False positive on Intel Wireless software

Discussion in 'ESET NOD32 Antivirus' started by SmackyTheFrog, Nov 18, 2009.

Thread Status:
Not open for further replies.
  1. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    The latest definitions are getting a false positive on a component of the Intel Wireless utility. C:\Program Files\Intel\Wireless\Bin\EvtEng.exe is being detected with the Win32/Genetik signature and I am 99% sure this is a completely valid component that has been on our mobile systems for years. I would submit a proper false positive sample, but these are unmanaged remote systems out in the field so I can't get an actual copy of the file. I know Eset has a copy of the sample somewhere since the RAC has logged that it was uploaded. Can someone look in to this one before more people have their wireless cut off on their next reboot? I am pretty sure Dell was installing this software on their default laptop config from a few years ago and a bunch of people are about to be unhappy.
     
  2. vbuckjr

    vbuckjr Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    10
    Location:
    Nashville, TN
    My boss ran into this as well, this makes me nervous is ESET on top of this or not? I would hope to get a response to this in the forums.
     
  3. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    False positives turn up occasionally with any AV software. Last time something like this happened, they were very fast to turn around and release an updated definition that automatically released the file from quarintine and every kept chugging along. I would try to inform your users not to shutdown or reboot if they see a quarintine dialog until this gets sorted out as they could lose wireless access if at all possible.
     
  4. rcash

    rcash Registered Member

    Joined:
    Dec 5, 2007
    Posts:
    56
    I'm getting it on more that just wireless:

    c:\ftp_pro\wsftpext.dll contains probably a variant of Win32/Genetik trojan
     
  5. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
  6. Rmuffler

    Rmuffler Former Eset Moderator

    Joined:
    Jun 26, 2008
    Posts:
    995
    Location:
    San Diego, CA USA
    Hello,

    Our Support Engineers collected the sample today and have sent it to the virus lab. Please refer back to this thread if needed.

    Thank you,
    Richard
     
  7. ThomasC

    ThomasC Former ESET Support Rep

    Joined:
    Sep 8, 2008
    Posts:
    209
    As of approxamitly 6:00 PM PST virus databse version 4621 was released which should have corrected the problem. Please let us know if any of you continue to get any false threat notifications.

    -Tom
     
Thread Status:
Not open for further replies.