Crossloop

Discussion in 'ESET NOD32 Antivirus' started by Capp, Jan 5, 2009.

Thread Status:
Not open for further replies.
  1. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    It Appears that Crossloop is now showing up as a Trojan Variant again. I've had it installed on my office systems for a long time now and use it on hundreds of clients systems with no problems. It was detected awhile back as a heuristics detection and I submitted it for analysis and even excluded it from scans, but it appears to be catching it again.
    Here is the message from this mornings scan log.

    C:\Program Files\CrossLoop\CrossLoopConnect.exe - probably a variant of Win32/Genetik trojan


    Anybody know anything about this?

    Thanks
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Send it for analysis to samples("at")eset[dot]com with the subject "False Positive". Probably a heuristic update got it detected.
     
  3. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    already did.

    Just thought I'd post it in case anybody else discovered this as well.
     
  4. danieln

    danieln Eset Staff

    Joined:
    Jan 7, 2009
    Posts:
    112
    If it was already fixed by ESET, the exact same file should remain undetected. Sometimes I upgrade to a newer version of NOD32 and just after install there is an older version of database. However FPs fixed in a new version of DB are problem again, until DB is updated to a recent version.
     
  5. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    As of this morning, Crossloop is being detected and deleted again.

    I excluded the entire program files folder and added the .exe to the exclusion list as well just in case, and it still got rid of them. I don't want to have to uncheck "unwanted/dangerous applications" just to keep it from deleting my VNC program.



    I've submitted this more than once as an issue. It is now detecting it as a Win32/RemoteAdmin.WinVNC Application, because it is one, but its not a dangerous one.

    I need this app on my workstations and my server and it's kinda frustrating when I check my weekend scan logs to see that it was deleted from every workstation again.

    Anybody from Eset that sees this, can you look into it again please? Thank You
     
Thread Status:
Not open for further replies.