Ess gone mad (false positives)

Discussion in 'ESET Smart Security' started by djmorgan, May 22, 2008.

Thread Status:
Not open for further replies.
  1. djmorgan

    djmorgan Registered Member

    Joined:
    Sep 15, 2004
    Posts:
    167
    3.0.657 update sig 3119

    Since the last update I have been plagued by being told of threats such as:

    22/05/2008 7:37:25 PM Real-time file system protection file C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatFNP.dll probably a variant of Unknown virus NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\explorer.exe.

    and

    22/05/2008 7:35:20 PM Real-time file system protection file C:\Utilities\ReGetDx\ReGet Deluxe\ReGetDx.exe probably a variant of Unknown virus NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\explorer.exe.

    And more!:doubt:

    C:\Applications\Adobe\Photoshop Elements 6.0\AdobeLMEdit_libFNP.dll - probably a variant of Unknown virus


    C:\Applications\Adobe\Adobe Photoshop CS3\AdobeLM_libFNP.dll - probably a variant of Unknown virus

    C:\Applications\Adobe\Photoshop Elements 6.0\AdobeLMLnhr_libFNP.dll - probably a variant of Unknown virus

    C:\Applications\Adobe\Photoshop Elements 6.0\AdobeLMOrg_libFNP.dll - probably a variant of Unknown virus

    C:\Applications\Adobe\Photoshop Elements 6.0\AdobeLM_libFNP.dll - probably a variant of Unknown virus

    Now I appreciate the protection but when I say "Leave" I expect it to be left as they are ALL obvious false positives and have been on my machine for years.

    Please fix this with next sig update
     
    Last edited: May 22, 2008
  2. rahucha

    rahucha Registered Member

    Joined:
    Sep 6, 2007
    Posts:
    3
    Re: Ess gone mad

    Hello,

    Yes, it looks a major problem.

    Some of our customers are reporting that latest NOD32 signature update are reporting our applications protected with Themida/WinLicense as "Uknown virus"

    Hope that the problem gets fixed soon.

    Thanks,
    Rafael
     
  3. ASpace

    ASpace Guest

  4. siaosiaokia

    siaosiaokia Registered Member

    Joined:
    May 22, 2008
    Posts:
    3
    Re: Ess gone mad

    I am using Eset Nod32 Antivirus Version 3.0.621.0 with signature database of 3119.

    I am encountering the same problem with the above poster as well. This occurs today after i updated the signature database to 3119.

    Below are the log events taken from Eset Nod32:

    Code:
    5/22/2008 5:19:36 PM	Real-time file system protection	file	C:\Program Files\SWiSH Max2\SwishMax2.exe	probably a variant of Unknown virus	deleted - quarantined	NT AUTHORITY\SYSTEM	Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\rundll32.exe.
    
    5/22/2008 5:08:37 PM	Real-time file system protection	file	C:\Program Files\Adobe\Adobe Photoshop CS3\AdobeLM_libFNP.dll	probably a variant of Unknown virus	deleted - quarantined	NT AUTHORITY\SYSTEM	Event occurred during an attempt to run the file by the application: C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe.
     
  5. ASpace

    ASpace Guest

    Re: Ess gone mad

    Update to 3120
     
  6. siaosiaokia

    siaosiaokia Registered Member

    Joined:
    May 22, 2008
    Posts:
    3
    Re: Ess gone mad

    Yup. Just done another update. Thanks for the help! I will try to reinstall the programs and see whether does the problem still occuring.

    Thanks!
     
  7. Action man

    Action man Registered Member

    Joined:
    May 13, 2008
    Posts:
    3
    Re: Ess gone mad

    It's also flagged AdobeLM_libFNP.dll as a new unknown virus. I have had re-isntalled this from disc since using NOD32 v3, and have always had the 'detection of application modification' option set to on. I have no notice of any file in this folder being changed. Its in the Photoshop CS3 Root directory.
     
  8. siaosiaokia

    siaosiaokia Registered Member

    Joined:
    May 22, 2008
    Posts:
    3
    Re: Ess gone mad

    Ok. The problem still occurs for me though.

    Code:
    5/22/2008 6:05:47 PM	Real-time file system protection	file	C:\Program Files\Adobe\Adobe Photoshop CS3\AdobeLM_libFNP.dll	probably a variant of Unknown virus	deleted - quarantined	NT AUTHORITY\SYSTEM	Event occurred during an attempt to run the file by the application: C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe.
    What i did was first updating Nod32 signature database to 3120 and then restore the AdobeLM_libFNP.dll from Nod32 quarantine and ran Photoshop CS3.

