ESEA client false positive

Discussion in 'NOD32 version 2 Forum' started by Anth-Unit, Sep 5, 2007.

Thread Status:
Not open for further replies.
  1. Anth-Unit

    Anth-Unit Registered Member

    Joined:
    Oct 13, 2006
    Posts:
    108
    NOD32 is detecting my ESEA client as: a variant of Win32/Packed.Themida application. I'm pretty sure that this is a false positive. The ESEA client is a counter-strike matchmaking service that finds different pugs for players to join. I've already submitted the file to eset via NOD32 and I'm wondering if I should also report the false positive to support[at]eset.com. The website for this service is: http://www.esportsea.com/

    Edit:
    @ replaced with [at] to prevent robots from harvesting our address
     
    Last edited by a moderator: Sep 5, 2007
  2. ASpace

    ASpace Guest

  3. Anth-Unit

    Anth-Unit Registered Member

    Joined:
    Oct 13, 2006
    Posts:
    108
    I don't think thats the case. When I turn off potentially unwanted/unsafe applications it still detects the file.

    -edit-

    Actually, you're probably right. I'm using the ESS beta right now and I cant seem to get the setting to stick. It seems to turn itself back on after I uncheck the option to detect unwanted/unsafe applications. I still don't understand why this is classified as an unwanted/unsafe application. It's a very popular service amongst online CS gamers and as far as I know it does not fall under any of the characteristics explained in that link you gave me (remote access tools, password-cracking applications, and keylogger). I assume if it was a keylogger, password-cracker etc. someone would have discovered it by now as its been around forever.

    Is it ok for me to post a virus total result in this case? A few other scanners detect this file, most of them look like a heuristic detection.
     
    Last edited: Sep 5, 2007
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Disabling potentially unsafe applications makes the alert disappear, I have tested it and it actually works. We will analyse the file and remove detection if it's actually a legit application.
     
  5. Anth-Unit

    Anth-Unit Registered Member

    Joined:
    Oct 13, 2006
    Posts:
    108
    Thanks for the fast response! It looks like it was fixed as NOD32 no longer detects the file.
     
Thread Status:
Not open for further replies.