False positive GSCclient.exe after updating to 3456

Discussion in 'ESET NOD32 Antivirus' started by metalalbert, Sep 19, 2008.

Thread Status:
Not open for further replies.
  1. metalalbert

    metalalbert Registered Member

    Joined:
    May 22, 2008
    Posts:
    46
    I've been using a voice client named GSC for quite some time and I know this is a trusted application. Since I updated the virus database to version 3456 NOD32 tells me the file is a possible virus, but it's not. The same goes for update files of the same program.

    I figured I'd bring this to your attention :) I'm not sure if you need more details, if so I'll be happy to provide them.
     
  2. ASpace

    ASpace Guest

    The best would be if you could send ESET copies of all detected files , to samples@eset.com . Do mention in the Subject line of the email that you send them false positive detections .

    They will analyse the files and hopefully will correct the mistake :thumb:
     
  3. metalalbert

    metalalbert Registered Member

    Joined:
    May 22, 2008
    Posts:
    46
    Last time I tried that NOD32 prevented me from emailing the samples. It's just a similar thing as the case with other .exe files returning false positives a while ago.

    I'll send in the client for analysis with NOD32 itself...

    EDIT: Just like I said, I can't send this file to ESET for analysis. NOD32 just tells me it can't send the file for analysis. And it's too huge to email, about 8 MB. My provider doesn't allow me to send files with that size.
     
    Last edited: Sep 19, 2008
  4. DooGie

    DooGie Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    112
    Try zipping the files and then email them.
     
  5. ASpace

    ASpace Guest

    Upload on http://4storing.com/ (when you open the page , click on the Great Britain flag to open the page in English) and then send ESET a link to that file.
     
  6. metalalbert

    metalalbert Registered Member

    Joined:
    May 22, 2008
    Posts:
    46
    Okay, just did that. Thanks for the help :)
     
  7. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    I downloaded copies of GameServers' GSC Client Application v.1.00.2068 and v.2.00.3000 Beta and did not receive any reports of malware with virus signature database 3466. Can you tell me what was detected with your copy of ESET NOD32 Antivirus and whether or not it is still being reported?

    Regards,

    Aryeh Goretsky
     
  8. metalalbert

    metalalbert Registered Member

    Joined:
    May 22, 2008
    Posts:
    46
    I don't really recall right now, but as soon as I get the window again I'll leave info here.

    I do recall though I got a NOD32 alert yesterday that said GSC was a virus, but I know that's not the case. It happened when I was using GSC while I was playing an online game. I use GSC to talk to people online while I play, maybe that triggered it. Funny thing is NOD32 doesn't show any alerts when I run GSC, no, it happens during online play.

    Sorry for not replying to this earlier btw.
     
  9. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Can you tell me the complete and exact threat message as reported from your log file?

    Regards,

    Aryeh Goretsky
     
  10. metalalbert

    metalalbert Registered Member

    Joined:
    May 22, 2008
    Posts:
    46
    Yes, I can. I can also tell you the circumstances how it happened.

    Just now I was running GSC and the game America's Army. I noticed NOD32 updated its virus database and shortly after the update I got a screen showing the following alert:

    Possible unknown Newheur_PE virus

    That's the exact same message I got some days ago.

    I hope this info was helpful enough to you.
     
  11. metalalbert

    metalalbert Registered Member

    Joined:
    May 22, 2008
    Posts:
    46
    I was wondering if there's any updates on this issue?
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
  13. musikit

    musikit Registered Member

    Joined:
    Oct 8, 2008
    Posts:
    140
  14. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    We did some testing earlier and confirmed the issue has been resolved, MetalAlbert.

    See this message thread for details of the test methodology and results.

    Regards,

    Aryeh Goretsky
     
  15. musikit

    musikit Registered Member

    Joined:
    Oct 8, 2008
    Posts:
    140
  16. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    To summarize the message at https://www.wilderssecurity.com/showpost.php?p=1330448&postcount=13, ESET Smart Security v3.0.672.0 with virus signature database update 3510 did not detect any malware when downloading, installing or running GameServers.Com GSC client v2.00 build 3003.

    I cannot say what will or will not be reported on the GSC client with a subsequent version of the virus signature database because the author could make changes to the software which cause a false positive alarm in the future, bundle adware or other potentially unwanted software with their application, and so forth.

    Regards,

    Aryeh Goretsky
     
  17. musikit

    musikit Registered Member

    Joined:
    Oct 8, 2008
    Posts:
    140
    agoretsky,

    while i do appreciate you restating what is stated in the reference you gave that still does not answer the question "does this mean that NOD32 is no longer flagging usage of madcodehook as a virus?"
     
  18. musikit

    musikit Registered Member

    Joined:
    Oct 8, 2008
    Posts:
    140
    bumping thread since no response.
     
  19. metalalbert

    metalalbert Registered Member

    Joined:
    May 22, 2008
    Posts:
    46
    Thanks for looking into this.

    However, I'm still using the Dutch version of NOD32 Antivirus, version number 3.0.650.0. And I'm not using GSC 2.0, I'm using GSC 1.00 Build 2069. I think I didn't mention that before, sorry about that. At the time I posted my question I believe 2.00 wasn't out yet, so I assumed you guys knew it was 1.00.

    Hopefully the problems are solved now. I'll keep you informed.
     
  20. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Otherwise known as spam. Please, stop behaving like 5 yrs old child. :thumbd:
     
  21. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    All I can tell you are the results of the test ESET, LLC performed.

    Please keep in mind that there are a variety of program files such as keyloggers, password crackers, remote control applications and so forth which might be acceptable for a help desk or IT department to use for assisting their users or securing their computers which all have legitimate uses, but when a specific version gets installed by a Trojan downloader or deployed via some other means by malware, it is no longer being used beneficially but as a tool to further the ends of the malware author (bank theft, fraud, blackmail, additional criminal hacking activities and so forth). In these cases, detection of the software is added, usually with a classification of Potentially Unsafe Software or Potentially Unwanted Software.

    While this may be an inconvenience for people who are using that particular application for legitimate business reasons, the reason for detecting it is because the application has been identified as being used maliciously in the wild.

    ESET's customers purchase their software to protect themselves from a wide spectrum of threats and, as such ESET is obliged to protect them not just things like viruses and worms, but other programs found to have been used for malicious purposes.

    Regards,

    Aryeh Goretsky


     
  22. musikit

    musikit Registered Member

    Joined:
    Oct 8, 2008
    Posts:
    140
    so then can we get a response from someone who would be able to tell us if this issue was resolved?
     
  23. musikit

    musikit Registered Member

    Joined:
    Oct 8, 2008
    Posts:
    140
    over 30 days since metalalbert reported the bug and over 9 days since i reported the bug and still no word on a resolution from NOD32.
     
  24. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    I am sure that as soon as MetalAlbert is able to confirm the issue has been resolved he will let us know, Musikit.

    Please keep in mind that not everyone who reports an issue with a product in a web forum returns to let people know if or how the issue has been resolved.

    Regards,

    Aryeh Goretsky
     
  25. metalalbert

    metalalbert Registered Member

    Joined:
    May 22, 2008
    Posts:
    46
    I'm currently doing some testing on my computer. At this point I can confirm:

    1. A scan by NOD32 of both the full GSC dir and the GSC client itself came up clean. I scanned the files with the virus definitions database 3534.

    I am now waiting to see what happens when NOD32 updates the virus defintions database. If NOD32 does not return a false positive after this the problem should be solved for me.
     
Thread Status:
Not open for further replies.