Virus Guy said:
This is really sad.
I've got a sample of hidr.exe (06/24/2005) and it's only detected by
21 of the 32 AV packages on VirusTotal.
The sample you have, is it just a variant of a something already known?
And how well has it spread? If it hasn't done so well, that may explain
why many of the virus scanners don't bother to detect it.
and of course, you have the often overlooked scenario: they just don't
have a signature for that variant and the hueristics if used aren't
picking it up either.
Since you submitted it to virustotal, they should eventually all get
samples of the file in question. This is why I advocate sending
suspicious files to the vendors directly if at all possible. If you find
something that is missed and you think it shouldn't be, send it to your
favorite antivirus/antimalware company (and send it to myself too! You'll
be contributing to the growing BugHunter userbase). The faster the
samples arrive, the sooner products will have the required information to
identify and possibly remove them.
Here's the results if you want to see them:
http://www.virustotal.com/resultado.html? 4ffb71ab220a0c3600b76166b2b2b33f
And for Symantec, this lack of detection is undefensible.
Why doesn't VT show the packing used, or the Norman sandbox details?
VT may not know the packer used; it could be a known packer but slightly
modified to evade automated detection.
That url expires shortly after being created.
--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: (e-mail address removed)
Web...:
http://bughunter.it-mate.co.uk
Pad...:
http://bughunter.it-mate.co.uk/pad.xml
PGP...:
http://bughunter.it-mate.co.uk/bughunter.dustin.txt