ESET NOD32 Antivirus 4 ver. 4.0.424.0 detects A00000035.exe -what should be done-

Discussion in 'ESET NOD32 Antivirus' started by peacedrunx, Oct 5, 2009.

Thread Status:
Not open for further replies.
  1. peacedrunx

    peacedrunx Registered Member

    Joined:
    Oct 3, 2009
    Posts:
    3
    http://i147.photobucket.com/albums/r292/peacedrunx/Random%20pix/nod32falsepositive.jpg




    ESET nod32 keeps on detecting SVChost.exe as a virus which i know it is not because its an important windows file from system32 .. and that the virus name is svShost.exe or sCVhost.exe right?

    i tries a couple of ways for it not to be detected. all in failure. tried the 'exclusions' on adv. mode and tried turning off heuristics/adv heuristics. still being detected.

    and as you can see on the pic(link above), i somehow can't check/uncheck the "exclude from detection" w/c if i could check the box, would probably solve my problem.

    thing is, im afraid someone from house might delete the file while im not around, even though i said not to.





    seems like A00000035.exe is attacking svchost.exe? don't really know. what should i do?

    won't svchost.exe be affected if i delete/clean it?

    Edited- i have mistaken thanks to Mr. chrcol and Mr jim
     
    Last edited: Oct 5, 2009
  2. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    772
    Location:
    UK
    Re: ESET NOD32 Antivirus 4 ver. 4.0.424.0 svchost.exe false positive -help-

    its detecting that A00000035.exe as the virus not svchost.exe
     
  3. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Re: ESET NOD32 Antivirus 4 ver. 4.0.424.0 svchost.exe false positive -help-

    Yes exactly. It looks like you have a virus that has attached itself to one or more Windows services. Some of the mroe nasty viruses atach themselves to every svchost process, including the login process, which makes it hard to remove.



    Jim
     
  4. peacedrunx

    peacedrunx Registered Member

    Joined:
    Oct 3, 2009
    Posts:
    3
    Re: ESET NOD32 Antivirus 4 ver. 4.0.424.0 svchost.exe false positive -help-

    oh, i thought it was the svchost.exe, since i saw the svchost name, i was afraid to do something about it, because i might cause something bad.

    and i just recently used eset av.

    should i delete/clean it then? or submit it first? if i delete it, won't cause any problems to svchost.exe ?

    what's the best course of action?



    10/5/2009 6:25:51 PM Real-time file system protection file D:\System Volume Information\_restore{6C394580-A3CD-4CEC-AF66-EE5E4F9B3024}\RP1\A0000035.exe probably a variant of Win32/Agent trojan JULIAN\pamilya baranda Event occurred during an attempt to access the file by the application: C:\Program Files\Mozilla Firefox\firefox.exe.


    10/5/2009 4:39:13 PM Real-time file system protection file D:\System Volume Information\_restore{6C394580-A3CD-4CEC-AF66-EE5E4F9B3024}\RP1\A0000035.exe probably a variant of Win32/Agent trojan NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.



    ---Should i quarantine and delete these kinds of detections? delete or clean?



    thanks for the fast reply.
     
    Last edited: Oct 5, 2009
  5. Fixer

    Fixer Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    141
    Location:
    Bulgaria, EU
  6. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    He's fine, just delete that restore point or let NOD32 delete that file from the restore point.This virus in system restore DOES NOT mean svchost is infected, system restore mearly made a backup of your system and renamed whatever that virus was to that file name you see there.if you restored from that restore point, then that file would be renamed on your system to whatever the original was.... not a big deal, no need to panic.
     
  7. peacedrunx

    peacedrunx Registered Member

    Joined:
    Oct 3, 2009
    Posts:
    3

    thnx a lot guyz for the quick responses ^___^ i had really thought svchost was infected or something.

    glad i came cross this forum. already bookmarked it and on my toolbar =)

    i let nod32 quarantine it and i had deleted it on the quarantine section. never came across it up to now =)

    and i would take note on those threads you linked Mr.Fixer, in case something else happens =)

    thanx very much guys ^__^
     
Thread Status:
Not open for further replies.