False Positive???

14/12/2008 4:26:34 AM Real-time file system protection file C:\Program Files\HostsMan\uninstall.exe Win32/Adware.Cinmus application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.

 

Disable AV, restore file, zip up with password "infected" and send to samples("at")eset.com with subject "False Positive".

 

Hi,

I have also just began getting the FP's as per the original poster.

However, the files quarantined are from PowerDVD, Notepad ++ and Daemon-Tools.

Any instructions on providing information to report the FP's?

Andrew.

 

What I just said above your post.

I have both powerdvd and n++ and neither are detected. DB 3689.

 

Hi,

Well I have sent the report, there seems to be a pattern where the files being detected as FP's are actually uninstaller files of programs which use the Nullsoft Install Script (NSIS) to perform the Install/Uninstall process.

Andrew.

 

NOD32 also tagged Secunia's PSISetup.exe and the c:\Program Files\Secunia\PSI\uninstall.exe as WIN32/Adware.Cinmus application.

I think this is a FP.

Ya'll have a great day.

Bill

 

I downloaded this program from:
http://download.softpedia.com/dl/98...1113/software/network/hm_3.1.57_installer.zip

When I tried to install the program, ESET Smart Security wiped a temp file and the installation failed.

I sent an e-mail to ESET about this FP.

 

I got the same false positive - mine is the uninstaller for Faststone image viewer. How quickly does ESET pick this up?

 

fixed with the 3690 update according:
https://www.wilderssecurity.com/showthread.php?t=227849