NOD32 FIX 1.9 has a trojan virus

[Guest Heritz]

Hello nsane staff,

The NOD32 FIX 1.9 that cames with your NOD32 download version has a trojan virus named IRC/SdBot.

Why is this? Everytime I execute the FIX, the NOD32 launch me and AMON warning, telling me that my SVCHOST file is trying to be replaced by another file infected with IRC/SdBot.

IRC/SdBot is a trojan that let the hacker to control the computer via IRC commands. Did you develop this FIX?, if you did, why did you placed a virus on it? if you didn't, so, why is this happening?

Regards!

[myidisbb]

Hello nsane staff,

The NOD32 FIX 1.9 that cames with your NOD32 download version has a trojan virus named IRC/SdBot.

Why is this? Everytime I execute the FIX, the NOD32 launch me and AMON warning, telling me that my SVCHOST file is trying to be replaced by another file infected with IRC/SdBot.

IRC/SdBot is a trojan that let the hacker to control the computer via IRC commands. Did you develop this FIX?, if you did, why did you placed a virus on it? if you didn't, so, why is this happening?

Regards!

did you actually get the file from here? what nod32 are you running? i dont see any problem. did you get it from p2p? i dont see a problem.

delete your fix and get a new fresh one from here.

edit

are you saying when you downloaded nod32, it came with a fix at the sametime? then that dont from here.

[nsane]

impossible, the fix only changes a few registry settings, it includes NO executeable files at all ;)

[myidisbb]

impossible, the fix only changes a few registry settings, it includes NO executeable files at all ;)

his winrar might be effected adn everytime he opens a rar

[Guest Heritz]

Well, I downloaded it from BitTorrent (mininova) it contains: nentenst64, NOD32.FiX.v1.9 and readme.txt.

Thats all, and that fix has a virus. Anyway, let me download the FIX again from nsane site and let me test.

Regards!

[Guest Heritz]

I downloaded the fix again from nsane site and it has NO virus on it.

I reported the file to mininova to remove it from their database.

Thank you buddies! and sorry for the inconvenience!

[myidisbb]

Well, I downloaded it from BitTorrent (mininova) it contains: nentenst64, NOD32.FiX.v1.9 and readme.txt.

Thats all, and that fix has a virus. Anyway, let me download the FIX again from nsane site and let me test.

Regards!

p2p is a nice way to find stuff but you have to use extra protection. btw what winrar version are you using? if pre 3.50 then you got problems and should update. mininova has nothing to do with viruses in programs and will not help you. you actually could get yourself into legal problems by sending information to them. you should use emule kind of p2p anyway. ip blockers cant protect you when you use bt.

now that you have found this site you might what to look around.

[Guest oxygenuk]

Downloads:  514

god damn scammers

[Guest Heritz]

Whats wrong with the WinRAR <3.50 ? I got the 3.50 version, but what is the problem with those versions?

[Guest roxmar12]

This is a report processed by VirusTotal on 11/01/2005 at 05:38:11 (CET) after scanning the file "NOD32.FiX.v1.9-nsane.exe" file.

Antivirus Version Update Result

AntiVir 6.32.0.6 10.31.2005 no virus found

Avast 4.6.695.0 10.31.2005 no virus found

AVG 718 10.29.2005 no virus found

Avira 6.32.0.6 10.31.2005 no virus found

BitDefender 7.2 11.01.2005 no virus found

CAT-QuickHeal 8.00 10.31.2005 no virus found

ClamAV devel-20050917 10.31.2005 no virus found

DrWeb 4.33 10.31.2005 no virus found

eTrust-Iris 7.1.194.0 10.31.2005 no virus found

eTrust-Vet 11.9.1.0 10.31.2005 no virus found

Fortinet 2.48.0.0 10.31.2005 no virus found

F-Prot 3.16c 10.31.2005 no virus found

Ikarus 0.2.59.0 10.31.2005 no virus found

Kaspersky 4.0.2.24 11.01.2005 no virus found

McAfee 4616 10.31.2005 no virus found

NOD32v2 1.1269 10.31.2005 no virus found

Norman 5.70.10 10.31.2005 no virus found

Panda 8.02.00 10.31.2005 no virus found

Sophos 3.99.0 11.01.2005 no virus found

Symantec 8.0 10.31.2005 no virus found

TheHacker 5.9.1.026 10.31.2005 no virus found

VBA32 3.10.4 10.31.2005 no virus found

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.> Go to: Home Contact En español

--------------------------------------------------------------------------------

www.virustotal.com :: @ Hispasec Sistemas 2004 :: e-mail [email protected]

[myidisbb]

Whats wrong with the WinRAR <3.50 ? I got the 3.50 version, but what is the problem with those versions?

winrar 3.50 has some built in protection against bad nasty crap.

Changes in 3.51:

Fixed two vulnerabilities, which could be exploited with specially crafted ACE and UUE/XXE archives;

3.50 beta has

Security changes:

a) WinRAR shell does not allow to run *.pif files. Archived PIF

files is one of typical ways for computer viruses to distribute;

;) WinRAR shell does not allow to run files having 5 or more

continuous spaces in the name. For example, "calc.txt .exe".

Viruses frequently add such spaces to confuse users and hide

the real extension. WinRAR shell removes these continuous spaces

except first and last also when displaying names of such files

in the file list.