Possible false positive

I just dug up an old file I had in my quarantine that was listed as "probably unknown STEALTH.POLY.CRYPT.TSR.DRIVER virus." I recently discovered these forums as well as the virus total website. This is what it came up with:

http://img.photobucket.com/albums/v602/anthunit/virus.jpg

I remember telling NOD32 to submit it to ESET probably about a month ago. I'm not sure exactly what the protocol is but I imagine if it was a false positive or a genuine virus and they actually received it from me there would have been some kind of definition update or something. Can someone please clarify how the process works for me and what I can do to get the file analyzed? From the description NOD32 gave me of the infection it sounds pretty nasty.

 

Hello and Welcome to Wilders !


Let me start with the fact that your NOD32 icon in the system tray is red which means NOD32 not working , protection disabled . I assume you manually disabled AMON to submit the file , anyway , you should enable it again to stay protected

So , about the malware . Submit the file to ESET Labs via email , write to [B]samples@eset.com[/B] and attach the suspected file .

If there is something (fp , for example) it will be corrected as soon as possible By the way , I have seen many examples where only NOD32 and no other security software detects a particular malware , especially heuristically , so your case might be real threat , as well ,but checking by human is required in order to be sure

 

I also submitted it by email around the time of the infection however I'm not sure if it went through because I use gmail as my primary email account and it might not have sent it to ESET. I'm also in the process of changing ISP's so I'm going to have to wait a few days before I can set up an email account with them unless someone has a free alternative that will allow me to send the file. Should I expect to get a response from ESET detailing what they found? I'd like some assurance that the file I submitted actually got through as I've had trouble with this in the past.

 

Google doesn't allow exe and com files to be sent . If you want to send this file using Gmail , you need to pack this exe into password-protected ZIP . This way Gmail won't be able to detect the exe inside and will send , don't forget to include the password .

No , the ESET policy is so that they don't reply to emails with malware submitted . May be this will change soon .

 

I sent them the files in my quarantine (the .nqf and .nqi files to sample@eset.com) but under a different non-gmail account as per the instructions in the faq section of the nod32 website. How long does it usually take them to process these files? I'm wondering cause I put the .nqf and .nqi files in the email I sent to eset with gmail (in a password protected zip file) a while ago. I was able to dig up the old email in my sent folder (sent out on Sep 1, 2006) and so far nothing has changed in terms of NOD32 detecting the file. I also verified that I didn't mess up the password in the zip file so there should have been no problem extracting it. The only thing I can think of is that it either didn't get to them or I'm not supposed to be sending them the files in my quarantine folder. How long should I wait before trying to contact them again? Or should I just send them the executable?

 

The address is samples@eset.com (note the "S" of samples ; plural)

When they receive a sample they deal with it on priority bases , I cannot tell you further details . It was detected proactively , you are protected .

Also, since it was detected proactively , you can submit it not by email but by NOD32's Threat Sense . Just open Control Center -> NOD32 Systemm Tools-> Quarantine -> find the suspected file , right click on it and press Submit for analysis and follow the instructions .

When ESET receive the sample , they will deal with it when and how they decide. I am sorry , I can't comment it because I am not from ESET , not I am not ESET staff

 

Oh ok, ill send another email to that address. I was just going off of what they said in the FAQ on their websites: "If a file is reported as infected with a probable unknown virus, we recommend to submit it to sample@eset.com" Thanks for everything. You've been a great help. I've also told NOD32 around the day it was discovered to send it via threatsense and still no dice.

 

Is this old com file so crucial for you? Does it even run on your current system that you need to fix this heuristic FP?

 

Me also thank you . You are welcome !

 

I don't understand,why so difficult to Eset to allow to submit a samples via web form?Is it too hard to do for them?

 

perhaps they will do it some day. I think it's not a priority for them right now.

 

It only requires some refinements (hopefully), but it's almost ready

 

wow...this is cool. Thx Marcos! Can you give us the link ?

 

I'd say when it's ready he'll certainly do that

Cheers

 

I can't wait...my dream comes true finally

 

Yes! Thanks!