False Positive? ( Win32 Exploit MSWord Smtag )

Discussion in 'ESET NOD32 Antivirus' started by pmabee, Jun 25, 2008.

Thread Status:
Not open for further replies.
  1. pmabee

    pmabee Registered Member

    Joined:
    May 22, 2008
    Posts:
    22
    I have 2 users trying to open a document they created, a simple mailing label document. They both receive a threat alert "Address Labels.doc contains a variant of Win32/Exploit.MSWord.Smtag trojan"

    However I could open this file without issue until I updated to the 3217 definitions. I truly do not believe this file to be infected with anything.

    Anyone else getting any false positives?
     
  2. pmabee

    pmabee Registered Member

    Joined:
    May 22, 2008
    Posts:
    22
    Re: False Positive?

    I now have other users getting the same threat for other random Word documents. Must be another bad set of definitions.
     
  3. brucefan

    brucefan Registered Member

    Joined:
    May 3, 2007
    Posts:
    14
    Re: False Positive?

    Same thing happening here with documents we created and have been used daily for about a year. Started with 3217.
     
  4. minerat

    minerat Registered Member

    Joined:
    Oct 21, 2005
    Posts:
    14
    Re: False Positive?

    Yeah, I'm getting this all over the place with random word documents, some of which are years old.
     
  5. daricha7

    daricha7 Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    1
    Re: False Positive?

    Same thing here.
     
  6. pmabee

    pmabee Registered Member

    Joined:
    May 22, 2008
    Posts:
    22
    Re: False Positive?

    Sound like someone needs to get rid of whoever is putting together these definitions. I can understand this happening once in a blue moon, but less than a month after the set of definitions that was deleting everything Adobe.
     
  7. edwin3333

    edwin3333 Registered Member

    Joined:
    Aug 29, 2007
    Posts:
    244
  8. dwood

    dwood Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    92
    Re: False Positive?

    We are now getting this on Word documents also!

    Eset please fix asap.
     
  9. rcash

    rcash Registered Member

    Joined:
    Dec 5, 2007
    Posts:
    56
    Re: False Positive?

    Same here. Even the templates that come with Word are triggering.
     
  10. mgithens

    mgithens Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    2
    Re: False Positive?

    c'mon eset, I went to battle to use these guys over Norton... please tell me there is a quick fix!!
     
  11. VisionG

    VisionG Registered Member

    Joined:
    May 22, 2008
    Posts:
    4
    Re: False Positive?

    Same thing here. Need a fix soon!
     
  12. Kevin Fry

    Kevin Fry Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    1
    Re: False Positive?

    I'm experiencing the same thing this morning. LOTS of detected threats classified as the "win32/exploit.msword.smtag:" trojan. Many of the files detected are years old as well and I'm positive they were clean.

    Please update the definition file ASAP to fix this. o_O
     
  13. CrunchieBite

    CrunchieBite Guest

    Re: False Positive?

    Same problem here - multiple Word files and templates throughout our domain and Exchange all flagging up as infected when they were clear last night during our daily scan!

    Come on Eset....2 FP's in 1 month is a bit much!!!
     
  14. tillig

    tillig Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    2
    Re: False Positive?

    I have three clients all reporting dozens of documents infected with a variant of Win32/Exploit.MSWord.Smtag trojan. Some of these documents are quite old. Seems like a false positive, but cannot verify. I am getting these even though clients are running signature 3217!
     
  15. mgithens

    mgithens Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    2
    Re: False Positive?

    this is definitely in the 3217 update
     
  16. BigSoup

    BigSoup Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    3
    Re: False Positive?

    Same here, must be new defs. This is creating a huge headache.
     
  17. pmabee

    pmabee Registered Member

    Joined:
    May 22, 2008
    Posts:
    22
    Re: False Positive?

    Not a real fix, but create a profile where scan on open is disabled and push it out. Push the old one out after they fix this....
     
  18. brucefan

    brucefan Registered Member

    Joined:
    May 3, 2007
    Posts:
    14
    Re: False Positive?

    Anyone have a link that explains how to rollback to a previous signature on a mirror server?
     
  19. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    Re: False Positive?

    Today was updated program component module:
    Antivirus and antispyware scanner module: 1124 (20080625)

    Maybe the problem is because of that?
     
  20. dwood

    dwood Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    92
    Re: False Positive?

    You could always try installing Nod again, this will have the latest signatures with it at the time of compiling.
     
  21. Manus

    Manus Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    1
    Re: False Positive?

    Is somebody warned Eset developers?
     
  22. edwin3333

    edwin3333 Registered Member

    Joined:
    Aug 29, 2007
    Posts:
    244
    ESET's basically shutting a big chunk of my business down. I have hundreds of these alerts now. Please release a fix soon :)

    Many of these are e-mails that have .DOC's with many thousands of dollars of orders that if we don't act upon, someone else gets to fulfill the order.

    And I've emailed support...
     
    Last edited: Jun 25, 2008
  23. runpcrun

    runpcrun Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    3
    Erkk. having loads of clients ringing up now!!

    I hope this is sorted soon
     
  24. tillig

    tillig Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    2
    I have posted an urgent request to their customer service. I am sure I am not alone on this one.
     
  25. Tragard

    Tragard Registered Member

    Joined:
    Jun 19, 2008
    Posts:
    5
    Can someone from Eset please confirm if this is a false positive so we can start to take action to limit the damage.
     
Thread Status:
Not open for further replies.