W32/Nadme.A - anyone else seen this?

Forum for support for the Kaspersky AntiVirus for WinGate plugin

Moderator: Qbik Staff

W32/Nadme.A - anyone else seen this?

Postby markt » Dec 06 05 11:56 pm

From 5/12 we have recevied a few emails (from the CIA!!, wow) that contain a single zip (random name) - this always carried the same ex file gsbill.exe. Kaserpsky ignores it, Avast! ignores it - only my desktop F-Prot has picked this up as W32/Nadme.A. This is following an enforced signature update (which is scheduled hourly anyway).

Anyone else seen this?

Markt
markt
 
Posts: 56
Joined: Oct 08 03 3:34 am

Re: W32/Nadme.A - anyone else seen this?

Postby Nev » Dec 07 05 12:13 am

Hi Markt,

Does KAV identify the file if you save it and manually scan using the plugin?

Assuming it's not already quarantined by other products that is.

How do you connect, proxies / NAT + intercepts?
--
Nev.
Nev
WinGate Guru
 
Posts: 861
Joined: Sep 22 03 11:35 pm
Location: Mudgee ~ NSW ~ Australia

Postby markt » Dec 07 05 1:02 am

Hi Nev,

Indeed it does, as Trojan-Proxy.Win32.Agent.hx

Internal email server uses wingate POP3 proxy, which goes through ENS for scanning - it captures manyothers with no problem.

The file will go through SMTP delivery (outbound) also.

Markt
markt
 
Posts: 56
Joined: Oct 08 03 3:34 am

Postby Nev » Dec 08 05 11:45 pm

Hi Markt,

Send me a copy of the file, hmm, try mudgeepc[at]yahoo.com and I'll figure out some way of downloading it to one of my pop accounts.

Haven't had a virus for a while and this one sounds like a challenge...

Cheers!
Last edited by Nev on Dec 09 05 9:10 am, edited 1 time in total.
--
Nev.
Nev
WinGate Guru
 
Posts: 861
Joined: Sep 22 03 11:35 pm
Location: Mudgee ~ NSW ~ Australia

Postby markt » Dec 09 05 2:37 am

Nev,

file emailed to supplied address - details
within email.

Markt
markt
 
Posts: 56
Joined: Oct 08 03 3:34 am

Postby Nev » Dec 09 05 10:50 am

markt wrote:Nev,

file emailed to supplied address - details
within email.

Markt


Hi Markt,

Could you try again to nice-viruses[at]ifixcomputers.com.au cheers!!
--
Nev.
Nev
WinGate Guru
 
Posts: 861
Joined: Sep 22 03 11:35 pm
Location: Mudgee ~ NSW ~ Australia

Postby Nev » Dec 09 05 11:41 pm

Hi Markt,

Well even zip in zip with password, KAV quarantined it here as proxy, great result!

Cheers!

------------------------------------------------------------
WinGate DataScanning has blocked the following message:

Message: 0000000115
From: ******* *** <****@yahoo.***.**>
To: nice-viruses@***********.com.au
Subject: Qbik posting - W32/Nadme.A - anyone else seen this?
Size: 42205 bytes
Reason: Content blocked. Kaspersky AntiVirus 2.0 for WinGate blocked . The file is infected with Trojan-Proxy.Win32.Agent.hx

Please contact the Administrator ( ADMINISTRATOR@WINGATE ) to release this email.
Last edited by Nev on Dec 10 05 10:50 pm, edited 1 time in total.
--
Nev.
Nev
WinGate Guru
 
Posts: 861
Joined: Sep 22 03 11:35 pm
Location: Mudgee ~ NSW ~ Australia

Postby markt » Dec 10 05 2:14 am

Thanks for the update Nev,

I had to send it through that account to bypass email server scanner and Kaspersky - seems as though there was a little window of exposure there we fell victim to (though it never ran thanks to f-prot on the desktop).

Your efforts are appreciated.

Markt
markt
 
Posts: 56
Joined: Oct 08 03 3:34 am


Return to Kaspersky AntiVirus for WinGate

Who is online

Users browsing this forum: No registered users and 18 guests

cron