View Full Version : Win32/Virut.NBP false positive with ReGet
miki75
November 2nd, 2009, 04:20 PM
ESET NOD32 Antivirus 3.0.684.0 with 4566 (20091102) detect as virus ReGet.exe :(
-{ Quote: "02/11/2009 21.20.08 Protezione file system in tempo reale
file C:\Programmi\ReGet Software\ReGet Deluxe\ReGetDx.exe Win32/Virut.NBP virus" }-
I have put it on exclusion list, but it's not very good ...
Regards
Miki
Marcos
November 2nd, 2009, 05:42 PM
It's unlikely there would be a Virut FP, the file is most likely infected and adding it to the exclusion list might cause other files to get infected as well. What happens if you attempt to clean the file with the on-demand scanner? Do you get an error while cleaning?
miki75
November 2nd, 2009, 07:15 PM
I'm sure the file is clean and NOT infected: ReGetDx.exe (4.291.072 byte 4 July 2008)
I have submitted to VirusTotal and only NOD32 detect as infected.
Error on cleaning, and the file is on quarantene but it's not infected.
I have recovered and excluded from scan.
NOTE: ReGetDx.exe is the original file, not cracked or something similar because I have a regular license.
Regards
Stalks
November 2nd, 2009, 07:41 PM
I can second this. Sometime today my regular Reget Deluxe has been detcted as Virut.NBP.
Eset 4.0.437.0 def 4566 is unable to clean the file.
I redownload the reget installer from http://download.reget.com/regetdx.exe and Eset refuses to let the main program file install.
Jeroen1000
November 3rd, 2009, 02:38 AM
The same virus description also has a problem with the main executable of JV16powertools 2009 http://www.macecraft.com/jv16powertools2009-info/
I've tried to send the file for analyses but that results in an error. Don't know why though...
Marcos
November 3rd, 2009, 09:28 AM
As for the executable of ReGet Deluxe, we confirm this is a false positive which will be fixed in the upcoming updates. Regarding JV16powertools, I've downloaded it but it was reported clean. Hence I assume yours was actually infected. Do any other av programs detect it at Virus Total?
Jeroen1000
November 3rd, 2009, 01:08 PM
Hi Marcos,
Only Esafe rates it as suspicious. Perhaps I can Email you the executable?
cheers,
Jeroen
miki75
November 3rd, 2009, 02:59 PM
-{ Quote: "As for the executable of ReGet Deluxe, we confirm this is a false positive which will be fixed in the upcoming updates." }-
Thanks Marcos, I'll wait the updates ...
now with 4570 detect again as virus.
Regards
Miki
Marcos
November 3rd, 2009, 03:54 PM
-{ Quote: "
Only Esafe rates it as suspicious. Perhaps I can Email you the executable?
" }-
Please submit it in a password protected archive to samples[at]eset.com with something like "Virut - False positive" in the subject and the complete download url enclosed as well.
Jeroen1000
November 4th, 2009, 12:43 PM
It seems sending the file is no longer necessary. A virus def. update must have fixed the issue:)
miki75
November 5th, 2009, 07:08 AM
My problem with ReGet is fixed, with 4575 now it works fine.
Thanks and regards
vBulletin® Copyright ©2000-2012, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2012, Wilders Security Forums