NOD 32 False Positive New Prevx CSI

Hermescomputers · #1 February 5th, 2008, 11:10 PM

Hello all... here's a sure FP...
I downloaded the Executable as well as performed an built in update and both detected and killed by NOD32 3.0

A scan at virus total came up clean:
[ file data ]
* name: PREVXCSIFREE.EXE
* size: 621624
* md5.: 5b3f4f9e32eafe0a975bafc596baed9d
* sha1: 48a2770a41849ed7a9a42d0c3d00ef8ed89d293d

Sorry, I already had it posted in the "other malware Thread"....
http://www.wilderssecurity.com/showp...15&postcount=1

proactivelover · #2 February 5th, 2008, 11:37 PM

make sure you have letest update of eav v3 (2851)
i download the file no any warning

ctrlaltdelete · #3 February 6th, 2008, 03:11 AM

I did send an e-mail about the FP to ESET support on monday.

The download is clean on virustotal, it's prevxcsi.exe in a temp directory that triggers the heuristics.
Or the same file if the program is installed.

"probably a variant of Win32/Genetik trojan"

Also detected by another AV as Generic9.AYPR and some suspicious AV's think it's Suspicious

prevxcsi.exe
File size: 89600 bytes
MD5: 2e1dc859748231b6485c27d594a9331c
SHA1: 1dec79c42237c443e93f71383ea8dbe332e3739e

Stijnson · #4 February 6th, 2008, 04:07 AM

Strangely enough I don't get the FP with NOD2.7.

ctrlaltdelete · #5 February 6th, 2008, 05:27 AM

Quote:

Originally Posted by Stijnson

Strangely enough I don't get the FP with NOD2.7.

Did you install the latest release (v1.2.103.196 or higher)?
And are NOD32's heuristics enabled?

Stijnson · #6 February 6th, 2008, 05:42 AM

Quote:

Originally Posted by ctrlaltdelete

Did you install the latest release (v1.2.103.196 or higher)?
And are NOD32's heuristics enabled?

The answer to both questions is Yes.
On another machine AVG Free also 'detects' it as a threat (Trojan horse Generic9.AXPJ).

ctrlaltdelete · #7 February 6th, 2008, 05:58 AM

I guess version 2.7 is using another heuristics module.

Did try to run the file on another machine with NOD32 v 3 def. 2852 and it got busted again.

Paul Wilders · #8 February 6th, 2008, 06:09 AM

Quote:

Originally Posted by Hermescomputers

Hello all... here's a sure FP...
I downloaded the Executable as well as performed an built in update and both detected and killed by NOD32 3.0

A scan at virus total came up clean:
[ file data ]
* name: PREVXCSIFREE.EXE
* size: 621624
* md5.: 5b3f4f9e32eafe0a975bafc596baed9d
* sha1: 48a2770a41849ed7a9a42d0c3d00ef8ed89d293d

Sorry, I already had it posted in the "other malware Thread"....
http://www.wilderssecurity.com/showp...15&postcount=1

Since this issue is/has been handled in the thread mentioned above, please hop over there.

This thread is closed.

regards,

paul

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search