Could you mail me the getsusp.zip or report that was created? Could you also send me the webimmune ids for the 9 submissions so that the team can replicate the samples on our end and check why GetSusp did not flag them?
We try to keep the report and amount of information displayed by GetSusp to minimum. By improving its accuracy, a user won't have to go through a lot of technical logs.
Technical Product Manager, McAfee Labs
thanks for the feedback, i have attached the SR number for you Service Request# 3-1124700071, however the i cannot find the getsusp results. I might have deleted it due to getting detections sorted via gold support. if i get the same again, i will keep it all and send to you.
The malware submitted uses the following registry method to startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
We have an internal build of GetSusp 220.127.116.11 available that flags malware that uses this method. This GetSusp build has not be distributed publically yet.
I'll mail this over to you right away.