False positive - PCAnyWhere

Discussion in 'ESET NOD32 Antivirus' started by jeff-b, Sep 1, 2008.

Thread Status:
Not open for further replies.
  1. jeff-b

    jeff-b Registered Member

    Joined:
    May 12, 2006
    Posts:
    3
    Hi all,

    XP Pro SP2 (up-to-date)
    NOD32 v3.0.650.0
    Base des signatures de virus: 3402 (20080831)

    Since v3398, or maybe the previous one, NOD block my PCAnyWhere Master v12.1

    29/08/2008 14:40:06 Protection en temps réel du système de fichiers fichier C:\Program Files\Symantec\pcAnywhere\Winaw32.exe une variante probable de Win32/Genetik cheval de troie nettoyé par suppression - mis en quarantaine AUTORITE NT\SYSTEM Un événement s'est produit pendant une tentative d'exécution du fichier par l'application : C:\WINDOWS\Explorer.EXE.

    Works well before.

    Thinking about a possible infection, I tried to desinstall/reinstall PCAW from CD. Impossible. Now, NOD block the Winaw32.exe within the CD !

    Symantec Liveupdate says PCAW is up-to-date.

    By unselecting options one-by-one, result seems : 'advanced heuristik' is blocking winaw32.exe within 'real time file protection'.

    (Unsafe and Unwanted software can stay selected)

    If confirmed, hoping this will be corrected soon.

    Jeff.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Hello,

    Please compress the file with WinRAR or another common packer, protect the archive with the password "infected" and send it to samples[at]eset.com with "False positive" in the subject and a link to this thread enclosed as well.
     
  3. jhwker

    jhwker Registered Member

    Joined:
    May 6, 2006
    Posts:
    11
    NOD32 deleted Winaw32.exe from my pcAnywhere installation also. I see that at least one other user over at DSLReports.com has reported the same problem. I excluded the pcAnywhere directory and restored the file. Also NOD32 wanted the file submitted for analysis so I did. May be a false positive...
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Please check the file in question with the current version (3406), it should no longer alert on that file.
     
  5. jhwker

    jhwker Registered Member

    Joined:
    May 6, 2006
    Posts:
    11
    All is good with latest signature. No more false positive.
     
  6. jeff-b

    jeff-b Registered Member

    Joined:
    May 12, 2006
    Posts:
    3
    Hi,

    I'm just back to office this morning and reading this answers.

    I confirm the problem is solved with this update.

    Thank you for reactivity.
    Jeff.
     
Thread Status:
Not open for further replies.