False alarm for PieStudio by picmeta?

Discussion in 'ESET NOD32 Antivirus' started by jdmarch, Jun 23, 2009.

Thread Status:
Not open for further replies.
  1. jdmarch

    jdmarch Registered Member

    Joined:
    Apr 22, 2007
    Posts:
    6
    Nod32 antivirus flags the downloaded file (for Pie Studio v4.5) as "Probably a variant of Win32/Statik application".

    I have been using this application from this vendor (http://www.picmeta.com) for many years... much longer than I've been using Nod32! He assures me that this is a false alarm common to Nod32 and Sophos.

    Comments?
     
  2. jdmarch

    jdmarch Registered Member

    Joined:
    Apr 22, 2007
    Posts:
    6
    Other strange NOD32 behavior with this file:

    1. NOD32 wouldn't even let me complete the download (no, I don't plan on executing it until this is resolved). The quarantine file was incomplete and the "submit for analysis" link failed.

    2. So then I commanded: "Disable AV and anti SW detection", but then Firefox said the file could not be found.

    3. So I re-enabled AV etc, then started the download, then immediately disabled AV etc. This time the download completed but NOD32 still warned about it even though it was supposed to be disabled!

    This is all a little too intrusive for my taste. I want a utility not a nanny.

    Yes, I did a manual quarantine (renamed the file extension).

    Comments? Thanks.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Try the following:
    1, temporarily disable web access protection
    2, download the file
    3, enable web access protection
    4, submit the file to samples[at]eset.com with "False positive" in the subject

    Statik is a generic detection for highly suspicious files that use code obfuscation and other techniques typical for malware for the purpose of evading detection by AV programs.
     
  4. jdmarch

    jdmarch Registered Member

    Joined:
    Apr 22, 2007
    Posts:
    6
    Thanks. Submitted, yesterday. No response yet....
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    FPs are processed with the highest priority and I've just confirmed there are no FPs pending for a remedy. Did you actually submit the file to samples[at]eset.com with "False positive" in the subject? If so, could you resend it with this thread's url in the subject?
     
  6. jdmarch

    jdmarch Registered Member

    Joined:
    Apr 22, 2007
    Posts:
    6
    Gmail thinks I sent it yesterday, but I can't be sure that I disabled nod32 in advance, so it may have been blocked.

    Just now I re-sent it as you instructed -- actually twice - once with nod32 enabled (got a pop-up), then once with nod32 disabled.

    Thanks.
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I've scanned the file and it's not detected. Make sure that you're using the latest version 4186.
     
  8. jdmarch

    jdmarch Registered Member

    Joined:
    Apr 22, 2007
    Posts:
    6
    I have version 4183, from 13 hours ago.
    My attempt to update fails:
    Undocumented serious error (0x101a)
    My internet connection is (obviously) working.
    I'm about to reboot, see if that helps.
     
  9. jdmarch

    jdmarch Registered Member

    Joined:
    Apr 22, 2007
    Posts:
    6
    After reboot I could update the version ok; then the file checked ok. Thanks for the quick fix.
     
Thread Status:
Not open for further replies.