PDA

View Full Version : NOD32's Integrated SysInspector doesn't work correctly!

harsha_mic
September 13th, 2009, 01:34 PM
Hi,

I'm again with some unusual finding in my system. Here are the details...

When i scan my system with NOD32's Integrated SysInspector, it flags almost every process in my system as Risky (rating - 9) and many other files, registry entries. But when i scan with an standalone version (1.1.2.0), not a single entry is flagged as risky...

Note: I don't seem to have any infection or any strange behavior.

My System Info..
XP SP3/NOD32 v4.0.437.0/OA Premium

Thanks,
Harsha.
Marcos
September 13th, 2009, 01:59 PM
Have you tried uploading some of those files to VirusTotal?
harsha_mic
September 13th, 2009, 02:23 PM
Thanks for the reply Marcos.

I have scanned few of the flagged files... Out of which user32.dll is flagged by 2 vendors which seems to be a false positive.

-{ Quote: "sens.dll - http://www.virustotal.com/analisis/7105b026f966a992430f86c3698abe15ec73e4772f1a3e362e29fd5247a5dca6-1252864972
setupapi.dll - http://www.virustotal.com/analisis/b1c5a16a73250dea900ff6ece71f604e2411b4fdfd497564beb7d867a75640bf-1252865073
sfc.dll - http://www.virustotal.com/analisis/95568f138216ffadcfc4bae8a12825ffe53f2ea04c5cac2ad10f65fc0c4e3cdb-1252865127
filterpipelineprintproc.dll - http://www.virustotal.com/analisis/1d0d5ac87acdf3f041d9c31a92bfe7b1b81cbad81f8f7ce8183fc3f61caff8cc-1252865203
winlogon.exe - http://www.virustotal.com/analisis/45377cb8e9f0120f836fc8261c711f7dbf7199117afb3652ebf100d5f0429b1e-1252865357
user32.dll (2 detections) - http://www.virustotal.com/analisis/acd0ae7b4d5f871e148276c6cc4ae3a216e33f67fc78d827c16986e1f945438c-1252865319
gdiplus.dll - http://www.virustotal.com/analisis/2be272a683c26255a674d4afedb3a495d214adce69d819ea2ade77f489b30487-1252865576
wsock32.dll - http://www.virustotal.com/analisis/449a140065197779c0f8588e5c53014bbf54a9c74818d5cfdcb88cc7b36f44cf-1252865602
xpsp2res.dll - http://www.virustotal.com/analisis/dea7c556ba9c91e056e6035e77a793a77e428d493518d1c6f796b003d4f07305-1252865703
usp10.dll - http://www.virustotal.com/analisis/41a703e314eb8e397586b585c93f6e8243eccd44297c240a15c82d01516c35eb-1252865701" }-

I've scanned with a-squared free (smart scan) and it doesn't detect a single item as risky.

Note: Standalone Version doesn't flag a single entry. You can see the attached screenshot in my previous post.