• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

A Trojan and a new variant of "antispiwareguard" that NIS2009 not detect

On January 7, updated NIS2009 with full heuristic is not able to detect a trojan and other false antivirus that hides a trojan downloader. This malware is an .exe very similar to dangerous and resistant "antispywareguard" or that there are many fake antivirus and Internet whose claws fall unwary that run on their machines. I find it unbelievable that Symantec has not established a generic rule of detection for this type of trash that cybercriminals use to get money to their victims under false pretenses

Please take seriously my request, they have to improve the detection capability of Norton software. I used KIS during 2008 and I had no infection. However, the lack of effectiveness in detecting new malware NIS2009 beginning to worry.

I am responsible surfer and I know many internet traps, it is difficult to infect me but not impossible, every day they invent new ways to trick and infect. I send to SSR all the malware that is not detected for NIS2009, but I hope that Symantec greatly improve their effectiveness in detecting threats. improve detection is work to be done sooner

Two threats are sent to SSR, and the numbers of tracking are:

#10201272

#10201308

 

The first number corresponds to a trojan called "Octopus", the second number is the new equivalent of fake antivirus called "antispywareguard"

Thanks for read me and sorry for my inglish, i am spanishman

Message Edited by Serekantum on 01-06-2009 08:10 PM
You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!

Replies

Kudos0

Re: A Trojan and a new variant of "antispiwareguard" that NIS2009 not detect

On January 7, updated NIS2009 with full heuristic is not able to detect a trojan and other false antivirus that hides a trojan downloader. This malware is an .exe very similar to dangerous and resistant "antispywareguard" or that there are many fake antivirus and Internet whose claws fall unwary that run on their machines. I find it unbelievable that Symantec has not established a generic rule of detection for this type of trash that cybercriminals use to get money to their victims under false pretenses

Please take seriously my request, they have to improve the detection capability of Norton software. I used KIS during 2008 and I had no infection. However, the lack of effectiveness in detecting new malware NIS2009 beginning to worry.

I am responsible surfer and I know many internet traps, it is difficult to infect me but not impossible, every day they invent new ways to trick and infect. I send to SSR all the malware that is not detected for NIS2009, but I hope that Symantec greatly improve their effectiveness in detecting threats. improve detection is work to be done sooner

Two threats are sent to SSR, and the numbers of tracking are:

#10201272

#10201308

 

The first number corresponds to a trojan called "Octopus", the second number is the new equivalent of fake antivirus called "antispywareguard"

Thanks for read me and sorry for my inglish, i am spanishman

Message Edited by Serekantum on 01-06-2009 08:10 PM
You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: A Trojan and a new variant of "antispiwareguard" that NIS2009 not detect

This malware you are talking about is a strange one. There are new versions several times a day. this way it is difficult to make just one signature.
"All that we are is the result of what we have thought"
Kudos0

Re: A Trojan and a new variant of "antispiwareguard" that NIS2009 not detect

Hi

I agree you can't create a generic detection that deletes or detects everything that acts like this or that, It would be too broad, and that is where problems can arise with blocking, detecting and/or deleting legit programs, files,

This would cause people too become real unhappy and disgruntled. I think there is a thread where Norton is detecting MSN's screen capture as a keylogger or something.

Malware is always changing at times to try and evade detection and cause Havoc, just look at the likes of the TDSS-seneka Malware and the changes to SpywareGuard 2008.

Then malware creators will just find a way around the generic signature for detection and then the would become useless, except that it could still cause trouble with the legit things.

