False Positive or?

Discussion in 'ESET NOD32 Antivirus' started by acooldozen, Jan 8, 2009.

Thread Status:
Not open for further replies.
  1. acooldozen

    acooldozen Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    218
    Location:
    White Rock, BC, Canada
    Eset is tagging the latest Norman Malware Cleaner as

    08/01/2009 8:08:44 AM Real-time file system protection file C:\Documents and Settings\Compaq_Administrator.XXXXXXXXXXXX\Desktop\Norman_Malware_Cleaner.exe a variant of Win32/Kryptik.EI trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Opera\opera.exe.

    ......and deleting the download.
     
    Last edited: Jan 8, 2009
  2. danieln

    danieln Eset Staff

    Joined:
    Jan 7, 2009
    Posts:
    112
    Where is can be downloaded or did you submitted it already?
     
  3. acooldozen

    acooldozen Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    218
    Location:
    White Rock, BC, Canada
    I submitted it earlier!
     
  4. bradtech

    bradtech Guest

    I had a false positive that was reported as a Kryptik virus.. Was a file inside a driver package that was on my print server... Granted it being HP, it did not surprise me :D
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I've downloaded and installed Norman Malware Cleaner 2009 01.07, but none of its files are detected. Could you please PM me the email address you submitted the file from? I wasn't unable to find this file at samples[at]eset.com nor submitted via ThreatSense.Net.
     
  6. acooldozen

    acooldozen Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    218
    Location:
    White Rock, BC, Canada
    Sample should have been there by now! Did you get my PM?
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Strange, I don't get any alerts when downloading or running this build. What version and OS are you using? (e.g. EAV 3.0.684 ENU, 32-bit, WinXP SP3)
     

    Attached Files:

  8. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    It gets flagged as a variant of Win32/Kryptik.EI when I download it from here, here(this one's 01.07 ) and here. I'm using v4 beta (sig 3754).


    Edit: For me, it gets flagged when downloaded with Opera and IE7, but not with Firefox. o_O
     
    Last edited: Jan 9, 2009
  9. acooldozen

    acooldozen Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    218
    Location:
    White Rock, BC, Canada
    Windows XP MCE SP3. Opera Browser. EAV 3.0.684.0
     
  10. acooldozen

    acooldozen Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    218
    Location:
    White Rock, BC, Canada
    Downloaded fine with ie7. Tried it again with Opera. Still flagged.
     
  11. Kiyoshi

    Kiyoshi Registered Member

    Joined:
    Jan 10, 2009
    Posts:
    2
  12. JustAnotherNoob

    JustAnotherNoob Registered Member

    Joined:
    Mar 9, 2008
    Posts:
    24
    Location:
    Belgium
    To add to the story: I tried to download the "SIW Standalone" from the following (reputable, at least I hope so, I've been using its software for a year ...) website, but the download also got flagged as a variant of Win32/Kryptik.EI

    Windows Vista Home Premium SP1
    ESS 3.0.684.0 / 3757 (20090111)
    Firefox Portable 3.0.5

    I was able to download the file using IE7. ESS didn't block the download, but ekrn.exe hangs the PC for a while whenever the file is handled by IE or by Windows Explorer.

    Hope that helps & the likely FP can get resolved quickly ...

    JustAnotherNoob
     
  13. acooldozen

    acooldozen Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    218
    Location:
    White Rock, BC, Canada
    Last edited: Jan 12, 2009
  14. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    But the real question is, is this weird browser muck up fixed? The detecting in some browsers and not in others thing. That's never happened before.

    EDIT: I just realized you are referring to the new version not being detected, I wonder if this is because it's a different file or ESET fixed it?
     
Thread Status:
Not open for further replies.