I have submitted several files that a *new* variant of the W32.SpyBot.Worm file generates to samples@nod32.com, and sample@nod32.com. I have not heard a response, yet the virus continues to crush our corporate network. Symantec, and NOD32 stand by and do nothing to stop it. What do I have to do for attention on this matter? It's hard to convince my Director to switch to NOD32 entirely if your product fails to protect. The worm spreads fast, and generates the following files: C:\exec.exe C:\Windows\sys32.exe C:\Windows\sys33.exe C:\Windows\iexplorer.exe It's identified only in part by NOD32 as a rootkit worm. NOD32, and Symantec both can't stop the worm, or clean it.
Hello ! It is an Eset policy and you won't hear from the Virus Lab at all . They just receive the samples but do not answer people. In such an emergency , please , submit the files to Eset Technical Support , email support[at]eset[dot]com Attach the suspected files and as much information as you may think of . Depending on the situation they will provide you with solution appropriate to kill the parasite
They wrote back and had my test the files against virustotal.com. Several virus scanners picked the files up, NOD32 was not one of them. After a few hours of the phone with Symantec, it's now one of the several that detects the new variant. I sent the SHA1/MD5 information to ESET. I haven't heard anything back.
File sys32.exe received on 07.11.2007 15:09:39 (CET) Antivirus Versión Last Update Result AhnLab-V3 2007.7.11.1 20070711 no virus found AntiVir 7.4.0.39 20070711 TR/Drop.RHE.4 Authentium 4.93.8 20070710 no virus found Avast 4.7.997.0 20070711 no virus found AVG 7.5.0.476 20070710 no virus found BitDefender 7.2 20070711 Trojan.Dropper.RHE CAT-QuickHeal 9.00 20070711 no virus found ClamAV devel-20070416 20070711 Trojan.SdBot-6507 DrWeb 4.33 20070711 Trojan.MulDrop.7389 eSafe 7.0.15.0 20070710 no virus found eTrust-Vet 30.8.3779 20070711 Win32/Injeven Ewido 4.0 20070711 no virus found FileAdvisor 1 20070711 no virus found Fortinet 2.91.0.0 20070711 no virus found F-Prot 4.3.2.48 20070710 no virus found Ikarus T3.1.1.8 20070711 Trojan.MulDrop.7389 Kaspersky 4.0.2.24 20070711 no virus found McAfee 5071 20070710 no virus found Microsoft 1.2704 20070711 no virus found NOD32v2 2392 20070711 no virus found Norman 5.80.02 20070711 no virus found Panda 9.0.0.4 20070711 Trj/ADSdropper.A Sophos 4.19.0 20070706 no virus found Sunbelt 2.2.907.0 20070711 no virus found Symantec 10 20070711 W32.Spybot.Worm TheHacker 6.1.6.144 20070709 no virus found VBA32 3.12.0.2 20070710 Trojan.MulDrop.7389 VirusBuster 4.3.23:9 20070710 no virus found Webwasher-Gateway 6.0.1 20070711 Trojan.Drop.RHE.4 Aditional information File size: 125526 bytes MD5: 5997298a35ef417a240551e94a3338e9 SHA1: 44e1dab608547c63e277c3156534778133e2a6c8
It may be a good idea to send samples from a new/different email address, in my experience after I'd emailed a few samples over the course of several weeks; very few samples I submit are added, it's possible submitting multiple samples using the same email puts your email on their "VX collector list" meaning your submissions will have lowest priority. Londonbeat
Don't stir up a hornet's nest, Codpet is not a virus collector; he has asked us to assist him in removing an infiltration from his network and all the functional samples he has submitted are actually detected: AhnLab-V3 2007.7.11.1 20070711 no virus found AntiVir 7.4.0.39 20070711 TR/Drop.RHE.4 Authentium 4.93.8 20070711 no virus found Avast 4.7.997.0 20070711 no virus found AVG 7.5.0.476 20070711 no virus found BitDefender 7.2 20070711 Trojan.Dropper.RHE CAT-QuickHeal 9.00 20070711 no virus found ClamAV devel-20070416 20070711 Trojan.SdBot-6507 DrWeb 4.33 20070711 Trojan.MulDrop.7389 eSafe 7.0.15.0 20070710 no virus found eTrust-Vet 30.8.3780 20070711 Win32/Injeven Ewido 4.0 20070711 no virus found FileAdvisor 1 20070711 no virus found Fortinet 2.91.0.0 20070711 no virus found F-Prot 4.3.2.48 20070711 no virus found Ikarus T3.1.1.8 20070711 Trojan.MulDrop.7389 Kaspersky 4.0.2.24 20070711 no virus found McAfee 5072 20070711 no virus found Microsoft 1.2704 20070711 no virus found NOD32v2 2394 20070711 Win32/Rbot Norman 5.80.02 20070711 no virus found Panda 9.0.0.4 20070711 Trj/ADSdropper.A Sophos 4.19.0 20070706 no virus found Sunbelt 2.2.907.0 20070711 no virus found Symantec 10 20070711 W32.Spybot.Worm TheHacker 6.1.6.144 20070709 no virus found VBA32 3.12.0.2 20070710 Trojan.MulDrop.7389 VirusBuster 4.3.23:9 20070711 no virus found Webwasher-Gateway 6.0.1 20070711 Trojan.Drop.RHE.4 Aditional information File size: 125526 bytes MD5: 5997298a35ef417a240551e94a3338e9 SHA1: 44e1dab608547c63e277c3156534778133e2a6c8 Since the problem has been resolved, I'll draw this case to a close.