This isn't a false positive, but a completely missed virus. I tried scanning a flash drive with BitDefender Client Security and BD didn't alert about the folder. I also tried scanning with AVG 9.0 and Avast 4.8.1355 (all up to date) and they all missed it.
Shall I send it in?
Seth
Full Version: Malena.exe Inside Pozuka
QUOTE (umiwangu @ Nov 21 2009, 03:20 PM) 
This isn't a false positive, but a completely missed virus. I tried scanning a flash drive with BitDefender Client Security and BD didn't alert about the folder. I also tried scanning with AVG 9.0 and Avast 4.8.1355 (all up to date) and they all missed it.
Shall I send it in?
Seth
Shall I send it in?
Seth
I just submitted the file to virusscan.jotti.com and only 5 of the 19 engines listed there detected it.
Here's the link - http://virusscan.jotti.org/en/scanresult/2...31a895813d5914e
Hello Seth,
Please put the file(s) in an archive with the password infected, upload it on www.sendspace.com (or any other file sharing server) and send me the download link by PM. Please don't post the link on the public forum.
Thank you.
Cris.
Please put the file(s) in an archive with the password infected, upload it on www.sendspace.com (or any other file sharing server) and send me the download link by PM. Please don't post the link on the public forum.
Thank you.
Cris.
QUOTE (Cris @ Nov 22 2009, 12:42 AM)
Hello Seth,
Please put the file(s) in an archive with the password infected, upload it on www.sendspace.com (or any other file sharing server) and send me the download link by PM. Please don't post the link on the public forum.
Thank you.
Cris.
Please put the file(s) in an archive with the password infected, upload it on www.sendspace.com (or any other file sharing server) and send me the download link by PM. Please don't post the link on the public forum.
Thank you.
Cris.
Will do.
The file has been signed as Worm.Generic.101134. This detection is already on the BitDefender update servers.
Thank you for your submission.
Cris.
== CLOSED ==
== Issue solved ==
Thank you for your submission.
Cris.
== CLOSED ==
== Issue solved ==
QUOTE (Cris @ Nov 25 2009, 02:41 PM)
The file has been signed as Worm.Generic.101134. This detection is already on the BitDefender update servers.
Thank you for your submission.
Cris.
== CLOSED ==
== Issue solved ==
Thank you for your submission.
Cris.
== CLOSED ==
== Issue solved ==
just to bring everyone up to speed...
I updated to the latest definitions and BD still doesn't see anything wrong with malena.exe (by the way, did anyone see what a 'malena' is?). After I updated, I tried restarting and got several Memory not available errors (I'm trying to remember what the exact wording is, the one that says the referenced memory could not be read). When I started up again, I got an error message mentioning Notepad.exe, and I noticed that malena.exe has 'notepad.exe' as it's description (the symbol is the same as a .png file, on XP anyway).
I checked Event Viewer, under Applications and noticed there was a faulting application malena.exe (before I restarted) and then nissan.exe (after I restarted), so there is definitely something here on the system.
Right now I'm doing a full system scan to see what I can find.
Cheers
Seth
Here is the scan log. Completely clean.
Something is still up though....
Something is still up though....
Cris/everyone...
More details on the machine:
The errors are mostly reproduce-able. I just restarted and got the same errors. The ones during shut down were from svchost.exe, referencing memory at address ... and could not be (executed, reached, referenced?).
The one after user log in says that Notepad has encountered a problem and needs to close. It gives the option to Debug, send in the error report to MS or to Don't send the report. The interesting thing is that the icon in the upper right-hand corner of the dialog box is the same icon as the malena app. The flash drive is not plugged in while this happens.
And yes, I'm still getting faulting application nissan.exe in Event Viewer (applications). It says 'Faulting application nissan.exe, version 5.1.2600.5512 (makes it sound like part of XP), faulting module unknown, version 0.0.0.0, fault address 0x0000000.'
More details on the machine:
The errors are mostly reproduce-able. I just restarted and got the same errors. The ones during shut down were from svchost.exe, referencing memory at address ... and could not be (executed, reached, referenced?).
The one after user log in says that Notepad has encountered a problem and needs to close. It gives the option to Debug, send in the error report to MS or to Don't send the report. The interesting thing is that the icon in the upper right-hand corner of the dialog box is the same icon as the malena app. The flash drive is not plugged in while this happens.
And yes, I'm still getting faulting application nissan.exe in Event Viewer (applications). It says 'Faulting application nissan.exe, version 5.1.2600.5512 (makes it sound like part of XP), faulting module unknown, version 0.0.0.0, fault address 0x0000000.'
I found a reference towards a file called nissan.exe here. Apparently it is malware. Maybe this helps.
http://forum.bitdefender.com/index.php?showtopic=15879
http://forum.bitdefender.com/index.php?showtopic=15879
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.