PDA

View Full Version : probably a variant of Win32/Genetik trojan found

tihctw
July 22nd, 2009, 10:40 AM
Hi,
I'm a programmer. One of the dll files I created was regarded as a variant of Win32/Genetik trojan by your anti-virus software. But it's NOT! I've sent the file to an online scanner (http://virusscan.jotti.org). The result was "1 out of 21 scanners reported malware" and NOD32 was the one and only. Please tell me how I can get around of this? I can send the dll to you for more detailed verification. Give me the email address, please. I need to get it fixed ASAP as our customers are complaining about it.
Thank you very much! Your quick response is highly appreciated.
My email is ... Snip: personal email address removed

Tihctw
Marcos
July 22nd, 2009, 10:52 AM
Please refer to the KB article (http://kb.eset.com/esetkb/index?page=content&id=SOLN141&actp=search&viewlocale=en_US&searchid=1248274273069) dealing with submitting files for analysis.
TheKid7
July 22nd, 2009, 06:47 PM
I had the same "probably a variant of Win32/Genetik trojan found" this morning. I submitted it for analysis.

I suspect it is a false positive.
tihctw
August 12th, 2009, 12:04 AM
-{ Quote: "Please refer to the KB article (http://kb.eset.com/esetkb/index?page=content&id=SOLN141&actp=search&viewlocale=en_US&searchid=1248274273069) dealing with submitting files for analysis." }-

Hi, I did follow the KB article and sent the samples to samples[at]eset.com. I got a reply and said it's fixed on July 23. I tested it and the problem still happened. So I email again with the Track number on July 28. No more reply then. Could you please help me to get this fixed. Here is my Track number [TRACK#4A67CEAE0004].
Please!! Thank you very much in advance.

Tihctw
danieln
August 12th, 2009, 03:37 AM
Sorry, but no email from you was received on the July 28.
Suggest you send it again.
Marcos
August 12th, 2009, 03:52 AM
It sounds like you didn't send it to samples[at]eset.com, but elsewhere (e.g. to a distributor). Please send it to the above mentioned email address in an archive protected with the password "infected" and "False positive - Genetik" in the subject. Also enclose as much information about the application as possilble, e.g. its purpose and the url we can download it from, if applicable.
tihctw
August 12th, 2009, 08:44 AM
-{ Quote: "Sorry, but no email from you was received on the July 28.
Suggest you send it again." }-
Okay, I just resend it to samples[at]eset.sk and samples[at]eset.com with the subject "RE: infected, False positive - Genetik [TRACK#4A67CEAE0004]".
Please let me know if you receive it or not.
We have got hundreds of email complaining about this. And my boss is pushing me!!! Please help!
Thank you again for the help and time.

Tihctw