Assuming false positive: Kindersicherung 2013

Discussion in 'ESET NOD32 Antivirus' started by wolliballa, Mar 2, 2013.

Thread Status:
Not open for further replies.
  1. wolliballa

    wolliballa Registered Member

    Joined:
    Nov 9, 2011
    Posts:
    90
    Location:
    Germany
    xttp://s1.salfeld.net/prg/kisi2013.exe möglicherweise unbekannter Virus NewHeur_PE Virus Verbindung getrennt - in Quarantäne kopiert Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Programme\Mozilla Firefox\firefox.exe.

    Comment from manual NOD32 check:
    D:\.....\kisi2013.exe = INNO = {sys}\wdrv\wdrvser.bin - möglicherweise unbekannter Virus NewHeur_PE Virus [7]

    This location typically is a valid supplier of child security software (well known and good tests in Germany) www.salfeld.de
    Unable to upload sample from GUI ( could not test virus total due to file size/ internet connection speed.

    Signaturdatenbank: 8070 (20130302)
    Updates: 1041 (20120430)
    Viren- und Spyware-Schutz: 1382 (20130213)
    Advanced Heuristik: 1139 (2013020:cool:
    Archivunterstützung: 1161 (20130213)
    Säuberungstechnologie: 1059 (20121212)
    Anti-Stealth-Unterstützung: 1038 (20130110)
    ESET SysInspector: 1232 (20130206)
    Self-Defense-Unterstützung: 1018 (20100812)
    Echtzeit-Dateischutz: 1007 (20111129)
    Lokalisierungsunterstützung: 1100 (20121205)
    HIPS-Unterstützung: 1069 (20130225)
    Internet-Schutz: 1051 (20121203)
    Datenbank: 1029 (20130227)
     
    Last edited by a moderator: Mar 2, 2013
  2. Janus

    Janus Registered Member

    Joined:
    Jan 2, 2012
    Posts:
    588
    Location:
    Europe - Denmark .
    Hey wolliballa

    Here is some more information, on the file, from a upload to Virustotal:
    It is detected by two vendors, Eset as a "probably unknown NewHeur_PE" and by NANO-Antivirus as a Trojan.Win32.Hupigon.ctkut .
    SHA256: 6735c24ed3eca68fdf0413c9d505deb0a8708eecc14c2d8fa436e10fce983b40
    SHA1: 813e2a6b35ad0a47e19749c2e88a38adb051a77f
    MD5: 8bc138e38afed13a36246bf5137018b1
    File size: 23.5 MB ( 24623040 bytes )
    File name: kisi2013.exe
    File type: Win32 EXE
    Tags: peexe signed
    Detection ratio: 2 / 46
    Analysis date: 2013-03-01 13:18:07 UTC ( 1 day, 9 hours ago )

    Regards, Janus :))
     
  3. wolliballa

    wolliballa Registered Member

    Joined:
    Nov 9, 2011
    Posts:
    90
    Location:
    Germany
    Can anyone within ESET download this file for further analysis (and execute) ? This is a recommended update for the current 2012 version of this security program ( contains webfilters, proxy, pc session timers, reporting functions, pc lock functions etc.)
    Pls. get in contact with manufacturer, I still believe it false positive........
     
  4. er34

    er34 Guest

  5. wolliballa

    wolliballa Registered Member

    Joined:
    Nov 9, 2011
    Posts:
    90
    Location:
    Germany
    Thanks, wasn't aware of this easy going process. Done. I got stuck in both beeing not able to use GUI to send in file for analysis. Tricks made it possible to get the file to the disk but when trying to mail / upload it, the internal checks put it straight back into quarantine....

    Update Mar 05,2013 # 8079 lets install kisi2013 without problems.
    Thanks for assistance.
     
    Last edited: Mar 5, 2013
Thread Status:
Not open for further replies.