Strange issue whith ESS6

Discussion in 'ESET Smart Security' started by lord47, May 26, 2013.

Thread Status:
Not open for further replies.
  1. lord47

    lord47 Registered Member

    Joined:
    May 26, 2013
    Posts:
    3
    I'm using ESS6.0.316.0 (with Virus DB 8376)..and yesterday a dowloaded I compressed file (.rar)..then I scanned it and ESS6 said it's clean...but after a while I noticed that a new process named "antivirus.exe" (trojan threat) is running in my system (it modified my windows registry to unsure its running at every system startup) and it connects to a remote server,then causes the system to reboot after a random time (after 1-5 minutes).

    And after a long struggle ..the ESS6 startup scanner finally detected "a suspicious file" running (it cleaned it & the threat is quarantined):

    %Temp%antivirus.exe a variant of MSIL/Packed.CodeWall.A

    But the problem is :
    * If I scan the infected file...then the result tells that it's clean.
    * If I try to send this file to samples@eset.com via MS outlook..that's when ESS6 Email filter detects and clean the trojan.

    So, is there any explination to this matter?
     
  2. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    Hi,
    Was it a double zipped file.?
    Threats are often quite difficult to detect with a scan when the file is double zipped.
     
  3. lord47

    lord47 Registered Member

    Joined:
    May 26, 2013
    Posts:
    3
    No..but here's the report I got with ESS6 email filter:

     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    When scanning the disk, did you enable detection of suspicious applications? When submitting detected malware, protect the archive with the password "infected" so that it's not detected by other protection modules.
     
  5. lord47

    lord47 Registered Member

    Joined:
    May 26, 2013
    Posts:
    3
    Yes.."detection of suspicious applications" is enabled.


    I did as you suggested..and Eset team said that they'll include this threat in the next signature update.

    They definded the threat as: MSIL/Bladabindi.O trojan
     
    Last edited: May 27, 2013
Thread Status:
Not open for further replies.