False Positive? ( Win32 Exploit MSWord Smtag )

Discussion in 'ESET NOD32 Antivirus' started by pmabee, Jun 25, 2008.

Thread Status:
Not open for further replies.
  1. pmabee

    pmabee Registered Member

    Joined:
    May 22, 2008
    Posts:
    22
    I have 2 users trying to open a document they created, a simple mailing label document. They both receive a threat alert "Address Labels.doc contains a variant of Win32/Exploit.MSWord.Smtag trojan"

    However I could open this file without issue until I updated to the 3217 definitions. I truly do not believe this file to be infected with anything.

    Anyone else getting any false positives?
     
  2. pmabee

    pmabee Registered Member

    Joined:
    May 22, 2008
    Posts:
    22
    Re: False Positive?

    I now have other users getting the same threat for other random Word documents. Must be another bad set of definitions.
     
  3. brucefan

    brucefan Registered Member

    Joined:
    May 3, 2007
    Posts:
    14
    Re: False Positive?

    Same thing happening here with documents we created and have been used daily for about a year. Started with 3217.
     
  4. minerat

    minerat Registered Member

    Joined:
    Oct 21, 2005
    Posts:
    14
    Re: False Positive?

    Yeah, I'm getting this all over the place with random word documents, some of which are years old.
     
  5. daricha7

    daricha7 Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    1
    Re: False Positive?

    Same thing here.
     
  6. pmabee

    pmabee Registered Member

    Joined:
    May 22, 2008
    Posts:
    22
    Re: False Positive?

    Sound like someone needs to get rid of whoever is putting together these definitions. I can understand this happening once in a blue moon, but less than a month after the set of definitions that was deleting everything Adobe.
     
  7. edwin3333

    edwin3333 Registered Member

    Joined:
    Aug 29, 2007
    Posts:
    244
  8. dwood

    dwood Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    92
    Re: False Positive?

    We are now getting this on Word documents also!

    Eset please fix asap.
     
  9. rcash

    rcash Registered Member

    Joined:
    Dec 5, 2007
    Posts:
    56
    Re: False Positive?

    Same here. Even the templates that come with Word are triggering.
     
  10. mgithens

    mgithens Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    2
    Re: False Positive?

    c'mon eset, I went to battle to use these guys over Norton... please tell me there is a quick fix!!
     
  11. VisionG

    VisionG Registered Member

    Joined:
    May 22, 2008
    Posts:
    4
    Re: False Positive?

    Same thing here. Need a fix soon!
     
  12. Kevin Fry

    Kevin Fry Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    1
    Re: False Positive?

    I'm experiencing the same thing this morning. LOTS of detected threats classified as the "win32/exploit.msword.smtag:" trojan. Many of the files detected are years old as well and I'm positive they were clean.

    Please update the definition file ASAP to fix this. o_O
     
  13. CrunchieBite

    CrunchieBite Guest

    Re: False Positive?

    Same problem here - multiple Word files and templates throughout our domain and Exchange all flagging up as infected when they were clear last night during our daily scan!

    Come on Eset....2 FP's in 1 month is a bit much!!!
     
  14. tillig

    tillig Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    2
    Re: False Positive?

    I have three clients all reporting dozens of documents infected with a variant of Win32/Exploit.MSWord.Smtag trojan. Some of these documents are quite old. Seems like a false positive, but cannot verify. I am getting these even though clients are running signature 3217!
     
  15. mgithens

    mgithens Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    2
    Re: False Positive?

    this is definitely in the 3217 update
     
  16. BigSoup

    BigSoup Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    3
    Re: False Positive?

    Same here, must be new defs. This is creating a huge headache.
     
  17. pmabee

    pmabee Registered Member

    Joined:
    May 22, 2008
    Posts:
    22
    Re: False Positive?

    Not a real fix, but create a profile where scan on open is disabled and push it out. Push the old one out after they fix this....
     
  18. brucefan

    brucefan Registered Member

    Joined:
    May 3, 2007
    Posts:
    14
    Re: False Positive?

    Anyone have a link that explains how to rollback to a previous signature on a mirror server?
     
  19. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    Re: False Positive?

    Today was updated program component module:
    Antivirus and antispyware scanner module: 1124 (20080625)

    Maybe the problem is because of that?
     
  20. dwood

    dwood Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    92
    Re: False Positive?

    You could always try installing Nod again, this will have the latest signatures with it at the time of compiling.
     
  21. Manus

    Manus Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    1
    Re: False Positive?

    Is somebody warned Eset developers?
     
  22. edwin3333

    edwin3333 Registered Member

    Joined:
    Aug 29, 2007
    Posts:
    244
    ESET's basically shutting a big chunk of my business down. I have hundreds of these alerts now. Please release a fix soon :)

    Many of these are e-mails that have .DOC's with many thousands of dollars of orders that if we don't act upon, someone else gets to fulfill the order.

    And I've emailed support...
     
    Last edited: Jun 25, 2008
  23. runpcrun

    runpcrun Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    3
    Erkk. having loads of clients ringing up now!!

    I hope this is sorted soon
     
  24. tillig

    tillig Registered Member

    Joined:
    Jun 25, 2008
    Posts:
    2
    I have posted an urgent request to their customer service. I am sure I am not alone on this one.
     
  25. Tragard

    Tragard Registered Member

    Joined:
    Jun 19, 2008
    Posts:
    5
    Can someone from Eset please confirm if this is a false positive so we can start to take action to limit the damage.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.