Cannot submit False-Positive

Discussion in 'ESET NOD32 Antivirus' started by siljaline, Apr 10, 2011.

Thread Status:
Not open for further replies.
  1. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,617
    Have file ostensibly being falsely flagged as Win32/TrojanDownloader.Agent.QQC. When I attempt to move the item from Quarantine, it is deleted (re-flagged) and moved back to quarantine.

    I would like to submit this F/P to ESET but cannot at this time.

    Any suggestions ?

    Thanks.
     
    siljaline, Apr 10, 2011
    #1
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    what file is it, where is it located? Exclude temporarily from scanning that location. Restore the file and submit it
     
    Cudni, Apr 10, 2011
    #2
  3. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,617
    I would sooner not disclose what the file is, it is an *.exe file located in documents and settings under a Win XP Pro SP3 Machine fully patched | Browser IE8 | EAV current version | Various layered security countermeasures |

    I will take it under advisement to exclude that directory in order to submit to ESET.

    Location of suspect file:
    Code:
    C:\Documents and Settings\siljaline\My Documents\.... Win32/TrojanDownloader.Agent.QQC trojan - cleaned by deleting - quarantined
    Cheers, Cudni
     
    Last edited: Apr 10, 2011
    siljaline, Apr 10, 2011
    #3
  4. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,275
    Location:
    Ontario, Canada
    Just disable NOD32 move it back from Quarantine and ZIP up a copy with what ever ZIP program you use and use a password "infected" without the Quotes and send it to ESET!

    TH
     
    Triple Helix, Apr 10, 2011
    #4
  5. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    a quick search of ESET knowledge base gives

    Submitting file from Quarantine If you have quarantined a suspicious file that was not detected by the program, or if a file was incorectly evaluated as infected ( e.g. , by heuristic analysis of the code) and subsequently quarantined , please send the file to ESET‘s Threat Lab. To submit a file from quarantine, right-click the file and select Submit file for analysis from the context menu.

    http://kb.eset.com/esetkb/index?pag...earch&viewlocale=en_US&searchid=1302471919389
     
    dvk01, Apr 10, 2011
    #5
  6. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,275
    Location:
    Ontario, Canada
    We found out that action does not always work it's in one of the threads here! It's best to manually send the ZIPPED file to ESET samples@eset.com

    TH
     
    Triple Helix, Apr 10, 2011
    #6
  7. dzkid

    dzkid Registered Member

    Joined:
    Apr 10, 2011
    Posts:
    1
    I had the same problem today with an *.exe file ,but I deleted this file from quarantine ;then I performed a deep scan to my pc and no infection was found .
    could that be a false positive ?!

    PS:I use Eset smart security 4
     
    dzkid, Apr 10, 2011
    #7
  8. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,617
    @Derek
    I've submitted the suspect file via ThreatSense as it was detected during a scheduled av scan, I await feedback from ESET.

    Thanks for the tip, mate. Whatever else that has been suggested other than you and Cudni, I will ignore, as the user is ignored. :ouch:
     
    siljaline, Apr 10, 2011
    #8
  9. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,617
    You may be best served in starting a new topic although your issue may be similar.

    Thanks !

     
    siljaline, Apr 10, 2011
    #9
  10. yongsua

    yongsua Registered Member

    Joined:
    Feb 9, 2011
    Posts:
    474
    Location:
    Malaysia
    I recommend sample@eset.sk. instead of sample@eset.com. I tried to sent those files to sample@eset.com last month and until today I still don't get any response yet.PM to Marcos but he never reply me.
     
    yongsua, Apr 11, 2011
    #10
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    The files you submitted seem to be clean. Both email addresses work fine.
     
    Marcos, Apr 11, 2011
    #11
  12. yongsua

    yongsua Registered Member

    Joined:
    Feb 9, 2011
    Posts:
    474
    Location:
    Malaysia

    Thanks for the reply but why ESET took so long to reply me?Even it is clean,ESET should inform me.
     
    yongsua, Apr 11, 2011
    #12
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Sometimes it's impossible to tell quickly if a file is malicious or benign and an in-depth analysis may take days.
     
    Marcos, Apr 11, 2011
    #13
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...