What IS NODWNTEN NOD32.BAT?

Discussion in 'NOD32 version 2 Forum' started by spy1, Jun 16, 2003.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Pete,

    Seems like a nice picture from AVG v7 ;) talking about a "a possible" infection. Could you provide some more info? In case you do have a copy from the file in question, please zip it and send me a copy and submit one to Eset as well.

    regards.

    paul
     
  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Excuse me, but I believe you guys read DSL's security forum as much as I do.

    In case you don't, the thread I'm referring to is here: http://www.dslreports.com/forum/remark,7121059~root=security,1~mode=flat . It provides the screenie I linked to, as well as McAfee "hits" from something similar.

    I'm trying to clarify if this is a threat or a wild-goose-chase.

    TIA Pete
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Pete,

    Can't say anything about "as much.." ;) Actually, I just pressed your link, Pete, and the pic showed up.

    We well need a sample anyway in order to verify all this ;)

    regards.

    paul
     
  5. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Originally the worm (?) that Vamp said he was using that NOD couldn't pick up was Trojan.BAT.KillAV.h

    But he said it was not the same as the one by that name found in the Symantec virus library and was instead perhaps a variant of that or two others (with different names) found in the McAffee library.

    Then he has a screen shot showing AVG ID'ing it as possibly BAT/HitOut.

    As for the screenshot showing nodwnten.exe/NOD32.BAT I frankly am not sure what that's supposed to mean really. The only nodwnten.exe file I have is the downloaded executable to install NOD version 1. So...?
     
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    There's no way to verify this, without a sample from the actual file - which couldn't be traced/found by anyone.

    No offense, but I for one will not go for hearsay. The one and only right thing to do is submitting the file to AV/AT developpers. Only after verification we'll know for sure. For the benefit of all, submitting the file is the way to go - I'm sure Vamp does know this, and will do so for the benefit of all AV/AT software users. A matter of normal social behaviour.

    Indeed.

    ..it's an obscure zoo file as it seems, as there are many. This has nothing to do with your installled NOD32 version. I for one would like to know where this file actually comes from, since no one seems to be able to track it down (sic).

    regards,

    paul
     
  7. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Oh, of course it's all hearsay. I quite understand that. And the mystery file of somewhat dubious nomenclature seems somewhat....elusive at the moment. ;)

    As for the nodwnten thing, perhaps it's simply a renamed file or concoction containing the elusive mystery worm. An added touch, perhaps. ;) That's why it didn't make sense to me what the screenshots were purporting to show.

    :D
     
  8. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    It seems the latest definition release now has it covered ;)
     
  9. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Kev,

    Since it has been put ITW (now...), and Eset did grab a sample: yup ;)

    regards.

    paul
     
Thread Status:
Not open for further replies.