False positive GSCclient.exe after updating to 3456

I've been using a voice client named GSC for quite some time and I know this is a trusted application. Since I updated the virus database to version 3456 NOD32 tells me the file is a possible virus, but it's not. The same goes for update files of the same program.

I figured I'd bring this to your attention I'm not sure if you need more details, if so I'll be happy to provide them.

 

The best would be if you could send ESET copies of all detected files , to samples@eset.com . Do mention in the Subject line of the email that you send them false positive detections .

They will analyse the files and hopefully will correct the mistake

 

Last time I tried that NOD32 prevented me from emailing the samples. It's just a similar thing as the case with other .exe files returning false positives a while ago.

I'll send in the client for analysis with NOD32 itself...

EDIT: Just like I said, I can't send this file to ESET for analysis. NOD32 just tells me it can't send the file for analysis. And it's too huge to email, about 8 MB. My provider doesn't allow me to send files with that size.

 

Try zipping the files and then email them.

 

Upload on http://4storing.com/ (when you open the page , click on the Great Britain flag to open the page in English) and then send ESET a link to that file.

 

Okay, just did that. Thanks for the help

 

Hello,

I downloaded copies of GameServers' GSC Client Application v.1.00.2068 and v.2.00.3000 Beta and did not receive any reports of malware with virus signature database 3466. Can you tell me what was detected with your copy of ESET NOD32 Antivirus and whether or not it is still being reported?

Regards,

Aryeh Goretsky

 

I don't really recall right now, but as soon as I get the window again I'll leave info here.

I do recall though I got a NOD32 alert yesterday that said GSC was a virus, but I know that's not the case. It happened when I was using GSC while I was playing an online game. I use GSC to talk to people online while I play, maybe that triggered it. Funny thing is NOD32 doesn't show any alerts when I run GSC, no, it happens during online play.

Sorry for not replying to this earlier btw.

 

Hello,

Can you tell me the complete and exact threat message as reported from your log file?

Regards,

Aryeh Goretsky

 

Yes, I can. I can also tell you the circumstances how it happened.

Just now I was running GSC and the game America's Army. I noticed NOD32 updated its virus database and shortly after the update I got a screen showing the following alert:

Possible unknown Newheur_PE virus

That's the exact same message I got some days ago.

I hope this info was helpful enough to you.

 

I was wondering if there's any updates on this issue?

 

I've downloaded the GSC client from http://getgsc.com/gsc/downloads and installed it fine. EAV didn't flag any of the files.

 

metalalbert,

this issue exists because NOD32 refuses to resolve an issue previously posted about this. please see https://www.wilderssecurity.com/showthread.php?t=222259 for all the details

 

Hello,

We did some testing earlier and confirmed the issue has been resolved, MetalAlbert.

See this message thread for details of the test methodology and results.

Regards,

Aryeh Goretsky

 

agoretsky

does this mean that NOD32 is no longer flagging usage of madcodehook as a virus? for more details see https://www.wilderssecurity.com/showthread.php?t=222259

 

Hello,

To summarize the message at https://www.wilderssecurity.com/showpost.php?p=1330448&postcount=13, ESET Smart Security v3.0.672.0 with virus signature database update 3510 did not detect any malware when downloading, installing or running GameServers.Com GSC client v2.00 build 3003.

I cannot say what will or will not be reported on the GSC client with a subsequent version of the virus signature database because the author could make changes to the software which cause a false positive alarm in the future, bundle adware or other potentially unwanted software with their application, and so forth.

Regards,

Aryeh Goretsky

 

agoretsky,

while i do appreciate you restating what is stated in the reference you gave that still does not answer the question "does this mean that NOD32 is no longer flagging usage of madcodehook as a virus?"

 

bumping thread since no response.

 

Thanks for looking into this.

However, I'm still using the Dutch version of NOD32 Antivirus, version number 3.0.650.0. And I'm not using GSC 2.0, I'm using GSC 1.00 Build 2069. I think I didn't mention that before, sorry about that. At the time I posted my question I believe 2.00 wasn't out yet, so I assumed you guys knew it was 1.00.

Hopefully the problems are solved now. I'll keep you informed.

 

Otherwise known as spam. Please, stop behaving like 5 yrs old child.

 

Hello,

All I can tell you are the results of the test ESET, LLC performed.

Please keep in mind that there are a variety of program files such as keyloggers, password crackers, remote control applications and so forth which might be acceptable for a help desk or IT department to use for assisting their users or securing their computers which all have legitimate uses, but when a specific version gets installed by a Trojan downloader or deployed via some other means by malware, it is no longer being used beneficially but as a tool to further the ends of the malware author (bank theft, fraud, blackmail, additional criminal hacking activities and so forth). In these cases, detection of the software is added, usually with a classification of Potentially Unsafe Software or Potentially Unwanted Software.

While this may be an inconvenience for people who are using that particular application for legitimate business reasons, the reason for detecting it is because the application has been identified as being used maliciously in the wild.

ESET's customers purchase their software to protect themselves from a wide spectrum of threats and, as such ESET is obliged to protect them not just things like viruses and worms, but other programs found to have been used for malicious purposes.

Regards,

Aryeh Goretsky

 

so then can we get a response from someone who would be able to tell us if this issue was resolved?

 

over 30 days since metalalbert reported the bug and over 9 days since i reported the bug and still no word on a resolution from NOD32.

 

Hello,

I am sure that as soon as MetalAlbert is able to confirm the issue has been resolved he will let us know, Musikit.

Please keep in mind that not everyone who reports an issue with a product in a web forum returns to let people know if or how the issue has been resolved.

Regards,

Aryeh Goretsky

 

I'm currently doing some testing on my computer. At this point I can confirm:

1. A scan by NOD32 of both the full GSC dir and the GSC client itself came up clean. I scanned the files with the virus definitions database 3534.

I am now waiting to see what happens when NOD32 updates the virus defintions database. If NOD32 does not return a false positive after this the problem should be solved for me.