I am becoming concerned about the reporting process after a virus I have submitted three times has still not appeared in the database.
Background: About a month ago, one of my children used e-mule and downloaded and ran a trojan. The machine became infected with a host of interesting malware. I decided to see if it was actually possible to clean it, so I isolated it from my LAN and swept it with Clamwin until it seemed clean, then went on to watch it for a while. About two weeks ago I found an entry in the HKLM/.../Run registry to run "regsvr32.exe c:\windows\lqrsyvhqlumkzzo.dll" - obviously pretty suspicious. Investigating the registry entries it added, I found that it attached itself to internet explorer and appears to be an adclicker. I checked it out at VirusTotal and got no hits on it. I haven't been first reporter on a new piece of malware for a couple years, so I was actually a little happy about finding it. I reported to ClamAV describing my findings. Follow Up: After reporting to ClamAV, I checked back to see when it would get added to the database. After a few days when it didn't happen, I thought perhaps because there were no corroborating antivirus products that detected it as malware, that maybe my submission wasn't deemed credible. I retested it at VirusTotal and got two hits, and re-reported it to ClamAV, dutifully entering in the corroboration. A few days later and still nothing. So again, a re-test at VirusTotal - 4 hits, resubmission. Nothing again. A few days later 8 hits at VirusTotal, and a resubmission. Today there are 16 hits on VirusTotal for the malware, and still no entry in ClamAV. It has now been two weeks. I don't know why I set ClamAV to update daily if it takes this long to get something added to the database. This has made me extremely concerned with the submission process. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
