Update 2431 and archives

Before update 2431 with upgrade archive module NOD32 detects in one .zip file this: probably variant of Win32/Small trojan. After this update NOD32 cannot test this file and write this: unpack error.

I tried test file in archive .zip and then unzip as .exe


note: 15.07.2007 NOD32 cannot test this file, but 01.08.2007 NOD32 could test it and this update changed it back.

 

What do you think, where is the problem? Will ESET solve it?

 

Have you tried the same with 2434?

 

of course

 

Well, I don't allow my NOD to update automatically, I prefer to do it manually. So I have noticed that there was an update for advanced heuristics in 2432. This "probably variant" is detected heuristically. Perhaps an ESET official would clear this up for us...

 

This problem isn't in heuristic module. NOD32 cannot open and test this file in .zip archive and extracted with extension .exe

 

have you send .zip file to ESEt ? it could be FP.

 

I sent this sample to ESET at 24th July with another files. I attached results from http://www.virustotal.com/


This sample was marked as TR/Crypt.FSPM.Gen (Avira) = Trojan.Small.APJ (BitDefender). At that time NOD32 wrote unpack error, too. It changed to heuristic detection and came back. (but this I wrote)

 

Today ESET upgrade archive module, but my problem is still actual.

 

The archive is being looked at, please hold on.

 

Some time ago I sent a trojan to ESET that is still not detected.
On virustotal today :

removed attachment....Bubba

Is this an archive problem too ?

 

It's a password protected archive, the file(s) inside are usually detected.

 

No , it is not password protected.
Others are detecting it without any problems.(DNSChanger)

 

These usually contain password protected archives, I'm very doubtful NOD32 would give you that message otherwise.

 

I get that message on virustotal only.
If I scan that file with NOD32 it founds nothing.
Anyway I'll resend that to ESET and perhaps it will finally get fixed.

 

As I said, the archive contains other password protected archives:

 

Suppose you are right I still have a very big question.
How do others manage to scan inside those protected archives and detect that threat .

 

Either guess/know the password or brute force/dictionary it.

 

For sure nothing like that.

 

No answer

 

they detect the whole package either by heuristics or signatures.

 

Please look here:
http://ukazto.com/img/nod-d5a1.jpg

 

they haven't fixed it yet.

 

The file was patched fsg so there's nothing to fix. However, Advanced heuristics was able to emulate the code so if it was malicious AH would have caught it.

 

But before this update NOD32 could test that file. I think that problem is certainly in archive module.