False Positive?

Discussion in 'NOD32 version 2 Forum' started by fingers, Sep 3, 2003.

Thread Status:
Not open for further replies.
  1. fingers

    fingers Guest

    Hi all,
    dont know if this has been covered or is the correct place to post but....
    I have been getting a false (i think/know) positive identification of a virus when i manual scan hdd in the file kix32.exe and any zip files that contain it. --- from kix2001 421

    This does not register when scanned with nod32v1
    Anyone else noted this before?

    here is the log entry from the scan..
    probably unknown NewHeur_PE virus
     
  2. anders

    anders Eset Staff Account

    Joined:
    Oct 25, 2002
    Posts:
    410
    Send a copy of the file to Jan. (or some other eset-adress)

    Best regards,
    Anders
     
  3. fingers

    fingers Registered Member

    Joined:
    Sep 3, 2003
    Posts:
    7
    Location:
    Australia
    Thanx,
    but if i knew who to send it to i would are there any adddress' available to send the exe file too?
    dave
     
  4. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Hi Fingers,

    Please send a copy to support@eset.com, if you can Zip the file first, please do.

    rgds,
    Martin
     
  5. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    fingers,

    FYI: this isn't a positive identification: as stated its' a "propably unknown..." - due to the use from strong heuristics.

    Submitting it to Eset is indeed the safest way to go.

    regards.

    paul
     
  6. fingers

    fingers Registered Member

    Joined:
    Sep 3, 2003
    Posts:
    7
    Location:
    Australia
    thanx all
    i have sent a copy to the above address -

    i dont believe that it is a biggie but the kix script file is distributed widely on many networks and if a scheduled - delete file hdd scan is enabled on a server then the file would be deleted or at least placed in quarantine, and users would get login errors or no script running at all
    dave
     
  7. fingers

    fingers Registered Member

    Joined:
    Sep 3, 2003
    Posts:
    7
    Location:
    Australia
    The false positive has been rectified.
    Thanx to those involved
    dave
     
Thread Status:
Not open for further replies.