Confused about the latest scan

Discussion in 'ESET NOD32 Antivirus' started by Eagle55, Aug 25, 2012.

Thread Status:
Not open for further replies.
  1. Eagle55

    Eagle55 Registered Member

    Joined:
    Jun 17, 2010
    Posts:
    6
    I just updated to V5.2.9.1 I'm running Windows 7 Pro 32 bit Service Pack 1

    Today I did a computer scan and the results said:
    2 infected files / 0 cleaned files

    I looked in the log and the 2 files are:

    C:\Users\my pc\Downloads\PopUp Domination\popup-domination-stand-alone.zip » ZIP » popup-domination/installx/index.php - PHP/Obfuscated.F potentially unwanted application

    C:\Users\my pc\Downloads\PopUp Domination\popup-domination.zip » ZIP » popup-domination/popup-domination.php - PHP/Obfuscated.F potentially unwanted application

    This is a program I use on some of my websites ... I don't think there is anything infected with it o_O So how do I stop NOD from flagging it ... though I guess it didn't delete or quarantine it ??

    This week I had another issue with a plugin I was downloading - I will post that as a separate issue.

    Thanks for your help!
    Ellie
     
  2. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Hello Ellie!

    Potentially Unwanted Application detections is a detection setting that is un-checked by default.
    So you must have check that setting your self in the setup tree, or during the installation.

    So in order to get rid of the detection simple go into the setup tree and uncheck the checkbox.

    And PUA/PUP detections does not necessarily mean that the program is infected, but that it may behave in an unwanted and/or unexpected way.

    If NOD32 did quarantine the files then you can simply restore them if you know they are clean.

    FYI, This support article will surely answer a few questions....
    http://kb.eset.com/esetkb/index?pag...earch&viewlocale=en_US&searchid=1345959916002

    HTH SweX :)
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I assume the files contain a script utilizing a code obfuscation exploited by malware writers for the purpose of evading detection.
     
  4. PopUp Domination

    PopUp Domination Registered Member

    Joined:
    Aug 26, 2012
    Posts:
    1
    Location:
    Aberdeen, UK
    Hi,

    I found this thread by way of monitoring for PopUp Domination. I'm the new lead developer there and the obfuscated code being referred to is part of the installation process. It was put in place by a previous dev as part of his "security" measures to check license keys match. The whole system is about to be overhauled so that this check is performed in a better way. I'd be happy to show you the code if you're still worried (or run it through any online php de-obfuscator).

    Hope that helps allay any fears.

    Thanks
     
  5. Eagle55

    Eagle55 Registered Member

    Joined:
    Jun 17, 2010
    Posts:
    6
    Truth is I always ran NOD right out of the box ... During setup I probably checked everything - thinking this is what I needed to do!!

    Thanks for the link -- I did as it said ... so hopefully this clears it up. ;)
     
  6. Eagle55

    Eagle55 Registered Member

    Joined:
    Jun 17, 2010
    Posts:
    6
    Thanks for your response here...
     
  7. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
Thread Status:
Not open for further replies.