Blocklist Manager installer alert, F/P?

Discussion in 'ESET NOD32 Antivirus' started by act8192, Apr 23, 2009.

Thread Status:
Not open for further replies.
  1. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
    I wanted to use the Blocklist manager, which I thought is a fairly known application, but NOD32 v3 threw these alerts at me

    4/23/2009 2:28:39 PM Real-time file system protection file E:\a-Apps\a-Apps-A3\BlockListMgr\Blocklist_Manager_Install_2.7.7.exe Win32/NetTool.Portscan.C application NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Opera\opera.exe.

    4/23/2009 2:28:03 PM Real-time file system protection file C:\Documents and Settings\Owner\Local Settings\Application Data\Opera\Opera\profile\cache4\opr0465A Win32/NetTool.Portscan.C application NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Program Files\Opera\opera.exe.

    Am I supposed to worry, submit to ESET or what?
     
  2. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    I just tried downloading a copy of the file from the author on a system with virus signature database 4031 and was unable to reproduce this.

    Can you please update your virus signature database to 4031 (or newer), try downloading the file again and report back what warnings you receive from your copy of ESET NOD32 Antivirus, if any?

    Regards,

    Aryeh Goretsky
     
  3. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
    My signatures are 4031 as well :(
    What now?
     
  4. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
  5. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
  6. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    file0030.bin gives Nod concern.

     
  7. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
    Bubba,
    How did you get this nice long log? And did you install from the same place I did?

    Btw, I scanned the .html and .exe files separately few minutes ago. 121 objects each. NOTHING detected. Go figure.
    Both files have identical CRC, MD5 and SHA values.

    Anyway, here's another link - appears the alert is due to the angryIP port checking application (angryziber) which now is an optional item to install since people reported various antimalware complaints.
    http://www.bluetack.co.uk/forums/lofiversion/index.php/t17393.html
     
  8. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    By selecting Log all objects in the Other section of ThreatSense engine parameter setup for for the scan I ran which was On-demand computer scan.

    The exe I downloaded was from the blocklistpro.com site.

    Bubba
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's not FP. The installation package contains the IP Scanner tool which can be exploited for malicious purposes and thus it's detected as unsafe application.
     
  10. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
    Hmmmm, Same setting here, and no details for me. Though I did NOT do computer scan. The first bunch of alerts (initial post) were just from download. Then the second, from scanning the files by NOD in the context menu of explorer.
    Do you think there might be a difference? Of course I'll find out when I scan the computer (I don't do that too often, real-time job is effective), but I thought you might now.
     
  11. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
    Makes perfect sense now. Thank you very much.
    Had I known the portscan was part of an editor of IP files i wouldn't have bothered anybody here. Thanks to all :)
     
Thread Status:
Not open for further replies.