False Positive or?

Eset is tagging the latest Norman Malware Cleaner as

08/01/2009 8:08:44 AM Real-time file system protection file C:\Documents and Settings\Compaq_Administrator.XXXXXXXXXXXX\Desktop\Norman_Malware_Cleaner.exe a variant of Win32/Kryptik.EI trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Opera\opera.exe.

......and deleting the download.

 

Where is can be downloaded or did you submitted it already?

 

I submitted it earlier!

 

I had a false positive that was reported as a Kryptik virus.. Was a file inside a driver package that was on my print server... Granted it being HP, it did not surprise me

 

I've downloaded and installed Norman Malware Cleaner 2009 01.07, but none of its files are detected. Could you please PM me the email address you submitted the file from? I wasn't unable to find this file at samples[at]eset.com nor submitted via ThreatSense.Net.

 

Sample should have been there by now! Did you get my PM?

 

Strange, I don't get any alerts when downloading or running this build. What version and OS are you using? (e.g. EAV 3.0.684 ENU, 32-bit, WinXP SP3)

 

It gets flagged as a variant of Win32/Kryptik.EI when I download it from here, here(this one's 01.07 ) and here. I'm using v4 beta (sig 3754).


Edit: For me, it gets flagged when downloaded with Opera and IE7, but not with Firefox.

 

Windows XP MCE SP3. Opera Browser. EAV 3.0.684.0

 

Downloaded fine with ie7. Tried it again with Opera. Still flagged.

 

It the same "virus" here:
https://www.wilderssecurity.com/showthread.php?t=230278

obvious a false-positive, an anoying one.

 

To add to the story: I tried to download the "SIW Standalone" from the following (reputable, at least I hope so, I've been using its software for a year ...) website, but the download also got flagged as a variant of Win32/Kryptik.EI

Windows Vista Home Premium SP1
ESS 3.0.684.0 / 3757 (20090111)
Firefox Portable 3.0.5

I was able to download the file using IE7. ESS didn't block the download, but ekrn.exe hangs the PC for a while whenever the file is handled by IE or by Windows Explorer.

Hope that helps & the likely FP can get resolved quickly ...

JustAnotherNoob

 

Norman Malware cleaner not flagged today's new version. Should have added....... (not flagged by OPERA)

http://www.calendarofupdates.com/up...r&code=showevent&calendar_id=1&event_id=51377

 

But the real question is, is this weird browser muck up fixed? The detecting in some browsers and not in others thing. That's never happened before.

EDIT: I just realized you are referring to the new version not being detected, I wonder if this is because it's a different file or ESET fixed it?