Threat in emil attachments again...

Discussion in 'NOD32 version 2 Forum' started by gerrya, Jul 30, 2007.

Thread Status:
Not open for further replies.
  1. gerrya

    gerrya Registered Member

    Joined:
    Oct 21, 2005
    Posts:
    18
    Location:
    Illinois, USA
    Maybe old news but I just received 4 emails with zip attachments--
    message.zip
    doc.zip
    notice.zip
    text.zip

    These are surely some kind of threat though no scanner I have tried detects anything.
    Trying to open unzip on a MAC results in af format error..

    Just an FYI- these were blocked by attachment blocking on the email server!

    Gerry
     
  2. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
  3. gerrya

    gerrya Registered Member

    Joined:
    Oct 21, 2005
    Posts:
    18
    Location:
    Illinois, USA
    Sent them last night. No threats found with any scanner at that time.

    Gerry
     
  4. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Hi gerrya,

    Please follow the advice in -->this<-- post by Blackspear which I think should fully cover your issue.

    Cheers :)
     
  5. Pru

    Pru Registered Member

    Joined:
    May 18, 2007
    Posts:
    11
    Location:
    California
    Hi, like you I've gotten several .EXE viruses sent to our e-mail boxes recently as ZIP attachments. I had previously complained that NOD32 did not detect them, which was only partially true. NOD32 did not detect some of them with an on-demand scan, but I decided to actually run the viruses in an isolated VirtualPC environment and then NOD32 stopped them.

    In fact this morning I got the "shocking.exe" rootkit which NOD32 did not detect in the archive or when I extracted it to my desktop. However, when I ran it in the isolated VirtualPC environment (don't try this unless you know what you're doing!), NOD32 stopped it trying to install the IP6fw.sys driver and deleted the EXE. NOD32 then identified it as the Win32/Rootkit.Agent.DP trojan.

    So even though I'd prefer NOD32 to catch these with an on-demand scan, it's nice to know it's going to stop some of them when they're executed. It gives me quite a bit of peace of mind, and makes me feel more confident about NOD32's abilities.

    I suppose this is another example of how those online multi-engine scanners don't tell the whole story.
     
Thread Status:
Not open for further replies.