Trojan or Not?

Discussion in 'NOD32 version 2 Forum' started by Meitricsu, Jan 27, 2006.

Thread Status:
Not open for further replies.
  1. Meitricsu

    Meitricsu Registered Member

    Joined:
    Jan 27, 2006
    Posts:
    9
    Multiple files of 44 KB each, which have double extensions(mp3.exe or jpg.exe) are seen as a Trojan.Win32.VB.aia by Kaspersky Antivirus but is not seen by NOD32. What seems to be the problem? In Kaspersky Malware Enciclopedya is written that it appeared on 19-01-2006 and all the "infected" files on my PC are dated - 20-01-2006. You can download a sample from ~sniped~. It includes one of those files.
    What seems to be the explanation that NOD32 isn't aware of it?
     
    Last edited by a moderator: Jan 27, 2006
  2. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi Meitricsu, I've removed the link as it violates our TOS. Please do not post links to malware. Thank you.

    Regards,

    snap
     
  3. Meitricsu

    Meitricsu Registered Member

    Joined:
    Jan 27, 2006
    Posts:
    9
    Sorry, I did'n knew that. My bad. I attached now a screenshot which shows how other AV-products see that file as a Trojan. Norton and Kaspersky say YES, NOD32 and McAfee say NO. Which one is it?
     

    Attached Files:

    Last edited by a moderator: Jan 27, 2006
  4. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,526
    Location:
    Arkham Asylum
    Hi Meitricsu

    Have you submitted the file to eset? samples[at]eset.com
     
  5. Meitricsu

    Meitricsu Registered Member

    Joined:
    Jan 27, 2006
    Posts:
    9
    Yes, I submited it using the Submit for analysis option in NOD32 System Tools->Quarantine->Submit for analysis.
     
  6. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    It should go faster if you submit it to the email above.
     
  7. Happy Bytes

    Happy Bytes Guest

    Ok, this should be solved ASAP. Looks pretty much similar to Win32/VB.NEI probably some previous version. So no problem - will be added.
     
  8. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    NOD32 - v.1.1385 (20060128 )
    Virus signature database updates:
    IRC/SdBot (2), SymbOS/Pbstealer.C, Win32/Adware.Virtumonde (2), Win32/Akbot.B (2), Win32/Bagle.EF, Win32/Bagle.EX (3), Win32/IRCBot.PH, Win32/Mytob.OX (2), Win32/Mytob.OY (2), Win32/Opanki.BP (2), Win32/Oscarbot.BS, Win32/Poebot, Win32/Rbot (8 ), Win32/TrojanDownloader.Small.APP, Win32/VB.AIA
     
Thread Status:
Not open for further replies.