Quads 

Kudos0

Re: A Trojan and a new variant of "antispiwareguard" that NIS2009 not detect

I understand that it is very difficult to create a generic rule to detect and remove the garbage that manufacture these cybercriminals, but it could make a general rule that the installer detected, Kaspersky has done well with good results, and so even though the virus changes its installer would be identified as potentially dangerous, and early warning of possible dangers of downloading the file it contains.
As for the other Trojan that sent SSR (called Octopus), I think we should strengthen the analysis of SONAR to make it more effective, and SONAR notified of any application that tries to exit the Internet without being executed by the operator, whether or not to belong to Applications analyzed and classified as legitimate.
A greeting to all
Greetings
You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: A Trojan and a new variant of "antispiwareguard" that NIS2009 not detect

Kaspersky isn't catching it on signature. Only with the HIPS module.
"All that we are is the result of what we have thought"
Kudos0

Re: A Trojan and a new variant of "antispiwareguard" that NIS2009 not detect

In this case, it is a valuable guidance note Kaspersky how to solve such problems, Symantec has to find a way to not fall behind KasperskyLabs. Symantec is a company bigger and have more ways to create high quality products. Put to work intensively on the case because others are winning the race in detection and protection of our pc's. I have given me this Christmas NIS2009 and not cost me anything, but if past few months I'm still not sure I'll have to buy KIS2009.
Greetings

 
You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: A Trojan and a new variant of "antispiwareguard" that NIS2009 not detect

Norton also can't detect Win-Trojan/RealAV it's like rogue antivirus, which I submited week ago: Tracking #10185653
Kudos0

Re: A Trojan and a new variant of "antispiwareguard" that NIS2009 not detect

One word.....................AV Comparatives.
Kudos0

Re: A Trojan and a new variant of "antispiwareguard" that NIS2009 not detect

the av-comparative can say anything, but they are only words. Actual testing practices, the facts, is what really counts and feel based on the reality of things. I have in mind the comparative web specialist but I care more about the realities that I have in front of me when I tested the effectiveness of my security suite.
Greetings
You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: A Trojan and a new variant of "antispiwareguard" that NIS2009 not detect

Want actual testing then check out Matt's reviews over at Remove-Malware.com. He gave NIS 2009 an awesome score.

http://remove-malware.com/

http://www.youtube.com/mrizos

Kudos0

Re: A Trojan and a new variant of "antispiwareguard" that NIS2009 not detect

Malwareman these tests are very colorful and when I saw I liked a long time ago, but are much more important tests that I have done. One thing is what is seen on television by others, and quite another and more decisive is what one finds it on your own computer.
Personally I have seen fail NIS2009 completely updated and full heuristic. Given this fact there is no video that I serve as a contrast, you can get a thousand and thousand links to websites where they say "white", but if I see "black" on my computer... I think black.I am sure that you understand what I say

You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: A Trojan and a new variant of "antispiwareguard" that NIS2009 not detect

This is the tracking number of malicious file that I hunted last night;contains another super-new variant of the infamous "spywareguard"---->     #10205392

I sent to newvirus@kaspersky too, and this is the reply received this morning:

Hello.
New malicious software was found in the attached file. Its detection will be included in the next update.
Thank you for your help.
Trojan-Downloader.Win32.FraudLoad.vgeb

> please, added this malware to database.
> Greetings
>
>
>
Regards, Vladislav Pintiysky
Virus Analyst

Message Edited by Serekantum on 01-08-2009 07:20 AM
You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!
Kudos0

Re: A Trojan and a new variant of "antispiwareguard" that NIS2009 not detect

Detections have been added as follows: 

 

10201308 - Downloader.Misleadapp
10201272 - Trojan Horse
10185653 - RealAV
10205392 - Downloader.MisleadApp

 

JohnM

Kudos0

Re: A Trojan and a new variant of "antispiwareguard" that NIS2009 not detect

Thanks for answering JohnM, I go hunting ground new viruses a day each week and I send my catch to the security companies to contribute to the fight against cybercriminals. When catch a especially conflicting virus, and sent to Symantec Security Response, leave a message on the forum with the tracking number of the file.
Greetings and thanks JohnM
You cannot pass! I am a servant of the Secret Fire, wielder of the Flame of Anor. The dark fire will not avail you, Flame of Udûn! You... cannot pass!!!

This thread is closed from further comment. Please visit the forum to start a new thread.