Win32-Stration.HV Virus got through IMON

Discussion in 'NOD32 version 2 Forum' started by Hermescomputers, Oct 19, 2006.

Thread Status:
Not open for further replies.
  1. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    I have two e-mail transmited variants of the Win32-Stration.HV virus that went through IMON. I submited the two file attachement to http://www.virustotal.com/en/indexf.html and found NOD32 had certified the incomeing message but let them both through!!!o_O

    I did submit the samples to eset with the appropriate info but I'm still a bit upset that "A known" viruses would pass through the scanner!
     

    Attached Files:

    Last edited: Oct 19, 2006
  2. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    This is what the virus total analysis turned up! What bothers me is that the virus was know by Eset and yet both variants passed throught unindered!!!
     

    Attached Files:

  3. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    It did find the bug during a "manual directory scan" without any trouble at all.
    My concern is that it would be too late "joe" average would be infected by then!!!
     

    Attached Files:

  4. pc-support

    pc-support Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    285
    Location:
    Edinburgh, UK
    Have you got imon configured a la blackspear's setting?
     
  5. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    detection for Win32/Stration.HV was added on 19th october (1.1811). Your first screenshot shows NOD32 was using 1.1810, so it looks like you got the email with infection just before NOD32 was updated to cover it. Unlucky, but it's going to happen from time to time.

    This is also why a scan at VirusTotal and then by you did pick up the threat.
     
  6. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    As a side note and possibly nothing to be concerned about but your Mail Server report in your first pic has jumped ahead a month to November....Date: 18/11/2006 9:46 PM :blink:
     
  7. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Sure did!
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Nicely picked up.

    Cheers :D
     
  9. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Yes you are right... it's an attempt by the nasties to fool the system since many an old AV would return failed scans on wrong dates. Both the "wrong" dates are different variant of the same virus.
     
  10. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?

    It would appear this is it. But still by 1 mini micro update?
    Actually I think that this virus was already being detected for some time isnt it? can anyone confirm this?
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    That's all it takes sometimes, as was said, someone has to be first :blink:

    There are many variants of this mongrel :mad:

    Cheers :D
     
  12. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    And the battle rages on....
     
  13. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    aint that the truth - there's been 5 updates so far today and each one has contained more Win32/Stration variants. 2 of the updates were solely for Win32/Stration variants.
     
  14. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Hola it's me again... and guess what?
    Another one!!! this time completelly undetected!
    Anyone want a copie?:)

    ~scan result removed....Bubba~
     
    Last edited by a moderator: Oct 19, 2006
  15. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    This thread was allowed to initially be permitted as it appeared to be a support issue and support was rendered explaining why the Nod user found what he found. However....now that an attempt has been made to turn it into a thread of who has and who has not covered this malware....We'll bring this thread to a close.

    For further clarification of this decision as it relates to our position on closures such as this....Please see this post.

    Regards,
    Bubba
     
Thread Status:
Not open for further replies.