Hello,

I’ve downloaded k-lite kodeck pack on the computer proctected with Avast Home Edition 4.6.731. Virus definitions updated 26.11.2005.

Later I’ve copied k-lite’s installation file to another computer protected with NAV (virus definitions updated in july’05 (!)). And NAV immedately warned me of W32.Slime Virus in that file.

How come Avast with latest virus definitions didn’t detect that virus?

The result: I have one computer infected. A bit disappointing. What do you think?

Regards,
Sergey.

I’d say it’s false positive.

Can you scan the download link with Dr. Web pluggin?
Can you submit the file to on-line scanners to test? (virustotal and jotti)

Now uploading file to virustotal.com - it is going to take some time since installation is 13+ Megs.

Talking about false positive…You see this - let’s call it a virus untile we know for sure - performed exactly as described by Symantec (http://securityresponse.symantec.com/avcenter/venc/data/w32.slime.html).

It placed its executable (rundll.exe) in winnt\system32 folder and changed registry string to take control over any exe file being run. So I have no reason not to believe NAV.

UPDATE:
virustotal doesn’t check files above 10 MB. No luck there. Uploading file to Dr.Web online checker…

I’m also trying Kaspersky’s online detection - it is downloading virus definitions right now.

And here is what I found on their site:
http://www.viruslist.com/ru/viruses/encyclopedia?virusid=79265

Looks exactly as what I’ve downloaded by accident.

Dr.Web and Kaspersky didn’t find virus in the original file.

There is only one explanation to this.

I’ve been given a notebook - presumably clean. I had to test it, but there were no DVD player installed, so I downloaded k-lite.

It was CLEAN - and that is why Avast remained silent.

I’ve downloaded k-lite to my home computer as notebook didn’t have Internet connection.

Then I copied k-lite onto USB Flash and plugged it into THAT notebook that was already infected. So virus jumped onto k-lite’s installation.

Then I plugged USB Flash into computer with NAV, that turned on all the bells, whistles and emergency lights.

Short path:

k-lite (clean) ->my home comuter with Avast → notebook (infected) infects k-lite ->notebook with NAV (clean) detects virus

The notebook (infected) infects k-lite isn’t protected by an antivirus?

It is a test model - and for me it was first without anti-virus and DVD playback software preloaded.

I will warn others, who might have been testing it.

And now I’m cleaning it with NAV. Over wireless network. From another computer. I know, I know…easy ways are not for me.