I rar'ed the file and submitted it to a few Antivirus firms, Here's the replies thus far.
AVERT Labs - Beaverton
Current Scan Engine Version:4.4.00
Current DAT Version:4440
Thank you for your submission.
Analysis ID: 1683931
Name Findings Detection Type Extra
virus.rar new detection w32/kelvir.worm Virus yes
Attached is a file for extra detection, which will be included in a future DAT set. We have detected a virus or trojan that can only be detected and removed with the attached EXTRA.DAT and 4.4.00 scan engine. The EXTRA.DAT must be used with the 4.4.00 scan engine, and we highly recommend you update to the most current DAT release. If you are not seeing this with the product you are using, please speak with technical support so they can help you determine the cause of this discrepancy.
new detection [ virus.rar ]
The file received contains a new virus or trojan, it is recommended that you update your DAT and engine files and scan your computer again.
Regards,
McAfee AVERT tm
A division of McAfee, Inc
---
Dear BYTES,
This is to notify you of the results of your submission, issue number 518611.
With regards to the file "cute.pif" submitted by you on 07 Mar 12:42:54 (Australian Eastern Standard Time), we have added cure instructions for Win32.Bropia.T to the signature files for the VET engine.
The Windows PE (I386,EXE) file "cute.pif" has been determined to be malicious. Our researchers have analysed the file and confirmed the result.
Aliases reported by other Antivirus products are listed here:
(W32/Kelvir.A) (IM-Worm.Win32.Kelvir.a)
Researcher comment:
Win32/Bropia worm variant
CA antivirus products address this malware as follows:
------------------------------------------------------
eTrust Antivirus 6.x/v7 (Vet Engine)
Engine Update version Last Update
11.7.0 11.7.8989 07 Mar
The signature update is currently undergoing extensive testing. It
should be released within 24 hours.
Once the signature file is ready, it can be downloaded here:
http://www3.ca.com/support/vicdownload/
eTrust Antivirus 6.x/v7 (InoculateIT Engine)
Engine Update version Last Update
23.68.0 23.68.57 06 Mar
This automated scanning service "Virtue" complements our regular technical support service. It is not a replacement for it. If the automatic responses you receive are incomplete or irrelevant to your query, a technician will contact you. If you have further queries, please submit them with reference number 518611 in "Plain Text" email format to
virus@ca.com.
Users of Microsoft Outlook/Outlook Express can configure the outgoing email format in the
Tools|Options...|Send|Mail Sending Format...
menu. To improve your security we recommend sending email in "Plain Text" format only. .
If you would like to comment on the quality of this automated service, please send your suggestion to
virtue.feedback@ca.com.
eTrust Global Antivirus Research Team
Computer Associates
