Virus only detected by Norman?

See: http://zulu.zscaler.com/submission/show/b0d3f137472f94de75773af110daa4f7-1346517554
See: https://www.virustotal.com/url/5818de9e0a645507a6bf1d88383cc62cd4979def01366c2d0a07e60a75d28cfb/analysis/
and https://www.virustotal.com/file/ec4dbf726707ecb2ad675b0f197044cd343428adc53007d4a98d682ad4e61cfb/analysis/1346098051/
detailed analysis: http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Agent-XOB/detailed-analysis.aspx

reported to virus AT avast dot com

the sigcheck looks strange…

Sigcheck

publisher…:
product…: rgeg
internal name…:
copyright…:
original name…: grer.exe
file version…: rg
description…:

and new at VT so it may be correct.

First seen by VirusTotal

2012-08-27 20:07:31 UTC ( 4 dager, 20 timer ago )

Hi Pondus,

All part of this malware campaign, described here: http://www.mywot.com/en/forum/21464-qai-jar-malware-cve-2010-1885?page=16
see the network connection 67.215.225.205:8080

polonus

well, seems Norman found it first …but the scan you posted was 4 days old

here is latest :wink:
https://www.virustotal.com/file/b0c1f702fd706d4454ae0dc852c4f882d69b2da62b9a3b06c218bd0d74d54f4d/analysis/1346520125/

and here Norman does not detect ???

i will check it…

OK, the VT file you posted has MD5 95ad8e46c1847d150bec9ab42ba2e85f
the one that comes down now has MD5 3e23d62adc21bf701eb1eb5263be0ad5

so not the same file, guess that explains it …and Norman added a autosignature on that one Troj_Generic.DUHCA (autoadded)

Hi Pondus,

So seems we are being protected,

polonus