ANOTHER FALSE ALARM!!!!!

hello

i find a another false alarm.

please download this and i'm sur at 100% is not a virus!!!

h**p://www.pipo.com/guillermito/viguard/VG_faux_positif.zip


thank you
ZOUAVE

- Made link unclickable, not needed at this point - LWM

 

From those files, only the second is detected as "probably unknown Win32 virus". This detection if it would occured in the VB test would not be considered as false possitive due the "probably" viral character of the filesand would not disqualify NOD32 from VB 100% award.
The file itself is patched in that way, the entry point is in the stub portion of the MS-DOS EXE header. There is a jump directing the code flow out of the file which may confuse heuristic engine....
Eset has been informed.

 

Hi LWM,

Right, done by Guilllermitto, 2 years ago from NG fr.comp.securite.virus to demonstrate weaknesses in detection of Viguard.
NOD 32 don't make a false positive : on one of the sample it says "Possible virus"


Rgds,

 

Hi ZOUAVE,

>i find a another false alarm.

You are right, it is a false alarm.

> I can only imagine it's used for testing some AVs and to show they produce false positives.

The file is used for testing - we didn't have many requests from our customers who would need from us to remove this "false alarm". If we will have more such requests we will do it.

Thanks.

jan

 

Just for info

I have found that Norton, AVG and EZ-Trust AV all failed to spot anything suspicious about this test file in question but Nod (Amon) detects it just by going into the folder containing it or when any other app tries to access it.

Well done Nod32, Keep up the good work guys.

 

Thanks for clearing that up, I had misunderstood the earlier posts, I've just started using Nod after testing out various other AV's and am impressed (Just bought it), was perviously using Norton.

>Also, as JacK pointed out, NOD32 only says "possible virus", so perhaps it's not really a false positive, since it does not mistakenly call it a specific virus.<

At least it means Nod is doing something in the background and not just pretending to, it isn't stating there is a positive virus but alerting the file to be suspicious. Have I got the right idea ?

I had expected the other AV's I've tried to have had some reaction to the test file because isn't that the whole point of having a safe file that resembles a virus to use to see if the AV's are working or am I going off at a tangent again ?

 

Hi all,

the archive is currently being examined and, in case a false positive is confirmed, it will be remedied ASAP.

 

A-ha it all becomes clear now I wasn't aware that it wasn't an official test file like the EICAR test file. That explains why it couldn't be identified specifically and labled a possible win32*** type virus.

Thanks for the info.