What kind of animal is "unix_coco.c" ?

Discussion in 'malware problems & news' started by ronny, Jun 15, 2004.

Thread Status:
Not open for further replies.
  1. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    That's my question.I searched a little on the internet but didn't found much information.
    The strange thing is that only Housecall found it, and e-Trust + Norton online didn't detected it at all.
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Ronny,

    I can't provide the specs, but I can say this is an oldie - ITW from about December 10th 2002, covered by for example NOD32 up from December 12th 2002 (database update v1.211). If my memory serves me well, Norton covered this one at aprox. the same time, as most others.

    regards.

    paul
     
  3. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    Okidoki, thank you very much Paul for the information.Perhaps because it is an oldie that Nortononline or e-Trust didn't detect it anymore now o_O
    Who knows...
     
    Last edited: Jun 15, 2004
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Ronny,

    This nastie has been databased - so it would be detected by all resident running and updated major Antiviruses ;)

    regards.

    paul
     
  5. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    Well then it is a mystery to me why e-Trust & Norton didn't found it.Perhaps because it was in a zipped not yet complete file (it was in a emule\temp\2.part , not completed downloaded file, some zipped books or movieclip i think).
    I was unable to see it, and the file was too big to submit (750mega).Housecall couldn't delete only the virus, it had to delete the complete file.
    Or perhaps it was a false positive?
    Luckily it is gone now, and perhaps i better go to the library...much safer. ;)
     
  6. saso

    saso Guest

    in this case it would be possible that since different scanners are using different fingerprints (small strings of the vir file) of the viral file and since the file was not downloaded fully, it could mean that norton did not detect it because the "right bits" of the file were not downloaded yet and oposite for trent :) phuu this explenation is a bit tricky :)) it is also possible that norton is not scaning this file types
     
  7. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    Sounds interesting Saso, but i am not a specialist at all, so don't know if this is possible.

    Gavin-Diamonds DCS gave the following also interesting information:"Since its a UNIX virus, there is no danger to a Windows PC

    This leads me to believe it could be a false alarm.."
    And i am quite sure :D he IS a real specialist , so the opposite of me. ;)
     
Loading...
Thread Status:
Not open for further replies.