Trojan not detected

Discussion in 'NOD32 version 2 Forum' started by beenthereb4, Jul 20, 2006.

Thread Status:
Not open for further replies.
  1. beenthereb4

    beenthereb4 Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    568
    This trojan is not detected by Nod32 and sat on my computer for a while:

    p799785-untitled.gif
     
  2. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    send it for analyse to sample [at] nod32.com. ;)
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    From VGrep:

    ALWIL [undetected]
    CA InoculateIT [undetected]
    CA VET [undetected]
    Doctor Web Trojan.MulDrop.3765
    ESET Win32/TrojanDownloader.Delf.NIN
    Fortinet [undetected]
    Frisk Software [undetected]
    GRISoft Downloader.Generic2.JU
    H+BEDV [undetected]
    IKARUS [undetected]
    Kaspersky Lab Trojan-Downloader.Win32.Delf.aef
    McAfee [undetected]
    Microsoft [undetected]
    Norman W32/Delf.JPY
    Panda [undetected]
    SOFTWIN [undetected]
    Sophos [undetected]
    Symantec Downloader.Trojan
    Trend Micro PAK_Generic.001
    VirusBuster [undetected]

    Blackspear.
     
  4. beenthereb4

    beenthereb4 Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    568
    Regardless of Vgrep, Nod32 did not detect it - even with your settings. A scan by Norton (in BartPE) found it and VirusTotal confirmed it.
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Send the sample to Eset, it may simply be a broken, only analysis will determine the outcome.

    Blackspear.
     
  6. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    Since you have no contact option via PM i have to reply here too. Send this file please to me too. Thanks
     
  7. beenthereb4

    beenthereb4 Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    568
    I sent the sample to you and Eset. It will come from "joesdump", let me know if it does not make it.
     
  8. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    got it. thanks
     
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    So Inspector, what's the outcome?

    Cheers :D
     
  10. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    The outcome is as follows

     
  11. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Well, the third result is:
    ALWIL [undetected]
    H+BEDV TR/Dldr.Delf.aef.1
    GRISoft Downloader.Generic2.MV
    Kaspersky Lab Trojan-Downloader.Win32.Delf.aef
    SOFTWIN Trojan.Downloader.Delf.AEF
    Doctor Web [undetected]
    Frisk Software security risk named W32/Downloader.WSM
    McAfee Downloader-ABT
    Fortinet W32/Delf.AEF!tr.dldr
    Microsoft [undetected]
    Symantec Downloader.Trojan
    ESET [undetected]
    Norman W32/Delf.IQY
    Trend Micro TROJ_Generic
    o_O I've noticed anyway that Kaspersky has a name for a particular malware and if you search for it on VGrep it finds many results and other vendors name it differently but KAV the same.
     
  12. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Yes, but still have we heard if it even should be detected? - I certainly haven't?
     
  13. ASpace

    ASpace Guest

    Pykko , as Marcos have said many times , we should trust only VirusTotal as it provides the most acurate results
     
  14. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    yes, I know that! ;)
     
  15. pc-support

    pc-support Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    285
    Location:
    Edinburgh, UK
    Ermm.. As this is a NOD support forum and IC is no longer an ESET employee and who now works for one of their competitors should we be really sending him/F-PROT these files? Shouldnt he be asking/looking in an FPROT forum somewhere?
     
  16. ASpace

    ASpace Guest


    Although it is off-topic , please reread carefully the whole thread and I am sure you'll find the answer ;)
     
  17. pc-support

    pc-support Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    285
    Location:
    Edinburgh, UK
    Okay, I have re-read the post and yes, IC couldnt contact the the original poster directly so he asked him to contact him through the forum.

    I made my comment as a general observation, not specifically related to this post.
     
  18. ASpace

    ASpace Guest


    No , no , you didn't understand what I mean . Something completely different but let's stop it because I might get banned :D :D :D It is off-topic :)
     
  19. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    As I think has been posted elsewhere and also IMHO, IC is most welcome to participate in these forums. His expertise is indeed appreciated and although he may now works for a different vendor, there remains a good friendship with ESET. If he wishes a sample he is far more than just qualified to ask for one, once more JMHO.

    Cheers :)
     
  20. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    IC is still a top expert in malware so i don't see a slightest reason why they shouldn't send him those files if he requests so. Besides, he left ESET because of other (personal) reasons. Those in "doubt" shoudl read his blog more often...
     
  21. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I will second this :thumb:

    Simply because Michael has gone elsewhere for personal reasons does not make him the enemy. If a friend leaves your work and goes to work for the opposition, do you stop having a beer with him at the local pub? What he knows on a pin-head is 1000 times more than what I know.

    The Inspector is certainly most welcome here.

    Blackspear.
     
  22. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    In addition to what BS said:

    The discussion and\or questioning of whether a former employee of Eset should be entitled to post in a Nod32 thread requesting an e-mail sample also....is seriously off topic in this thread and this forum.

    If you wish to debate this topic further, feel free to start a dedicated thread in an appropriate forum here, as it may be important enough to some as of general interest. Otherwise, let's stay on the nominal topic Please.

    Bubba
     
  23. beenthereb4

    beenthereb4 Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    568
    And it is Eset's stated policy to share it's samples - as all the most ethical companies do.
     
  24. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Have you rescanned your sample now, beenthereb4 ?
    Your scanning result is from v. 1.1668 and now NOD32 has been updated to 1.1672. Maybe they've added something. The latest version contains 2 signatures for Win32/Trojan.Downloader.Delf See here :)
     
  25. pc-support

    pc-support Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    285
    Location:
    Edinburgh, UK
    And thats the bit that I forgot about. Sorry IC and anyone else who was upset/offended etc.
     
Thread Status:
Not open for further replies.