cancel
Showing results for 
Search instead for 
Did you mean: 

Services request and Samples Send without answer, not email, not status change, and the malware is expanding

Hi, i send 2 samples (3 and 2 days ago)

And the service request numbers generated are:

4-15482115651

4-15459199541

This files are autocreated in many workstations and servers with double extension by example: naruto.exe.jpg

The systems afected high use of cpu and high i/o disk

Both services requests are in status Working, in progress and not extra.dat  is generated. Before send this files i send the sample to virustotal.com the result is next:

ALYacWin32.Nestha.C20160826
AVwareVirus.Win32.Neshta.a (v)20160826
Ad-AwareWin32.Nestha.C20160825
AegisLabVirus.W32.Neshta!c20160825
AhnLab-V3Win32/Neshta20160825
Antiy-AVLVirus/Win32.Neshta.b20160825
ArcabitWin32.Nestha.C20160825
AvastWin32:Apanas [Trj]20160826
Avira (no cloud)W32/Delf.I20160825
BitDefenderWin32.Nestha.C20160826
BkavW32.HanGu.PE20160825
CAT-QuickHealW32.Neshta.C820160825
ClamAVWin.Trojan.Neshta-15720160826
ComodoVirus.Win32.Neshta.a020160826
CrowdStrike Falcon (ML)malicious_confidence_100% (W)20160825
CyrenW32/HLLP.EPJG-621720160826
DrWebWin32.HLLP.Neshta20160826
ESET-NOD32Win32/Neshta.B20160826
EmsisoftWin32.Nestha.C (B)20160826
F-ProtW32/HLLP.4147220160826
F-SecureWin32.Nestha.C20160826
FortinetW32/Generic.AC.1194!tr20160826
GDataWin32.Nestha.C20160826
IkarusVirus.Win32.Neshta20160825
JiangminVirus.Neshta.b20160826
K7AntiVirusRiskware ( 0040eff71 )20160825
K7GWRiskware ( 0040eff71 )20160826
KasperskyVirus.Win32.Neshta.b20160826
McAfee-GW-EditionBehavesLike.Win32.HLLP.gh20160826
eScanWin32.Nestha.C20160826
MicrosoftVirus:Win32/Neshta.B20160826
PandaGeneric Suspicious20160825
Qihoo-360Win32/Trojan.fe420160826
SophosW32/Bloat-A20160826
SymantecW32.Neshuta20160826
TencentVirus.Win32.Neshta.a20160826
TheHackerW32/Netshta.gen20160824
TrendMicroPE_NESHTA.A20160826
TrendMicro-HouseCallPE_NESHTA.A20160826
VBA32Virus.Win32.Neshta.b20160825
VIPREVirus.Win32.Neshta.a (v)20160826
ZillyaVirus.Neshta.Win32.220160825
AVG20160826
Alibaba20160825
Baidu20160825
CMC20160824
Kingsoft20160826
Malwarebytes20160826
McAfee20160826
NANO-Antivirus20160826
Rising20160826
SUPERAntiSpyware20160825
ViRobot20160825
Zoner20160825
nProtect20160826
8 Replies
Reliable Contributor Peacekeeper
Reliable Contributor
Report Inappropriate Content
Message 2 of 9

Re: Services request and Samples Send without answer, not email, not status change, and the malware is expanding

I assume this a corporate software issue so moving to that areas malware forum

You used this method?

https://kc.mcafee.com/corporate/index?page=content&id=KB68030

You can also try the consumer path if no answer thouht you usually get 1 in 2-3 days.

In that latter method you will get an analysis Id number post that and if you haven't got an answer to the original emails I will escalate it.

Re: Services request and Samples Send without answer, not email, not status change, and the malware is expanding

Hi! Pacemaker.

yes i use the method of kb68030. I'm working with McAfee products from 14 years ago. I send samples several times. Always the answer are 20 minutes in poor times 1 day.

thanks for move.

Reliable Contributor Peacekeeper
Reliable Contributor
Report Inappropriate Content
Message 4 of 9

Re: Services request and Samples Send without answer, not email, not status change, and the malware is expanding

Pacemaker sometimes I feel I need one but that is not my name.

They could be busy so will alert them.

Done so

Re: Services request and Samples Send without answer, not email, not status change, and the malware is expanding

I'm so sorry for change your name Pacekeeper.

Thanks.

Reliable Contributor Peacekeeper
Reliable Contributor
Report Inappropriate Content
Message 6 of 9

Re: Services request and Samples Send without answer, not email, not status change, and the malware is expanding

Peacekeeper please actually I like that pacemaker 1.

If not fixed in the next day post back please

Reliable Contributor Peacekeeper
Reliable Contributor
Report Inappropriate Content
Message 7 of 9

Re: Services request and Samples Send without answer, not email, not status change, and the malware is expanding

OK we have an answer re why the delay

Basically the reason for no response is that this was sent to automation for processing and it turns out to be a file infector (virus). Now, file infectors require more complex cleaning than the standard automation routines can provide which is why he hasn't had an ExtraDAT back, we just don't provide them for viruses. It will be processed and added to the DAT in good time though. If he wants something back for this more urgently and he is an enterprise customer he can raise a Support escalation.

Hope this helps

Peacekeeper

Community moderator

Reliable Contributor catdaddy
Reliable Contributor
Report Inappropriate Content
Message 8 of 9

Re: Services request and Samples Send without answer, not email, not status change, and the malware is expanding

Actually, I indeed have a (Pacemaker/Defibrillator)...could not resist 

Cliff
McAfee Volunteer

Re: Services request and Samples Send without answer, not email, not status change, and the malware

https://fortinetvn.com/san-pham/fortigate-100d You can find it here.
HoaiDuyen - Fortinetvn.com