W32.Esbot.A not in Avast Definitions

This virus does not seem to be in the current definitions.

A customer of ours is suffering a major outbreak of this virus on their Win2k machines. Using the removal tool from

http://securityresponse.symantec.com/avcenter/venc/data/w32.esbot.a.html

It is being removed but as fast as this happens it is re-infected. The servers run Avast Server Edition but it is just not picking it up.

Will there be an update soon?

In addition this is not being picked up either

http://securityresponse.symantec.com/avcenter/venc/data/w32.esbot.b.html

What do you mean it isn’t being picked up?
Is this simply because you don’t see the name Esbot.a in the list?
There is no standard naming convention with virus names, so this may well be detected under a different name.

Do you have an infected file, that isn’t being detected? but detected by symantec, etc.

A customer of ours is suffering a major outbreak of this virus on their Win2k machines.
If they would have kept their systems up-to-date, this wouldn't have happened.
This virus does not seem to be in the current definitions.
It sure is. But as David already said, different av vendors are using different names for malware. To see what they are called, you can use VGREP

The symantec removal tool is picking it up but Avast is saying nothing even with full scan and resident shield.

Definitions fully up to date.

Can you send the file (e.g. in a password-protected ZIP archive) to virus@avast.com?

Hi Eddy and Igor,

I found in the description of the mutex created by W32/Esbot-A two names. This is odd Sophos talks about "when first run it copies itself as mousesync.exe for mouse synchronization, while in this description at http://virusalert.nl/?show=virus&id=1084 the mutex name is mousebm.exe for mouse button monitor. What is the right name? Is there a sub virus. While if the LSASS and PnP vulnerabilities are not patched, it can copy itself, the trojan compaonent can download and execute files, execute dDos attacks, and search for files on the infected machine.

greets,

polonus

Virus sent.

the B variant is wpa.exe which is what I have sent the a varient is mousebm.exe but this has been removed by Symantec removal tool now.