Cannot submit False-Positive

Discussion in 'ESET NOD32 Antivirus' started by siljaline, Apr 10, 2011.

Thread Status:
Not open for further replies.
  1. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Have file ostensibly being falsely flagged as Win32/TrojanDownloader.Agent.QQC. When I attempt to move the item from Quarantine, it is deleted (re-flagged) and moved back to quarantine.

    I would like to submit this F/P to ESET but cannot at this time.

    Any suggestions ?

    Thanks.
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    what file is it, where is it located? Exclude temporarily from scanning that location. Restore the file and submit it
     
  3. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    I would sooner not disclose what the file is, it is an *.exe file located in documents and settings under a Win XP Pro SP3 Machine fully patched | Browser IE8 | EAV current version | Various layered security countermeasures |

    I will take it under advisement to exclude that directory in order to submit to ESET.

    Location of suspect file:
    Code:
    C:\Documents and Settings\siljaline\My Documents\.... Win32/TrojanDownloader.Agent.QQC trojan - cleaned by deleting - quarantined
    Cheers, Cudni
     
    Last edited: Apr 10, 2011
  4. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Just disable NOD32 move it back from Quarantine and ZIP up a copy with what ever ZIP program you use and use a password "infected" without the Quotes and send it to ESET!

    TH
     
  5. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    a quick search of ESET knowledge base gives

    Submitting file from Quarantine If you have quarantined a suspicious file that was not detected by the program, or if a file was incorectly evaluated as infected ( e.g. , by heuristic analysis of the code) and subsequently quarantined , please send the file to ESET‘s Threat Lab. To submit a file from quarantine, right-click the file and select Submit file for analysis from the context menu.

    http://kb.eset.com/esetkb/index?pag...earch&viewlocale=en_US&searchid=1302471919389
     
  6. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    We found out that action does not always work it's in one of the threads here! It's best to manually send the ZIPPED file to ESET samples@eset.com

    TH
     
  7. dzkid

    dzkid Registered Member

    Joined:
    Apr 10, 2011
    Posts:
    1
    I had the same problem today with an *.exe file ,but I deleted this file from quarantine ;then I performed a deep scan to my pc and no infection was found .
    could that be a false positive ?!

    PS:I use Eset smart security 4
     
  8. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    @Derek
    I've submitted the suspect file via ThreatSense as it was detected during a scheduled av scan, I await feedback from ESET.

    Thanks for the tip, mate. Whatever else that has been suggested other than you and Cudni, I will ignore, as the user is ignored. :ouch:
     
  9. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    You may be best served in starting a new topic although your issue may be similar.

    Thanks !

     
  10. yongsua

    yongsua Registered Member

    Joined:
    Feb 9, 2011
    Posts:
    474
    Location:
    Malaysia
    I recommend sample@eset.sk. instead of sample@eset.com. I tried to sent those files to sample@eset.com last month and until today I still don't get any response yet.PM to Marcos but he never reply me.
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The files you submitted seem to be clean. Both email addresses work fine.
     
  12. yongsua

    yongsua Registered Member

    Joined:
    Feb 9, 2011
    Posts:
    474
    Location:
    Malaysia

    Thanks for the reply but why ESET took so long to reply me?Even it is clean,ESET should inform me.
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Sometimes it's impossible to tell quickly if a file is malicious or benign and an in-depth analysis may take days.
     
Thread Status:
Not open for further replies.