Win32-Stration.HV Virus got through IMON

I have two e-mail transmited variants of the Win32-Stration.HV virus that went through IMON. I submited the two file attachement to http://www.virustotal.com/en/indexf.html and found NOD32 had certified the incomeing message but let them both through!!!

I did submit the samples to eset with the appropriate info but I'm still a bit upset that "A known" viruses would pass through the scanner!

 

This is what the virus total analysis turned up! What bothers me is that the virus was know by Eset and yet both variants passed throught unindered!!!

 

It did find the bug during a "manual directory scan" without any trouble at all.
My concern is that it would be too late "joe" average would be infected by then!!!

 

Have you got imon configured a la blackspear's setting?

 

detection for Win32/Stration.HV was added on 19th october (1.1811). Your first screenshot shows NOD32 was using 1.1810, so it looks like you got the email with infection just before NOD32 was updated to cover it. Unlucky, but it's going to happen from time to time.

This is also why a scan at VirusTotal and then by you did pick up the threat.

 

As a side note and possibly nothing to be concerned about but your Mail Server report in your first pic has jumped ahead a month to November....Date: 18/11/2006 9:46 PM

 

Sure did!

 

Nicely picked up.

Cheers

 

Yes you are right... it's an attempt by the nasties to fool the system since many an old AV would return failed scans on wrong dates. Both the "wrong" dates are different variant of the same virus.

 

It would appear this is it. But still by 1 mini micro update?
Actually I think that this virus was already being detected for some time isnt it? can anyone confirm this?

 

That's all it takes sometimes, as was said, someone has to be first

There are many variants of this mongrel

Cheers

 

And the battle rages on....

 

aint that the truth - there's been 5 updates so far today and each one has contained more Win32/Stration variants. 2 of the updates were solely for Win32/Stration variants.

 

Hola it's me again... and guess what?
Another one!!! this time completelly undetected!
Anyone want a copie?

~scan result removed....Bubba~

 

This thread was allowed to initially be permitted as it appeared to be a support issue and support was rendered explaining why the Nod user found what he found. However....now that an attempt has been made to turn it into a thread of who has and who has not covered this malware....We'll bring this thread to a close.

For further clarification of this decision as it relates to our position on closures such as this....Please see this post.

Regards,
Bubba