    Next thing i know, Nod32 prompted that AdobeLM_libFNP.dll is an unknown virus urging me to delete or leave it.
     
  9. stratoc

    stratoc Guest

    Re: Ess gone mad

    it seems to remove files if you tell it to leave, i had to restore system to before this "incident" and updated to 3120 and will leave a scan till i read this has been fixed.
     
  10. djmorgan

    djmorgan Registered Member

    Joined:
    Sep 15, 2004
    Posts:
    167
    Re: Ess gone mad

    Thankfully it's not removing my files but flags a warning every time I open WEx
     
  11. sandsnake

    sandsnake Registered Member

    Joined:
    May 22, 2008
    Posts:
    4
    How do i change my nod settings to be able to open the software in question? whenever i click on one of the "viruses" (civ4.exe eg) i am told that i do not have permission to run this file, even though i have an admin account on my machine (running vista)
     
  12. djmorgan

    djmorgan Registered Member

    Joined:
    Sep 15, 2004
    Posts:
    167
    3120 does not work for me, stil FPs' everywhere
     
  13. Nitrous

    Nitrous Registered Member

    Joined:
    Feb 4, 2008
    Posts:
    29
    Location:
    Russia, St.Petersburg
    yeah. I still have problems.
     
  14. philau

    philau Registered Member

    Joined:
    Jun 19, 2006
    Posts:
    6
    I am getting the same thing for The Bat! email client
     
  15. jkyriazakos

    jkyriazakos Registered Member

    Joined:
    Feb 6, 2007
    Posts:
    5
    I am having the same problem and i have 3120 Definition version. Some of my systems can't even boot after restart.
     
  16. KTamas

    KTamas Registered Member

    Joined:
    May 22, 2008
    Posts:
    11
    This is crazy. Since 3119, first we got a false positive for AcrobatFNP.dll, we clicked "leave", the system died shortly after. This happened on 4 computers of ours so far, and they are pretty much dead: after you log in, the system just locks up shortly after.
     
  17. ShadowBronze

    ShadowBronze Registered Member

    Joined:
    May 22, 2008
    Posts:
    1
    Exact same problem here, and I started panicking thinking there was an actual virus plaguing though all my programs! It's messing up all my programs such as Photoshop, Dreamweaver, Call of Duty 4 and many more! How do I stop this?! I do not want to have to reinstall everything.
     
  18. dwell

    dwell Registered Member

    Joined:
    May 22, 2008
    Posts:
    1
    I can't open any of Microsoft Office documents!!!
    Hope this terrible bug will be fixed soon... :blink:
     
  19. KTamas

    KTamas Registered Member

    Joined:
    May 22, 2008
    Posts:
    11
    What I dont get is that these computers lock up in normal mode even after I completely disabled NOD32 (GUI+Services). They are just... dead.

    This is frustrating as hell. Antivirus killing PCs.
     
  20. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    We're on the ball, the problem is being investigated and should be resolved shortly with a newer engine update. If some files have been mistakenly quarantined, you can restore them manually. If you experience system hangups, disable ThreatSense temporarily and restart the computer.

    We apologize for the inconvenience.
     
  21. wiselark

    wiselark Registered Member

    Joined:
    May 22, 2008
    Posts:
    1
    It's collected in addition to AdobeLM_libFNP.dll my Tomb Raider Anniversary install tra.exe, and Pocket DVD, pqdvd.exe. Before I knew about this bug I uninstalled Tomb Raider Anniversary, and now it's blocking my reinstall. I'm running 3120.
     
  22. KTamas

    KTamas Registered Member

    Joined:
    May 22, 2008
    Posts:
    11
    I cannot disable ThreatSense since the computer locks up before I could even go into NOD32 settings.

    o_O
     
  23. OAKside

    OAKside Registered Member

    Joined:
    Sep 30, 2006
    Posts:
    36
    Re: ESS Gone Wild! (Only $19.99!!)

    Absurd! Whoa, glad I'm not alone. Just started getting obvious false-positives (Battlefield 2, Call of Duty 4) this AM, right after the auto update (3120). Updated to ESS 3.0.657, no help. Other absurdities: Unimpressive HTTP address blocks (MP3 sites). C'mon, Eset.
     
  24. agost

    agost Registered Member

    Joined:
    Dec 23, 2007
    Posts:
    7
  25. tsmith35

    tsmith35 Registered Member

    Joined:
    Jan 26, 2008
    Posts:
    7
    Is there any way to disable ThreatSense from safe mode?

    My Nod32 also flagged Adobe Acrobat 8.x as "probably a variant of Unknown virus", but fortunately I had it set to ask me before quarantining anything... past experience helped with that.
     
Thread Status:
Not open for further replies.