amon detecting Kav 4.5 updates as virii?

Hi,
Over the last 2 nights while I've been away from my pc, nod32 amon has found 2 different avp1c**.tmp files and suggested that they are *probably* both crypt.win32virus. I have recently updated my on demand kav to 4.5.094 pro and I'm hoping that this is a false positive, on both occasions I deleted the files, where maybe I should have quarantined them and submitted them to Eset...

Kav is set to update every few hours and does tend to create files beginning with avp1c**.tmp I have noticed, so maybe nod is wrong?

However, I have found nothing when scanning these files via nod on demand scanner.

Please advise?

#
Toby.

 

Here is the actual nod32 report;

Time Module Object Name Virus Action User Info
09/02/2005 22:54:01 AMON file C:\WINDOWS\TEMP\AVP1C4B.tmp probably unknown CRYPT.WIN32 virus deleted NT AUTHORITY\SYSTEM

 

No, these files are packed malware that KAV unpack and then AMON detect them.

 

Ah, so they are okay to ignore, how can I setup nod to ignore them automatically in future? Other than excluding the temp folder of course?

mtia
#
T.

 

Wouldn't it be possible to copy the file to quarantine before you delete it and then send the content of the program files\eset\infected folder to samples@eset.com for analysis?

 

Yes, next time it happens I will do that, but am I likely to get a reply? Or is it just submitted and reacted to/dismissed accordingly internally?

I have recently run full scans (with all the bells and whistles switched on) and found nothing, so I'm a little perplexed...

#
Toby.

 

Further update...

I have just run a full Kav 4.5 scan (finding nothing) but nod came up with an alarm again, I tried to quarantine, but an error message was displayed - perhaps there was nothing to quarantine as kav had finished its scan and may have already deleted the file?

Anyway, here is a copy from my log;

Time Module Object Name Virus Action User Info
10/02/2005 13:48:01 AMON file C:\DOCUME~1\toby\LOCALS~1\Temp\AVP19C1.tmp probably unknown CRYPT.WIN32 virus error quarantining the object - - deleted HOME-39E90DB473\toby

#
Toby

 

Since the file is deleted from the temp folder instantly, it's imposible for NOD to copy it to quarantine. Would you please confirm or deny it happens regardless of what folder you scan? If AMON springs into action only when scanning a particular folder/file, the best would be to narrow it down to that file and send it to us for analysis.