JS/Exploit.CVE-2008-0015.A.Gen trojan [FP] *? *

Threat details:

Other members of DSL Reports are reporting the same Flag, it would be appreciated if this could be investigated as soon as possible

Thanks.

 

* Bump *

Same here, Silj !

ESET, please look at this.

This is happening on a thread at the DSLR/BBR Security Forum !

NOD32 V2 :
NOD32 antivirus system information
Virus signature database version: 4222 (20090707)
Dated: dinsdag 7 juli 2009
Virus signature database build: 16262

Information on other scanner support parts
Advanced heuristics module version: 1091 (20090309)
Advanced heuristics module build: 1200
Internet filter version: 1.002 (2004070
Internet filter build: 1013
Archive support module version: 1088 (20090702)
Archive support module build version: 1231

Information about installed components
NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Base
Version: 2.70.39
NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Internet support
Version: 2.70.39
NOD32 for Windows NT/2000/XP/2003/Vista/x64 - Standard component
Version: 2.70.39

 

& Other DSLR Users.

 

Hello siljaline,

I have taken the file that appears as a threat and uploaded to Virus Total to see if we are the only company flagging it. One other is detecting it, eTrust-Vet as JS/Dish!exploit. I have submitted the file to our virus lab for analysis so we can try and get it resolved.

 

Thank you, Wayne.
I was going to post this to the DSLR board but advised a Mod of the Security Forum of this occurence so that they are aware.
Edit >
Perhaps this is why NOD is flagging the URL due to the reference ? Speculation, yet a possibility.
http://www.securityfocus.com/bid/35558

 

Hi Randy, my friend,

Just only a suggestion :
Perhaps it would have been better to post that in a new posting in this thread. In that way it is easier to keep track of things

 

Noted, thanks

 

Trojan alert on DSLR, wouldn't be the first time !

It was with another AV though, and then verified as a nasty by 2 very respected vendors after the file was sent to them. So in that case not a FP.

 

All alerts i have seen on DSLR were due to faulty AV detection that needed tweaking. What case are you talking about?

 

Can't remember exactly, but it did happen.

 

Hi StevieO,

I'm not so sure whether you're right here, to say the least.....

About the current issue:
It could very well be that a "code" in that thread is causing EAV/NOD32 to jump up, causing a FP.

I wouldn't jump to conclusions too soon. Let's give the AV companies time to look at it.

 

FanJ

Hi how are you ?

I totally agree with you, about the current issue: It could indeed very well be some code" in that thread that's causing EAV/NOD32 to jump up, causing a FP.

Regards

 

there is code in this post but it can't and does not represent danger
xttp://www.dslreports.com/forum/r22665691-

 

Page 2 of the orginal thread is still flagging something as I just posted back to.
http://www.dslreports.com/forum/r22669483-Re-Critical-0day-Microsoft-DirectShow-Vulnerability-exploi

 

Hi Stevie,
Thanks ! I'm OK.

Hi Cudni,
Thanks !
I didn't have the time to have a closer look.

Hi Randy,
Thanks !

 

I think at this juncture we should just let the minds-that-be at ESET figure
out what this is and wait and see.
Samples have been submitted galore, et alia....

 

Well the same code the virus uses is posted on page 2 of that thread and AV's are not smart enough to realize that so they take action!

 

real men dont use evil internet explorer

 

The below defs update should have addressed the issue, apparently it has not.
http://www.eset.eu/podpora/aktualizacia-4227?lng=en