False positive on probably unknown STEALTH.CRYPT.TSR.DRIVER?

Discussion in 'ESET NOD32 Antivirus' started by Proactive Services, Jun 17, 2011.

Thread Status:
Not open for further replies.
  1. Proactive Services

    Proactive Services Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    153
    Location:
    Petersfield, Hampshire, UK
    I've had a few alert emails along the lines of:

    C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA451.tmp\System.DirectoryServices.AccountManagement.dll contains probably unknown STEALTH.CRYPT.TSR.DRIVER virus.

    C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD347.tmp\System.DirectoryServices.AccountManagement.dll contains probably unknown STEALTH.CRYPT.TSR.DRIVER virus.


    Are these false positives or genuine? I didn't even think stealth TSRs were still around! I cannot get my hands on the computers at the moment so haven't got a copy of the file to play with.
     
  2. marcw

    marcw Registered Member

    Joined:
    Apr 19, 2009
    Posts:
    4
    I have the same file in my quarantine. I've submitted the file to ESET for analysis. So far no feedback.
     
  3. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    I don't believe they provide user feedback.
     
  4. marcw

    marcw Registered Member

    Joined:
    Apr 19, 2009
    Posts:
    4
    So how does find out if it's a FP then?
     
  5. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    sending to samples@eset[dot]sk
     
Thread Status:
Not open for further replies.