False Positive - Unlocker ?

Discussion in 'ESET NOD32 Antivirus' started by Banger696, Sep 15, 2009.

Thread Status:
Not open for further replies.
  1. Banger696

    Banger696 Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    274
    Just ran unlocker1.8.7.exe through Virus Total as Nod32 picked it up in an overnight scan. Nod32 is the only AV showing this file as Win32/Agent.QBA. False positive?
     
  2. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
  3. Banger696

    Banger696 Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    274
    Thanks, I have followed the proceedure. :)
     
  4. SatMad

    SatMad Registered Member

    Joined:
    Mar 19, 2009
    Posts:
    8
    I too had this problem few days ago.
    Submitted file as F.P. to samples@eset.com on 12 Sept. 09.

    No replay.
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
  6. ASpace

    ASpace Guest

    Me , too . ESET Virus Lab = no reaction

    Here is a proof . Someone should have answered
     

    Attached Files:

  7. Banger696

    Banger696 Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    274
    Ok I've just downloaded it again and it appears to be clean, unselected ebay shortcuts etc on install and the Install folder and install application come up clean. Maybe indeed it was infected and has now been cleaned up. No ebay shortcuts on my desktop either. Strange.
     
  8. SatMad

    SatMad Registered Member

    Joined:
    Mar 19, 2009
    Posts:
    8
    Ok, downloaded "Unlocker v.1.8.7" again and re-installed.

    Seems that author has changed something in the installer even
    if it has the same revision.

    Installer and installed prog. are clean now.

    I appreciate that ESET Smart Security contributed on discovery
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Detection was verified and confirmed that it's correct. However, I'll inquire about it tomorrow again when I get to the office.
     
  10. SunRui

    SunRui Registered Member

    Joined:
    Aug 21, 2009
    Posts:
    42
    hello
    I think you mean that "eBay shortcut" triggers detection is correct,but the module can be choosen by users,ESET do not allow this kind of interact installation?
     
  11. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hello,
    I sent the ebayshortcuts.exe malware to ESET plus another variant I found yesterday.
    I'm sure it's a kind of malware.
    Norman added detection too and you can find some information from Google. like http://it.toolbox.com/blogs/paytonbyrd/beware-unlocker-187-26919.
    Anyway I read somewhere that latest version of Unlocker doesn't came bundled with this crap. I'm not sure if it's true since I don't use such program.
     
  12. danieln

    danieln Eset Staff

    Joined:
    Jan 7, 2009
    Posts:
    112
    Re: Win32/Agent.QBA trojan

    The new version of the adware-like trojan was inserted to the installer, perhaps with the intention to avoid detection?
    There are more vendors who bundle the component with their applications and at the same time telling their software is FREE.
     
  13. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
  14. Dean Ross

    Dean Ross Registered Member

    Joined:
    Oct 27, 2009
    Posts:
    1
    I informed Cedrick 'Nitch' Collomb, the creator of Unlocker that there was a possible Trojan in version 1.8.7. My NOD32 scan detected it and it was reported on Wilders Security Forum, that others detected it too. I sent him the information from Wilders Security. Cedrick insists that it is a "false possitive", which it very well could be, as other anti-virus programs do not detect any problem. Cedrick informed me today that he has promptly addressed the issue and fixed what may have been a problem, with the new release of version1.8.8. Unlocker is a great and useful utility, very worthwhile. :)
     
  15. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
    Good PR from a first poster :D
     
Thread Status:
Not open for further replies.