Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.
Do you mean this is one submission with two numbers or two submissions with one malware
1 malware submitted for 2 times
whale,
Your files have been analysed and found malicious. The files will be detected as Trojan.Dropper moving forward.
http://www.symantec.com/security_response/writeup.jsp?docid=2002-082718-3007-99
If you are using rapid release definitions from -
ftp://ftp.symantec.com/AVDEFS/norton_antivirus_corp/rapidrelease/sequence/
use Sequence: 85249 or higher. This will reflect as Version: 20080829.033.
If you are using Live Update to update definitions then this detection will be included in the set which will be available tonight around midnight, Pacific time.
Just like your 'Tracking' email, you will receive a 'Closing' email with this information shortly.
Regards,
- DesiT
Thanks.
Are the malicious applications installed by the Trojan.Dropper also detected?
The RapidRelease Definition doesn't seem to be able to detect the trojan dropper. Both NIS 2008 and 2009 in 2 different computers report that the submitted files are safe.
Hi whale,
The 2 files are indeed detected as Trojan.Dropper using version 20080829.033 (sequence 85249) and higher. You should see this behavior in NIS 2008. Did you download and install 'symrapidreleasedefsv5i32.exe' or 'symrapidreleasedefsx86.exe'? What is the result of scanning these files after performing a Live Update now?
The way the 2009 beta works, the same definition set doesn't apply. You will have to use Live Update on the 2009 product, on Tuesday 2nd of Sept 2008. There is a chance that we post the definitions for 2009 before that, but that would happen no later than 09/02/08. This is due to the testing which is being performed in preparation for the release of the 2009 products. Once the products are RTM (non-beta), the same definition sets as 2008 versions will apply.
To your second question - Yes, the dropped component is also detected as 'Downloader', using the same set of definitions mentioned above. The 'Closing' email you received yesterday would have mentioned this information.
http://www.symantec.com/security_response/writeup.jsp?docid=2002-101518-4323-99
Regards,
- DesiT
I downloaded and installed symrapidreleasedefsv5i32.exe.
The files are detected as Trojan.Dropper using NIS 2008 with definition version 20080830.007 now. Thanks.
The closing email did not mention anything about the files installed/dropped by the Trojan.Dropper.
Hi whale,
Good to know that the files you submitted are detected at your end. Here is an excerpt of your 'Closing' email -
Developer notes:
PowerISO.zip contains a known threat. Please delete this file.
Keygen.exe is a non-repairable threat. Please delete this file and replace it if necessary. Please follow the instruction at the end of this email message to install the latest available definitions.
PowerISO42.exe is a non-repairable threat. Please delete this file and replace it if necessary. Please follow the instruction at the end of this email message to install the latest available definitions.
The submitted Trojan.Dropper contains one non-malicious file (such as PowerISO and keygenerator) and one malicious file (named setup.exe) which is a Downloader.
Regards,
- DesiT
Actually I was asking whether the malicious files installed by that setup.exe (the Downloader) are detected or not.