PDA

View Full Version : NOD 32 False Positive New Prevx CSI

Hermescomputers
February 5th, 2008, 11:10 PM
Hello all... here's a sure FP...
I downloaded the Executable as well as performed an built in update and both detected and killed by NOD32 3.0

A scan at virus total came up clean:
[ file data ]
* name: PREVXCSIFREE.EXE
* size: 621624
* md5.: 5b3f4f9e32eafe0a975bafc596baed9d
* sha1: 48a2770a41849ed7a9a42d0c3d00ef8ed89d293d

Sorry, I already had it posted in the "other malware Thread"....
http://www.wilderssecurity.com/showpost.php?p=1176615&postcount=1
proactivelover
February 5th, 2008, 11:37 PM
make sure you have letest update of eav v3 (2851)
i download the file no any warning
ctrlaltdelete
February 6th, 2008, 03:11 AM
I did send an e-mail about the FP to ESET support on monday.

The download is clean on virustotal, it's prevxcsi.exe in a temp directory that triggers the heuristics.
Or the same file if the program is installed.

"probably a variant of Win32/Genetik trojan"

Also detected by another AV as Generic9.AYPR and some suspicious AV's think it's Suspicious 8)

prevxcsi.exe
File size: 89600 bytes
MD5: 2e1dc859748231b6485c27d594a9331c
SHA1: 1dec79c42237c443e93f71383ea8dbe332e3739e
Stijnson
February 6th, 2008, 04:07 AM
Strangely enough I don't get the FP with NOD2.7.???
ctrlaltdelete
February 6th, 2008, 05:27 AM
{QUOTE-> Strangely enough I don't get the FP with NOD2.7.??? <-QUOTE}

Did you install the latest release (v1.2.103.196 or higher)?
And are NOD32's heuristics enabled?
Stijnson
February 6th, 2008, 05:42 AM
{QUOTE-> Did you install the latest release (v1.2.103.196 or higher)?
And are NOD32's heuristics enabled? <-QUOTE}

The answer to both questions is Yes.
On another machine AVG Free also 'detects' it as a threat (Trojan horse Generic9.AXPJ).
ctrlaltdelete
February 6th, 2008, 05:58 AM
I guess version 2.7 is using another heuristics module.

Did try to run the file on another machine with NOD32 v 3 def. 2852 and it got busted again.
Paul Wilders
February 6th, 2008, 06:09 AM
{QUOTE-> Hello all... here's a sure FP...
I downloaded the Executable as well as performed an built in update and both detected and killed by NOD32 3.0

A scan at virus total came up clean:
[ file data ]
* name: PREVXCSIFREE.EXE
* size: 621624
* md5.: 5b3f4f9e32eafe0a975bafc596baed9d
* sha1: 48a2770a41849ed7a9a42d0c3d00ef8ed89d293d

Sorry, I already had it posted in the "other malware Thread"....
http://www.wilderssecurity.com/showpost.php?p=1176615&postcount=1 <-QUOTE}

Since this issue is/has been handled in the thread mentioned above, please hop over there (http://www.wilderssecurity.com/showthread.php?t=199518).

This thread is closed.

regards,

paul