advheur.nup - Reported malware in NOD32 2.70.39.rar by a-squared

Sunshine803 · #1 November 19th, 2007, 05:49 AM

I recently installed the a-squared free anti-spyware. After the in-depth scan, it reported this: D:\Downloads\Security\NOD32_Official v2.70.39.rar/ndntenst.exe/advheur.nup detected: Heuristic.ArchiveBomb

No other anti-spyware program (or NOD32) picked this up. It is shown to exist in the official version I downloaded from eset site. I installed it and then archived it away.

Thanks for any info

TonyKlein · #2 November 19th, 2007, 05:54 AM

Well, as it's clearly a False Positive you'll want to ping the a-squared folks so that they can fix this at their earliest convenience.

Sunshine803 · #3 November 19th, 2007, 07:27 AM

Thanks Tony, I thought it was but now I feel better!...

poutine · #4 November 19th, 2007, 08:40 AM

Read Thankful's response in my antispyware thread about a-squared.

Code:

http://www.wilderssecurity.com/showthread.php?t=191395

Good app but lot of False Positives.

lucas1985 · #5 November 19th, 2007, 12:54 PM

Known FP

Quote:

Heuristic.ArchiveBomb means that is probably a file with a unpacking ratio 1:10000. You can add this file to the whitelist in the scanner module to skip the detection.

Sunshine803 · #6 November 19th, 2007, 03:26 PM

Quote:

Originally Posted by poutine

Read Thankful's response in my antispyware thread about a-squared.

Code:

http://www.wilderssecurity.com/showthread.php?t=191395

Good app but lot of False Positives.

Thanks Poutine. In fact it was after I resd your thread yesterday that I downloaded a-squared (on Thankful's recommendation) LOL
It does look to be a good app, I hope it does not give me any more heartaches!..

It also gave me this:
C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe detected: Dialer

I hope this is a FP too. Please somebody comment on it if you can.
Thanks

poutine · #7 November 19th, 2007, 09:29 PM

Quote:

Originally Posted by Sunshine803

Thanks Poutine. In fact it was after I resd your thread yesterday that I downloaded a-squared (on Thankful's recommendation) LOL
It does look to be a good app, I hope it does not give me any more heartaches!..

It also gave me this:
C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe detected: Dialer

I hope this is a FP too. Please somebody comment on it if you can.
Thanks

Hi Sunshine803.

put

Quote:

C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe

in google and search it, i found some stuff about it in spybot forum, didnt have time to read properly as it late here !! good luck

SteveBlanchard · #8 November 21st, 2007, 04:23 PM

Quote:

Originally Posted by poutine

Hi Sunshine803.

put in google and search it, i found some stuff about it in spybot forum, didnt have time to read properly as it late here !! good luck

I had BT Internet a few years back, before Broadband took off. What it is is the dial up to install the BT Yahoo software on your PC, hence why it picked it as a dialler, so technically it is a FP. But if it is not necessary then I'd let a-squared delete it.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search