Why NIS 2009 can't detect Adware.Lop?

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.

I have a series of Adware.Lop samples (two pack, 239MB and 324MB), and I had uploaded some (about 300MB) in the past three months.
I check the Detections Added everyday, I saw the Adware.Lop detection updated many times, but NIS 2009 still can't detect them.
Why NIS 2009 still can't detect them? And how can I do? 

 

It also called Trojan.Win32.Obfuscated.gen (Kaspersky), or Trojan.Swizzor.1 (BitDefender).

 

Message Edited by ONE on 09-17-2008 10:56 AM

SaLaDiN wrote:

submit it to Symantec...again...

 

here

 

 

and write the tracking numbers of samples...


Message Edited by SaLaDiN on 09-17-2008 11:14 AM

This is indeed the best solution.

Please send them to Symantec so they can examin and test them

2 Likes

SaLaDiN wrote:

submit it to Symantec...again...

 

here

 

 

and write the tracking numbers of samples...


Message Edited by SaLaDiN on 09-17-2008 11:14 AM

I had used that page.
I had said, I already uploaded the samples (about 300MB) in the past three months.

i can read....i wrote submit AGAIN...and write the tracking numbers....

 

or write the tracking numbers of the old samples here and wait for a reaction from a symantec employee


SaLaDiN wrote:

i can read....i wrote submit AGAIN...and write the tracking numbers....

 

or write the tracking numbers of the old samples here and wait for a reaction from a symantec employee


I had submitted them many times, and the tracking number counts are more than 200..

unfortunately, i dont see another solution...

 

try to write the latest tracking numbers and wait for a reaction...


Message Edited by SaLaDiN on 09-17-2008 12:58 PM

Hi ONE

 

I once had the same problem of not receiving a reply from the Security Team, but I kept a record of the tracking numbers, and posted them on here. One of the moderators checked it out for me, and I received a reply with the results almost immediately.

 

I suggest you try this method. Remember when you submit samples here, they must be in a zipped file, and be NO LARGER than 10MB.

 

Let us know how you get on, thanks.

 

PS You can supply the tracking numbers in this thread.

Message Edited by johna on 09-18-2008 03:29 PM

Thanks,  johna and SaLaDiN, I uploaded some of them again.

  
[TRACKING]: Symantec Security Response Automation: Tracking #9929986β€Ž -     
  
[TRACKING]: Symantec Security Response Automation: Tracking #9929983β€Ž -  

  
[TRACKING]: Symantec Security Response Automation: Tracking #9929977β€Ž -   

  
[TRACKING]: Symantec Security Response Automation: Tracking #9929974β€Ž -   

  
[TRACKING]: Symantec Security Response Automation: Tracking #9929971β€Ž -   

  
[TRACKING]: Symantec Security Response Automation: Tracking #9929968β€Ž -   

  
[TRACKING]: Symantec Security Response Automation: Tracking #9929963β€Ž -
   

If Symantec Staff need those all samples (324MB), please give me a way to submit them.

Message Edited by ONE on 09-18-2008 07:38 PM
Message Edited by ONE on 09-18-2008 07:41 PM
Message Edited by ONE on 09-18-2008 07:41 PM
1 Like

Thanks ONE

 

You should receive a reply within 48 hours, can you keep us informed of the progress, thanks.

Well done ONE.

That's really the only way to do it. 

Now, after the latest update, some samples can be detected now, but still a lot samples can't be detected.

(Before the two pack are 239MB and 324MB, now are 235MB and 321MB)

I will try to submit other samples recently.

Thank you all.

After I submitted again, now they are 189MB and 280MB.
Although still many samples can’t be detected, I still want to thank Symantec Staffs to care this problem.

Did you hear back re those samples you submitted?

Thanx ONE

Please keep in mind that in almost 300MB of samples there are lot's of samples. So lot's of work for the employees to test and make signatures. please give them some time.


Stu wrote:

Thanx ONE

Please keep in mind that in almost 300MB of samples there are lot's of samples. So lot's of work for the employees to test and make signatures. please give them some time.


I know that, I had uploaded all the threats I have.
And now they are 103MB and 201MB now.

Now it only left 4 files..

A lot of them detected as "Packed.Generic.189"

Message Edited by ONE on 10-12-2008 08:57 AM

submit it to Symantec...again...

 

here

 

 

and write the tracking numbers of samples...


Message Edited by SaLaDiN on 09-17-2008 11:14 AM