Accessing ESET website re false positive

Discussion in 'ESET NOD32 Antivirus' started by rnfolsom, Jun 30, 2010.

Thread Status:
Not open for further replies.
  1. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    A month or more ago I did a Demand Scan and NOD32 v 4.0.474.0 came up with a threat:
    "NirSoft\IPNetAddressInformation103-NirSoft.zip.TrojanSuspect » ZIP » ipnetinfo.exe - probably a variant of Win32/Agent trojan." (I have omitted the full path to this file, and I added "TrojanSuspect" in order to disable it.)

    I sent Eset's website a message asking whether this could be a false positive, since NirSoft is a well known (e.g. recommended in a recent Windows Secrets newsletter) utilities source, and this file has been parked on my computer since March 2005 in a "To Consider installing" folder without NOD32 previously noticing it. I never did install any of the NirSoft utilities, including this one.

    I never got a reply, but that could be because Eset's reply got caught in my ISP's TMDA (Tagged Message Delivery Agent) spam filter.

    I didn't pursue the matter because my life has been complicated with a bizarre mix of chaotic events (which is why it has been so long between demand scans; usually I do them weekly).

    Today, a Demand Scan again came up with the same threat.

    Two questions, the answers to which I realize I should have been able to figure out for myself, are:

    1) Would a reply to the message I posted on Eset's website (in some place that I now cannot locate) be on the website itself, and if so, where?

    2) Where on Eset's website would I go to post a second request asking whether this threat really is a threat?

    This is not a major problem, because the file can easily be deleted --- it's long out of date --- but I'd still like to know how to deal with suspected false positives.

    Roger Folsom
    Thanks for any comments, suggestions, or help.

    Roger Folsom
     
    rnfolsom, Jun 30, 2010
    #1
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    I've downloaded ipnetinfo.exe from the Nirsoft web page but it wasn't detected whatsoever. You can submit it to ESET for perusal per the instructions here.
     
    Marcos, Jun 30, 2010
    #2
  3. Brambb

    Brambb Registered Member

    Joined:
    Sep 25, 2006
    Posts:
    411
    Location:
    The Netherlands
    I guess its a old version which ain't white listed.
     
    Brambb, Jun 30, 2010
    #3
  4. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    Marcos:

    I followed your advice, and sent a message containing the file to Eset, at samples@eset.com.

    Thanks very much for the link to http://kb.eset.com/esetkb/index?page=content&id=SOLN141.

    Roger Folsom
     
    rnfolsom, Jul 2, 2010
    #4
  5. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    Agreed! It definitely is a very old version (created no later than March 2005).

    Roger Folsom
     
    rnfolsom, Jul 2, 2010
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...