False positive on probably unknown STEALTH.CRYPT.TSR.DRIVER?

Discussion in 'ESET NOD32 Antivirus' started by Proactive Services, Jun 17, 2011.

Thread Status:
Not open for further replies.
  1. Proactive Services

    Proactive Services Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    153
    Location:
    Petersfield, Hampshire, UK
    I've had a few alert emails along the lines of:

    C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA451.tmp\System.DirectoryServices.AccountManagement.dll contains probably unknown STEALTH.CRYPT.TSR.DRIVER virus.

    C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD347.tmp\System.DirectoryServices.AccountManagement.dll contains probably unknown STEALTH.CRYPT.TSR.DRIVER virus.


    Are these false positives or genuine? I didn't even think stealth TSRs were still around! I cannot get my hands on the computers at the moment so haven't got a copy of the file to play with.
     
  2. marcw

    marcw Registered Member

    Joined:
    Apr 19, 2009
    Posts:
    4
    I have the same file in my quarantine. I've submitted the file to ESET for analysis. So far no feedback.
     
  3. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,666
    Location:
    Toronto Canada
    I don't believe they provide user feedback.
     
  4. marcw

    marcw Registered Member

    Joined:
    Apr 19, 2009
    Posts:
    4
    So how does find out if it's a FP then?
     
  5. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    sending to samples@eset[dot]sk
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.