I have tried with many combinations of compressing two files into a self extractor(exe) with WinRAR. Every attempt is blocked by NOD32 saying its a Trojan which is wrong because TDS-3 is running with exec prot active. ??? ??? ???

Hey Eliot,
Its radicalb21. I have just tested and gotten the same result as you. First what version of WinRAR are you running? I am running WinRAR 3.20. Also could you please post a copy of your Virus Log as well as post a copy of your system information as screenshots. Second could you please send a copy of the quarantine files to samples@nod32.com. Also if you are running Windows XP or ME you will want to delete your restore points and then restart your computer. Right click my computer choose prorperties select the system restore tab and put a check mark in turn off system restore click apply then ok you will also get another box come up telling you are disabling system restore just click ok. Next restart your system. When you get back to your desktop right click on my computer and choose properties then select the system restore tab and take the check mark out of turn off system restore then click apply then ok. Next go to Start then all programs then accessories then system tools then system restore. Then click on system restore select create a restore point and name it whatever you want then click ok.


Time***Module***Object***Name***Virus***Action***User***Info
10/20/2003 23:08:52 PM***AMON***file***C:\Documents and Settings\v1ru5\My Documents\teamshadow_ecqttc.sfx.exe***Win32/IRC.SdBot.EC trojan***error occured while quarantining the object - - error while deleting - error while deleting - error while deleting - error while renaming******
10/20/2003 23:08:00 PM***AMON***file***C:\Documents and Settings\v1ru5\My Documents\teamshadow_ecqttc.sfx.exe***Win32/IRC.SdBot.EC trojan***quarantined - deleted***V1RU5-RUI01HDAI\v1ru5***


NOD32 Antivirus System information
Virus signature database version:***1.537 (20031020)
Dated:***Monday, October 20, 2003
Virus signature database build:***3989

Information on other scanner support parts
Advanced heuristics module version:***1.003 (20030805)
Advanced heuristics module build:***1032
Archive support module version:***1.005 (20030924)
Archive support module build version:***1061

Information on installed components
NOD32 For Windows NT/2000/XP - Base
Version:***2.000.6
NOD32 For Windows NT/2000/XP - Internet support
Version:***2.000.6
NOD32 for Windows NT/2000/XP - Standard component
Version:***2.000.6

Operating system information
Platform:***Windows XP
Version:***5.1.2600 Service Pack 1
Version of common control components:***5.82.2800
RAM:***512 MB
Processor:***Intel(R) Pentium(R) 4 Mobile CPU 1.50GHz (1495 MHz)

I would appreciate a response from an ESET Moderator, Forum Moderator or member as well as an Administrator. I believe this to be a false positive. I scanned this file before trying to do a self extracting exe file. I tried this both in a .rar and .zip format and both times AMON popped up numerous times about this. Any and all help would be appreciated. I also scanned the file in question numerous times with online scanners looking at that specific file. These online services didn't detect the trojan it said I have. I will be forwarding the quarantined file to ESET samples email address.

Answer from Rod and further discussion over here:

http://www.wilderssecurity.com/showthread.php?t=15223