False Positive or?

Discussion in 'ESET NOD32 Antivirus' started by acooldozen, Jan 8, 2009.

Thread Status:
Not open for further replies.
  1. acooldozen

    acooldozen Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    221
    Location:
    White Rock, BC, Canada
    Eset is tagging the latest Norman Malware Cleaner as

    08/01/2009 8:08:44 AM Real-time file system protection file C:\Documents and Settings\Compaq_Administrator.XXXXXXXXXXXX\Desktop\Norman_Malware_Cleaner.exe a variant of Win32/Kryptik.EI trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Opera\opera.exe.

    ......and deleting the download.
     
    Last edited: Jan 8, 2009
  2. danieln

    danieln Eset Staff

    Joined:
    Jan 7, 2009
    Posts:
    112
    Where is can be downloaded or did you submitted it already?
     
  3. acooldozen

    acooldozen Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    221
    Location:
    White Rock, BC, Canada
    I submitted it earlier!
     
  4. bradtech

    bradtech Guest

    I had a false positive that was reported as a Kryptik virus.. Was a file inside a driver package that was on my print server... Granted it being HP, it did not surprise me :D
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,408
    I've downloaded and installed Norman Malware Cleaner 2009 01.07, but none of its files are detected. Could you please PM me the email address you submitted the file from? I wasn't unable to find this file at samples[at]eset.com nor submitted via ThreatSense.Net.
     
  6. acooldozen

    acooldozen Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    221
    Location:
    White Rock, BC, Canada
    Sample should have been there by now! Did you get my PM?
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,408
    Strange, I don't get any alerts when downloading or running this build. What version and OS are you using? (e.g. EAV 3.0.684 ENU, 32-bit, WinXP SP3)
     

    Attached Files:

  8. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    It gets flagged as a variant of Win32/Kryptik.EI when I download it from here, here(this one's 01.07 ) and here. I'm using v4 beta (sig 3754).


    Edit: For me, it gets flagged when downloaded with Opera and IE7, but not with Firefox. o_O
     
    Last edited: Jan 9, 2009
  9. acooldozen

    acooldozen Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    221
    Location:
    White Rock, BC, Canada
    Windows XP MCE SP3. Opera Browser. EAV 3.0.684.0
     
  10. acooldozen

    acooldozen Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    221
    Location:
    White Rock, BC, Canada
    Downloaded fine with ie7. Tried it again with Opera. Still flagged.
     
  11. Kiyoshi

    Kiyoshi Registered Member

    Joined:
    Jan 10, 2009
    Posts:
    2
  12. JustAnotherNoob

    JustAnotherNoob Registered Member

    Joined:
    Mar 9, 2008
    Posts:
    24
    Location:
    Belgium
    To add to the story: I tried to download the "SIW Standalone" from the following (reputable, at least I hope so, I've been using its software for a year ...) website, but the download also got flagged as a variant of Win32/Kryptik.EI

    Windows Vista Home Premium SP1
    ESS 3.0.684.0 / 3757 (20090111)
    Firefox Portable 3.0.5

    I was able to download the file using IE7. ESS didn't block the download, but ekrn.exe hangs the PC for a while whenever the file is handled by IE or by Windows Explorer.

    Hope that helps & the likely FP can get resolved quickly ...

    JustAnotherNoob
     
  13. acooldozen

    acooldozen Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    221
    Location:
    White Rock, BC, Canada
    Last edited: Jan 12, 2009
  14. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,986
    But the real question is, is this weird browser muck up fixed? The detecting in some browsers and not in others thing. That's never happened before.

    EDIT: I just realized you are referring to the new version not being detected, I wonder if this is because it's a different file or ESET fixed it?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.