Where to report a threat not detected by NOD

The file name is smss.exe. I know this is a normal windows process but there is also a version that is a trojan. The normal file lives in the system32 directory and has a size of 50k. This file on my is in the windows/system directory and is only 35k so I know it isn't legit.. My firewall caught it trying to make an outgoing connection to the internet, of course I blocked it. If I scan the file with NOD it reports nothing. After doing some research I have found that it if identified as Flood.F Trojan. Who at eset should I ask to take a look at this?

Thank You
Matt

 

Sorry I over looked the sticky about submiting threats. I have sent them an email now.

 

thank you for submitting this file justsomeguy and if you can pls keep us up with the process of adding the definition.

 

Hi justsomeguy, welcome to Wilders.

Please also submit the file to www.virustotal.com

Cheers

 

Done, I've reported it to both places.

 

Here is the result of the submission to virustotal:

VirustotalServer response

--------------------------------------------------------------------------------

Results of a file scan
This is a report processed by VirusTotal on 07/31/2006 at 07:36:55 (CET) after scanning the file "smss.rar" file.
Antivirus Version Update Result
AntiVir 6.35.1.0 07.30.2006 no virus found
Authentium 4.93.8 07.29.2006 W32/Methodbod.gen
Avast 4.7.844.0 07.29.2006 no virus found
AVG 386 07.28.2006 no virus found
BitDefender 7.2 07.31.2006 no virus found
CAT-QuickHeal 8.00 07.29.2006 no virus found
ClamAV devel-20060426 07.31.2006 no virus found
DrWeb 4.33 07.30.2006 no virus found
eTrust-InoculateIT 23.72.82 07.30.2006 no virus found
eTrust-Vet 12.6.2314 07.28.2006 no virus found
Ewido 4.0 07.30.2006 no virus found
F ortinet 2.77.0.0 07.30.2006 no virus found
F-Prot 3.16f 07.28.2006 W32/Methodbod.gen
F-Prot4 4.2.1.29 07.28.2006 W32/Methodbod.gen
Ikarus 0.2.65.0 07.28.2006 no virus found
Kaspersky 4.0.2.24 07.31.2006 Trojan.Win32.Agent.xo
McAfee 4817 07.28.2006 no virus found
Microsoft 1.1508 07.27.2006 no virus found
NOD32v2 1.1684 07.29.2006 no virus found
Norman 5.90.23 07.28.2006 no virus found
Panda 9.0.0.4 07.30.2006 Suspicious file
Sophos 4.08.0 07.30.2006 no virus found
Symantec 8.0 07.31.2006 no virus found
TheHacker 5.9.8.183 07.30.2006 no virus found
UNA 1.83 07.28.2006 no virus found
VBA32 3.11.0 07.31.2006 no virus found
VirusBuster 4.3.7:9 07.30.2006 no virus found



VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Do not reply to this message. It has been generated by an automatic address that will not handle any reply. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

 

Yep, I spotted it last week. Anyway, most of these Medbot variants are detected generically without needing to update, this one will require adjusmtent of the generic detection.

 

Spotted last week and you let it undetected ??

 

I spotted also tons of others detected by NOD32 only, or by 1 or 2 more AVs besides NOD32 It really requires update of the generic signature in order to be protected against further new variants. I don't think you would be satisifed if we detected just this one and missed the future variants.

 

It's called priorities. Deal with a school of sharks’ first; a sardine can wait until later…

There is a saying that goes like this: Why be up to your neck in mud wrestling with the croc’s when you can drain the swamp

Blackspear.

 

yes, but a dozen of sardines can "kill" a shark sometimes.
... and if you like to be much smart you can pay someone to drain the swamp and then to kill the croc. You could just watch.

 

If this malware were on your system, calling out, would you still belittle its importance by calling it a "sardine"? Are customers who are affected by malware that Eset knew about but didn't deal with supposed to feel better, just because it wasn't a "priority"?

I'm not throwing stones--really, I'm not--but this kind of attitude boggles my mind. I mean, you are literally telling a user that yes, they had malware on their system; that yes, NOD32 failed to detect it; that yes, Eset knew about it, but never mind all that--the malware on your system wasn't important enough.

 

Reality is, fast and wide spreading malware have to be given priority, then the next fastest the next priority. Something that has been hunted down and found on the far reaches of Google on a single PC can not be a priority, this is just reality.

In a perfect world where staff by the hundred could be employed and afforded to be employed this would not be an issue, then again, in a perfect world there would be no malware, and with this being the case, no antivirus software companies; but we are living in the real world, so priorities there are

Cheers

 

Well, in this real world if ESET can't add something, even low priority in one week they should better not support their AntiVirus anymore and start making something else....software that doesn't need updates.
Or, they could seek for more employees. It wasn't me the one who put them to produce an AntiVirus. Perhaps my only fault was that I bought a license...

 

Would you rather Eset at the forefront of technology stopping the fastest spreading malware in the fastest time, or have their technicians working on a piece found in the backblocks of Google? I know for sure that I'd rather them keep doing what they are doing and improve as they can afford to do so, add non priority as soon as they are able and maintain NOD32 at the top of the pile.

If you are really that unhappy with NOD32 I hear AVG is free

Cheers

 

Really?
Maybe after my burial I'll give it a try.

 

ROFLMAO

 

I spotted it on VT and am not aware of having it received from that guy.

 

Perhaps I am not very technical, but isn't it possible to just add a "standard" detection for a sample without trying to "fit it" into a generic detection? I'm not thinking about this sample only, but in general (cases that are a bit similar to this one)? And it's not meant as criticism, just a question out of curiosity.

Sorry if it is a little bit off-topic.

 

Of course it is possible. But ESET wants only generic detection.

 

IMHO that would be more correct to say "ESET wants generic detection" given the fact ESET to my knowledge has never publically stated they want "only" generic detection

Edit
Oh never mind....I now notice the sarcastic smilie you applied to your post

 

Just discovered some erratic system behavior, ran NOD32 with AH (nothing), looked at Autoruns, saw two suspicious entries and sent them to Eset, then through some Googling I finally got here.
Anything new with this malware?

 

Did you also try submitting the suspicious files to VirusTotal

 

...and made 100+ posts I guess there's plenty that take part at Wilders and don't realise all the different forums here though...

Very good suggestion.
Just realise that even if many other vendors choose to detect a particular file that does mean that for sure it is a threat, likewise even if none detect it doesn't mean it isn't...

Cheers

 

I think shark or sardine doesn't really matter as we all know that no AV can guarantee 100% detection.

The only way to have perhaps 99.999% success is to use NOD in conjunction with a sort of sanbox program.