Community Help Hub

lhernandez · ‎08-25-2016

Hi, i send 2 samples (3 and 2 days ago)

And the service request numbers generated are:

4-15482115651

4-15459199541

This files are autocreated in many workstations and servers with double extension by example: naruto.exe.jpg

The systems afected high use of cpu and high i/o disk

Both services requests are in status Working, in progress and not extra.dat is generated. Before send this files i send the sample to virustotal.com the result is next:

ALYac	Win32.Nestha.C	20160826
AVware	Virus.Win32.Neshta.a (v)	20160826
Ad-Aware	Win32.Nestha.C	20160825
AegisLab	Virus.W32.Neshta!c	20160825
AhnLab-V3	Win32/Neshta	20160825
Antiy-AVL	Virus/Win32.Neshta.b	20160825
Arcabit	Win32.Nestha.C	20160825
Avast	Win32:Apanas [Trj]	20160826
Avira (no cloud)	W32/Delf.I	20160825
BitDefender	Win32.Nestha.C	20160826
Bkav	W32.HanGu.PE	20160825
CAT-QuickHeal	W32.Neshta.C8	20160825
ClamAV	Win.Trojan.Neshta-157	20160826
Comodo	Virus.Win32.Neshta.a0	20160826
CrowdStrike Falcon (ML)	malicious_confidence_100% (W)	20160825
Cyren	W32/HLLP.EPJG-6217	20160826
DrWeb	Win32.HLLP.Neshta	20160826
ESET-NOD32	Win32/Neshta.B	20160826
Emsisoft	Win32.Nestha.C (B)	20160826
F-Prot	W32/HLLP.41472	20160826
F-Secure	Win32.Nestha.C	20160826
Fortinet	W32/Generic.AC.1194!tr	20160826
GData	Win32.Nestha.C	20160826
Ikarus	Virus.Win32.Neshta	20160825
Jiangmin	Virus.Neshta.b	20160826
K7AntiVirus	Riskware ( 0040eff71 )	20160825
K7GW	Riskware ( 0040eff71 )	20160826
Kaspersky	Virus.Win32.Neshta.b	20160826
McAfee-GW-Edition	BehavesLike.Win32.HLLP.gh	20160826
eScan	Win32.Nestha.C	20160826
Microsoft	Virus:Win32/Neshta.B	20160826
Panda	Generic Suspicious	20160825
Qihoo-360	Win32/Trojan.fe4	20160826
Sophos	W32/Bloat-A	20160826
Symantec	W32.Neshuta	20160826
Tencent	Virus.Win32.Neshta.a	20160826
TheHacker	W32/Netshta.gen	20160824
TrendMicro	PE_NESHTA.A	20160826
TrendMicro-HouseCall	PE_NESHTA.A	20160826
VBA32	Virus.Win32.Neshta.b	20160825
VIPRE	Virus.Win32.Neshta.a (v)	20160826
Zillya	Virus.Neshta.Win32.2	20160825
AVG		20160826
Alibaba		20160825
Baidu		20160825
CMC		20160824
Kingsoft		20160826
Malwarebytes		20160826
McAfee		20160826
NANO-Antivirus		20160826
Rising		20160826
SUPERAntiSpyware		20160825
ViRobot		20160825
Zoner		20160825
nProtect		20160826

Peacekeeper · ‎08-25-2016

I assume this a corporate software issue so moving to that areas malware forum

You used this method?

https://kc.mcafee.com/corporate/index?page=content&id=KB68030

You can also try the consumer path if no answer thouht you usually get 1 in 2-3 days.

In that latter method you will get an analysis Id number post that and if you haven't got an answer to the original emails I will escalate it.

lhernandez · ‎08-26-2016

Hi! Pacemaker.

yes i use the method of kb68030. I'm working with McAfee products from 14 years ago. I send samples several times. Always the answer are 20 minutes in poor times 1 day.

thanks for move.

Peacekeeper · ‎08-26-2016

Pacemaker sometimes I feel I need one but that is not my name.

They could be busy so will alert them.

Done so

lhernandez · ‎08-26-2016

I'm so sorry for change your name Pacekeeper.

Thanks.

Peacekeeper · ‎08-26-2016

Peacekeeper please actually I like that pacemaker 1.

If not fixed in the next day post back please

Peacekeeper · ‎08-26-2016

OK we have an answer re why the delay

Basically the reason for no response is that this was sent to automation for processing and it turns out to be a file infector (virus). Now, file infectors require more complex cleaning than the standard automation routines can provide which is why he hasn't had an ExtraDAT back, we just don't provide them for viruses. It will be processed and added to the DAT in good time though. If he wants something back for this more urgently and he is an enterprise customer he can raise a Support escalation.

Hope this helps

Peacekeeper

Community moderator

catdaddy · ‎08-26-2016

Actually, I indeed have a (Pacemaker/Defibrillator)...could not resist

Cliff
McAfee Volunteer

Former Member · ‎12-15-2018

https://fortinetvn.com/san-pham/fortigate-100d You can find it here.

Services request and Samples Send without answer, not email, not status change, and the malware is expanding

Re: Services request and Samples Send without answer, not email, not status change, and the malware is expanding

Re: Services request and Samples Send without answer, not email, not status change, and the malware is expanding

Re: Services request and Samples Send without answer, not email, not status change, and the malware is expanding

Re: Services request and Samples Send without answer, not email, not status change, and the malware is expanding

Re: Services request and Samples Send without answer, not email, not status change, and the malware is expanding

Re: Services request and Samples Send without answer, not email, not status change, and the malware is expanding

Re: Services request and Samples Send without answer, not email, not status change, and the malware is expanding

Re: Services request and Samples Send without answer, not email, not status change, and the malware

Community Help Hub

Join the Community