Win32/Bagle.AH

Discussion in 'NOD32 version 2 Forum' started by Stan999, Jul 19, 2004.

Thread Status:
Not open for further replies.
  1. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    Interesting results.

    Received infected file by e-mail before the
    NOD32 - v.1.817 (20040719) update. NOD detected it at that time as
    virus probably unknown NewHeur_PE virus. With the 1.817 update
    NOD detects it as Win32/Bagle.AH

    I sent the file to »www.virustotal.com/flash/index_en.html

    Results:
    VirustotalServer response

    -----------------------------------------------------------
    Results of a file scan
    This is the report of the scanning done over "Doll.vscr" file that VirusTotal processed on 07/19/2004 at 20:02:58.
    Antivirus Version Update Result
    BitDefender 7.0 07.19.2004 Win32.Bagle.AJ@mm
    ClamWin devel-20040517 07.19.2004 Worm.Bagle.AF.2
    eTrustAV-Inoc 4641 07.18.2004 -
    F-Prot 3.15 07.19.2004 -
    Kaspersky 4.0.2.23 07.19.2004 -
    McAfee 4378 07.19.2004 -
    NOD32v2 1.817 07.19.2004 Win32/Bagle.AH
    Norman 5.70.10 07.19.2004 W32/P2PWorm
    Panda 7.02.00 07.19.2004 -
    Sybari 7.5.1314 07.19.2004 -
    Symantec 8.0 07.18.2004 -
    TrendMicro 7.000 07.19.2004 -

    VirusTotal is a free service offered by Hispasec Sistemas. There are no guarante! es about abailability and continuity of this service. Do not reply this message, it has been sent by an automated process that will not handle such responses. Even when the detection rate given by the use of multiple antivirus engines is far superior to the one offered by only one product, this results DONT guarantee the harmlessness of a file. There is no such a solution that can offer a 100% rate of efectiveness recognizing virus and malware.

    -----------------

    Nice going NOD by also detecting this before the update and also before some other AVs!
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    I'll second that!! :D
     
  3. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Way to go ESET!! Was it detected with AH or standard heuristics Stan999?
     
    Last edited: Jul 19, 2004
  4. DiGi

    DiGi Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    114
    Location:
    in the middle of nowhere
    I get same email, catched by IMON (AH enabled) :)

    Nice ;)
     
  5. Longthing

    Longthing Registered Member

    Joined:
    Jul 27, 2002
    Posts:
    40
    Here you can see that Norman also detected it without an update of the virusdef's. W32/P2PWorm is a Sandbox detection.
     
  6. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    NewHeur_PE... means detection by AH
     
Thread Status:
Not open for further replies.