Nod32 false alarm !!

Discussion in 'NOD32 version 2 Forum' started by kumarprabhatn, May 29, 2006.

Thread Status:
Not open for further replies.
  1. kumarprabhatn

    kumarprabhatn Registered Member

    May 1, 2006
    Nod32 is detecting "EvID4226 Patch" from as virus !! Its a patch needed for increasing the tcp connections.. KAV, norton, bitdefender did not detect this as virus but nod32 did.. :eek: Is it false alarm or is it really a virus o_O
  2. rumpstah

    rumpstah Registered Member

    Mar 19, 2003
    Hello kumarprabhatn:

    You may want to go back to their site and read the description. NOD32 classifies this as a tool, not a virus.

    Recent false virus-notifications
    Some AntiVir Software vendors added the patcher into their virus-definitions. The patcher is often detected as 'Tool/EvID'. But as a first info:
    The patcher ist NO VIRUS.
    Some virus and trojanwriter uses the same technique to increase the limit. After that its easier for them to spread to other computers in the internet. This runs without knowledge of the user. So he is not informed about what's going on.
    With the patcher here, every user can decide on his own if he wants to change the file and if yes how high the limit should be. Also the user will be warned if he chooses to high limits, as already infected machines will spread existent viruses and trojans easier to the net. So everybody can choose on its own and is not forced to. The patcher itself does not contain malware.
    The virus-notification therefore should be seen as an information that this program contains the functionality to increase the limit. If that program is not known or has not been installed you can delete it.
    I hope I have answered some questions.


  3. kjempen

    kjempen Registered Member

    May 6, 2004
    Perhaps NOD32 should give different looking warning screens when it detects "Potentially dangerous applications". Like for example a blue/green warning screen (instead of the "scary" red one).
  4. ASpace

    ASpace Guest

    I disagree because this ... ^tool^ ... could pose the same threat as a normal trojan
Thread Status:
Not open for further replies.