14/12/2008 4:26:34 AM Real-time file system protection file C:\Program Files\HostsMan\uninstall.exe Win32/Adware.Cinmus application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.

Disable AV, restore file, zip up with password "infected" and send to samples("at")eset.com with subject "False Positive".

Hi,

I have also just began getting the FP's as per the original poster.

However, the files quarantined are from PowerDVD, Notepad ++ and Daemon-Tools.

Any instructions on providing information to report the FP's?

Andrew.

What I just said above your post.

I have both powerdvd and n++ and neither are detected. DB 3689.

Hi,

Well I have sent the report, there seems to be a pattern where the files being detected as FP's are actually uninstaller files of programs which use the Nullsoft Install Script (NSIS) to perform the Install/Uninstall process.

Andrew.

NOD32 also tagged Secunia's PSISetup.exe and the c:\Program Files\Secunia\PSI\uninstall.exe as WIN32/Adware.Cinmus application.

I think this is a FP.

Ya'll have a great day.

Bill

I downloaded this program from:
http://download.softpedia.com/dl/98f9580e28345816f76c8ea17bb3bd44/49451273/100021113/software/network/hm_3.1.57_installer.zip

When I tried to install the program, ESET Smart Security wiped a temp file and the installation failed.
{QUOTE-> 14.12.2008 г. 16:01 ч. Real-time file system protection file C:\Users\Maniac\AppData\Local\Temp\7zS3950.tmp\HostsMan_Setup.tmp Win32/Adware.Cinmus application cleaned by deleting - quarantined PC\Maniac Event occurred on a new file created by the application: C:\Users\Maniac\AppData\Local\Temp\Rar$EX00.446\HostsMan_Setup.exe. <-QUOTE}

I sent an e-mail to ESET about this FP.

I got the same false positive - mine is the uninstaller for Faststone image viewer. How quickly does ESET pick this up?

fixed with the 3690 update according:
http://www.wilderssecurity.com/showthread.php?t=227849