD32 has been
able to detect as Win32/Spy.SCKeylog.G.
A signature was added for this file as well. It will be available in the
next update.

Best regards,
ESET s.r.o.

 

Yes, always better to send any unknown viruses to samples@eset.com

And both samples were added, each was a slightly different variant.

Cheers

 

Thanks for keeping us up to date with your progress Daniel, its good that ESET got back to you so quickly.