False Positve (nero_photoshow_express_5_setup.exe)

Downloaded this today with the latest def and latest 2.7 version.

This is a false positive.

http://download.nerophotoshow.com/downloads/nero/nero_photoshow_express_5_setup.exe > NSIS > Toolbar.exe infected with a variant of Win32/AdInstaller application.

 

No , it isn't . It is a toolbar - potentially unwanted application

 

Actually just to make it clear, the detection was not during installation as it has not been installed. This was detected at an infection during the final 99 per cent download process.

 

So ?

IMON can detect threat before they touch your hard drive

 

Wrong. The malware code already exists on your hard drive (how else do you think it got scanned?), it just hasn't been passed to the process that requested it.

 

You misunderstand why did I mentioned the above .

 

No there is no malware or any other type of infection on my machine. In fact I supply over 50,000 infections to anti-infection developers but that does not mean my machine is infected because it is not. I know what I’m doing.

And no AMON is not detecting infections before they hit the hard disk drive – cute.

I hope you are not being sarcastic. I’ve been an IT engineer for 15 years so I don't need to be told.

Try this if you have Nero.

Download Photo Express V5.0.0.85 if you have a logged in account but a trial version will do I guess and as the file is being copied from the temp file to the location specified, this is when the infection adinstaller alert is mentioned.

I scan with the latest version of NOD32 def using the latest version of NOD32 2.7, and the latest version of CouterSpy (whom I beta test for and supplied 25,000 pre-2005 infections that where not in there database, so all CounterSpy users can thank me for that time and expense ;-) ) with the latest def file.

My system is up to data and clean.

In fact anyone trying to get in to my machine would have a touch time. I have pre-boot authentication and my volumes are encrypted with 3DES and any new files are encrypted and decrypted on-the-fly. I also have My Documents that uses it own tough encryption. On boot up a special password must be inserted or the MD contents to be useable, otherwise they will be garbage to anyone trying to read them.

My point was to inform you of this. It is not me that is concerned but any newbie or less experienced user using NOD32 and downloading PhotoExpress (which I don’t use but supply to clients) may be confused.

I hope this clarifies this matter

All the best,
Gavin

 

Eset states that this is not a false positive.

 

If you reread my initial reply (post #2) I told you the same , Doubting Thomas.

 

Yes u did

 

http://www.nero.com/eng/support-nero8-faq.html?s=sub&id=83

 

I wish they wouldn't include that rubbish in the install file for the Nero packages as they have started to do.