Trojan...not detected :(

Discussion in 'NOD32 version 2 Forum' started by pykko, Jan 4, 2006.

Thread Status:
Not open for further replies.
  1. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    I don't want to start a new thread about samples but I'm really concerned about on file I've submitted to ESET 2-3 weeks ago.

    I don't know why isn't it detected...is it due to the packers or simply those malwares are not in the database??

    I've attached the scan results from jotti and I don't know .... if it's all about the packers it's OK, but I'm, afraid to test.. :D
    If NOD doesn't pick the virus I get infected :p


    Thank you and if somebody wants to test the file I could send it via mail, or perhaps to send it again to ESET.

    Post only if you have an answer to my topic, I don't want to start a never ending fight on samples again! ;)
     

    Attached Files:

  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It looks like a SFX archive :) Are you sure the files aren't detected after being unpacked?
     
  3. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    I think he is too scared to unpack them to find out.
     
  4. tazdevl

    tazdevl Registered Member

    Joined:
    May 17, 2004
    Posts:
    837
    Location:
    AZ, USA
    That's asking a lot Marcos.
     
  5. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Well, Marcos how should I unpack it? Isn't it easyer to submit it again to ESET? :D
     
  6. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    If it's an SFX file, you can simply open it using WinRAR.

     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's indeed a Rap! sfx archive and the files are detected upon extraction. A majority of them by signatures and the rest generically. BTW, WinRAR does not open this archive.
     
  8. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    The on-demand scanner would detect any nasties inside that achive...
    Just rightclick and scan
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Not yet as this special type of archive is not supported by NOD32's archive module yet. However, AMON detected the file upon extraction and deleted it.
     
  10. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Hmm.. I just looked at the last report on the image: "RAR".
    I know NOD can scan those archives :)
     
  11. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Thx, Marcos! The viruses are detected indeed when running the file. AMON prompt me to delete 2 Trojans. ;)

    Hope you'll add support for this type of archive to NOD32 3.0

    P.S. I"ve tried to uncompress with WinRAR but I couldn't done it, that's why I've posted.
     
Thread Status:
Not open for further replies.