False Positive From ESET NOD32 4.0

Discussion in 'ESET NOD32 Antivirus' started by StephenLee, Jan 12, 2010.

Thread Status:
Not open for further replies.
  1. StephenLee

    StephenLee Registered Member

    Joined:
    Jan 12, 2010
    Posts:
    2
    A few days ago, NOD32 antivirus 4.0 reported programs of mine and warned me that they were adware and malware. And now, I even can not visit the official website of the two software: Registry Well and Registry Easy. I have already submited the files to this address samples@eset.com. However, I receive no reply from ESET Seaching Team or the Lab.

    What should I do?
     
  2. dr pan k

    dr pan k Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    204
    have u tried uploading these apps to virustotal? http://www.virustotal.com/

    this way u ll know if other antivirus engines detect them as malicious. if not try excluding them from nod av for a start
     
  3. Nerimash

    Nerimash Registered Member

    Joined:
    Apr 14, 2009
    Posts:
    86
    Location:
    Ukraine
    Excuse me but there is not 100% guarantee that tested file is not malicious. If you strongly know that file is not malicious you should exclude it from scanning but in other cases I can advise you to send that file first to virus analytics from appropriate AV company.
     
  4. StephenLee

    StephenLee Registered Member

    Joined:
    Jan 12, 2010
    Posts:
    2
    Thank you for you guys. I have already submit those files to virustotal.com and got the same result. I can make sure my programs are not malware or adware. I used them for a few of years. I would like to know why NOD32 classified them as malicious suddenly? Are there any ESET tech support can come here and resolve my problem? I conacted Registry Easy and Registry Well Support Team yesterday, they said they had send email and applications to the ESET Team but they still had not correct or update the NOD32.
     
  5. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
    Welcome to Wilders StephenLee.

    RegistryEasy is from CheeseSoft, the same devs of SpywareCease. The Malwarebytes team consider those two as Rogues. Emsisoft removed those from their database. Let's see if Eset will follow.

    http://malwarebytes.org/malwarenet.php?name=Rogue.RegistryEasy

    RegistryWell is in Emsisoft's database but not in Malwarebytes'.

    http://ww.emsisoft.com/en/malware/Adware.Win32.RegistryWell-remove.aspx

    You can PM Marcos regarding your submissions. In the meantime, put those programs in NOD32's exclusion list.

    EDIT:
    SpywareCease and RegistryEasy are still on the Emsisoft site.
     
    Last edited: Jan 14, 2010
Thread Status:
Not open for further replies.