Detection issues

Discussion in 'ESET NOD32 Antivirus' started by Ego_Dekker, Aug 21, 2012.

Thread Status:
Not open for further replies.
  1. Ego_Dekker

    Ego_Dekker Registered Member

    Joined:
    Aug 22, 2010
    Posts:
    97
    Location:
    Russia
    Some detection issues are described here (v5) and here (v6).
    And another one.
    1. Choose D30B684633F7E7172A08B54F5448710B → click “Scan with ESET NOD32 Antivirus” (Smart Optimization is off) → a variant of Win32/Kryptik.AJOK.
    2. Choose D30B684633F7E7172A08B54F5448710B → click “Scan with ESET NOD32 Antivirus” (Smart Optimization is on) → undetected.

    Windows Vista (32-bit).
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It could be providing that it's a special-structured dll (ie. non-executable file). However, on actually infected systems it would be detected and removed fine. Also in-depth scan would detect it as it has smart optimization disabled.
     
  3. Ego_Dekker

    Ego_Dekker Registered Member

    Joined:
    Aug 22, 2010
    Posts:
    97
    Location:
    Russia
    CE60DCA1DA4343DAD1269A36F4D44579
    jeefo.png

    Virus signature database: 7556 (20121007)
    Update module: 1040 (20120313)
    Antivirus and antispyware scanner module: 1367 (20120921)
    Advanced heuristics module: 1134 (20120903)
    Archive support module: 1153 (20120917)
    Cleaner module: 1057 (20120626)
    Anti-Stealth support module: 1032 (20120806)
    ESET SysInspector module: 1226 (20120809)
    Self-defense support module: 1018 (20100812)
    Real-time file system protection module: 1007 (20111129)
    Translation support module: 1094 (2012092:cool:
    HIPS support module: 1056 (20120905)
    Internet protection module: 1047 (20121002)
    Database module: 1023 (20120917)
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I don't see anything wrong with the above detection. Did you mean that music.exe was incorrectly detected as Win32/Delf.NFY worm?
     
  5. Ego_Dekker

    Ego_Dekker Registered Member

    Joined:
    Aug 22, 2010
    Posts:
    97
    Location:
    Russia
    Yes, the infected file was incorrectly detected so it cannot be disinfected.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The file music.exe seems suspicious and it doesn't look like a legit application at all. Anyways, I'll pass it to the viruslab to make sure.
     
  7. Ego_Dekker

    Ego_Dekker Registered Member

    Joined:
    Aug 22, 2010
    Posts:
    97
    Location:
    Russia
    So what did they say about CE60DCA1DA4343DAD1269A36F4D44579 and EC10F8472B50DB6A51BCA8F3D25B5EFB ?
     
Thread Status:
Not open for further replies.