Possible F/P on T.E.P's removelop.exe

Got this hit after having run Eraser last night (although AMON probably just picked it up on its' own as it wandered along scanning during the Eraser run):

(From the email sent by NOD) "12/14/2004 0:48:02 AM - AMON - Antivirus monitor Program Virus Alert triggered on NONE-8EE7DS6F1Q: C:\Program Files\Acesoft\Tracks Eraser Pro\Plugins\removelop.exe infected with probably unknown NewHeur_PE virus."

Everything's wide-open here, settings-wise, in NOD.


(NOD info)
NOD32 Antivirus System information
Virus signature database version: 1.947 (20041214)
Dated: Tuesday, December 14, 2004
Virus signature database build: 5062

Information on other scanner support parts
Advanced heuristics module version: 1.011 (20041126)
Advanced heuristics module build: 1067
Internet filter version: 1.002 (2004070
Internet filter build: 1013
Archive support module version: 1.024 (20041125)
Archive support module build version: 1104

Information on installed components
NOD32 For Windows NT/2000/XP/2003 - Base
Version: 2.12.2
NOD32 For Windows NT/2000/XP/2003 - Internet support
Version: 2.12.2
NOD32 for Windows NT/2000/XP/2003 - Standard component
Version: 2.12.2

Operating system information
Platform: Windows XP
Version: 5.1.2600 Service Pack 2
Version of common control components: 5.82.2900
RAM: 1024 MB
Processor: AMD Athlon(tm) Processor (1325 MHz)

Should I submit it? I'm thinkin' it's probably a F/P. Pete

 

Okey-dokey. Gotta zip it up - Comporium won't deliver anything with an exe as an attachment. Pete

*Sent

 

Okay, it's been six days since I sent it in (four "business" days) and I haven't received confirmation of the file as malware (or even receipt of the file I sent).

Nor has the F/P (if that's what it is) been removed (I'm still getting hits on it from NOD up to and including a full scan that just finished minutes ago).

NOD32 Antivirus System information
Virus signature database version: 1.953 (20041219)
Dated: Sunday, December 19, 2004
Virus signature database build: 5080

Information on other scanner support parts
Advanced heuristics module version: 1.011 (20041126)
Advanced heuristics module build: 1067
Internet filter version: 1.002 (2004070
Internet filter build: 1013
Archive support module version: 1.024 (20041125)
Archive support module build version: 1104

Information on installed components
NOD32 For Windows NT/2000/XP/2003 - Base
Version: 2.12.2
NOD32 For Windows NT/2000/XP/2003 - Internet support
Version: 2.12.2
NOD32 for Windows NT/2000/XP/2003 - Standard component
Version: 2.12.2

Operating system information
Platform: Windows XP
Version: 5.1.2600 Service Pack 2
Version of common control components: 5.82.2900
RAM: 1024 MB
Processor: AMD Athlon(tm) Processor (1325 MHz)


ESET does have some form of technical support, doesn't it? Pete

 

Merry Christmas, everyone!

Still getting this upon full scans with NOD32:

C:\Program Files\Acesoft\Tracks Eraser Pro\Plugins\removelop.exe - probably unknown NewHeur_PE virus [7]

so I'll just keep submitting it (daily) until I get a response.

HOHOHO! <g> Pete

 

Someone at Eset is working - the definitions update today is proof of that... my guess is the same person doesn't update their virus definitions database that drives the web site - no clues yet from the Eset/NOD32.COM/.CH sites as to what the update does, but at least we have it!

See... http://www.nod32usa.com/nod32-updates/ for at least an interim message concerning the v1.958 Virus Definitions Update....

Merry Christmas everyone!!

 

Update or no update - the alert keeps showing up:

NOD32 Antivirus System information
Virus signature database version: 1.958 (20041225)
Dated: Saturday, December 25, 2004
Virus signature database build: 5105

Information on other scanner support parts
Advanced heuristics module version: 1.011 (20041126)
Advanced heuristics module build: 1067
Internet filter version: 1.002 (2004070
Internet filter build: 1013
Archive support module version: 1.025 (20041221)
Archive support module build version: 1106

Information on installed components
NOD32 For Windows NT/2000/XP/2003 - Base
Version: 2.12.2
NOD32 For Windows NT/2000/XP/2003 - Internet support
Version: 2.12.2
NOD32 for Windows NT/2000/XP/2003 - Standard component
Version: 2.12.2

Operating system information
Platform: Windows XP
Version: 5.1.2600 Service Pack 2
Version of common control components: 5.82.2900
RAM: 1024 MB
Processor: AMD Athlon(tm) Processor (1325 MHz)

(Does all that program info look like it's the most current available to everyone?). Pete

 

This might not be as clear-cut as first thought.... a quick google for removelop.exe yields several sites that list the file as one to be removed or deleted. Perhaps your F/P is not F at all... even though it came from something you considered a "reliable" source.

hth

GHL

 

GHL - Yes, that might conceivably be why I first submitted the file 11 days ago!. Pete

 

Hi Pete:

Your program components should be similar to the following (the 2.12.3 must be directly downloaded from Eset (or your reseller's site) it is not an automatic update):

NOD32 Antivirus System information
Virus signature database version: 1.958 (20041225)
Dated: Saturday, December 25, 2004
Virus signature database build: 5105

Information on other scanner support parts
Advanced heuristics module version: 1.011 (20041126)
Advanced heuristics module build: 1067
Internet filter version: 1.002 (20040708 )
Internet filter build: 1013
Archive support module version: 1.025 (20041221)
Archive support module build version: 1106

Information on installed components
NOD32 For Windows NT/2000/XP/2003 - Base
Version: 2.12.3
NOD32 For Windows NT/2000/XP/2003 - Internet support
Version: 2.12.3
NOD32 for Windows NT/2000/XP/2003 - Standard component
Version: 2.12.3

 

rumpstah - I installed 2.12.3 and scanned. Same alert, but thanks for reminding me about that (these four days off have been a Godsend for catching up with stuff).

Hope you're having a very Merry Christmas there. Pete

 

Email sent to sample@nod32.com

TracksEraserPro people notified via email.

 

Email from NOD's Tech Support received this morning:

"Hello,

this was only a false positive and is going to be cured in the next update
1.959. Thank you for sending us the sample.


Regards,

Mark


ESET Software Technical Support
www.nod32.com "

Thank you. That's all I wanted to know. I'll verify after 1.959 comes out. Pete

 

Full scan came up clean.

Case closed.

After all, it only took a couple of weeks to resolve. Pete