False Positive

Today I made a fresh install of NOD32.
But , surprise :



Q&Q Defrag Agent seems to be a new virus !
I think this happened before update.

BTW I have to reinstall Q&Q Defrag to use it again !

 

So why do you think it is false-positive ? ? ?

Place that file to quarantine and submit it for analyze . Also , samples@eset.com

And something you know very well -> Virus Total
www.virustotal.com

Let us know how it goes

 

As you can see with current database NOD found nothing.





I am 100% sure that was a FP !

 

Well there you go. Update and let that be the end of it.

 

This is not the point.
Enyone else will have the same problem with Q&Q installed and a fresh NOD setup.
I think they should eliminate this FP !

 

just trying to understand the problem - when you install a fresh copy of NOD32 and BEFORE it is updated this file is flagged as a threat, but after NOD32 is updated it isn't flagged as a problem...if this is the case, then it isn't a problem. It is only a problem if, after updating it still flags a genuine file as a false positive.

 

Now I agree !

 

I use O&O Defrag and NOD never, never, flaged any O&O file with virus. So I don't understand this one.

 

Why not just restore the file from NOD32's Quarantine? The program should work ok after that?

 

Agreed.

Cheers

 

If you look at my first post you can see : " action - error while cleaning..."
There is no file in Quarantine. The program just do not work anymore after that.
But if you all think this is normal I will put an end to this story now.

Best regards.

 

If the file is not detected with an up to date version of NOD32, where's the problem then? How can you fix it without updating NOD32?

 

Sorry but when you mentioned Q&Q Defrag you mean O&O defrag correct. I'm using O&O Defrag on my Fathers PC and Bitdefender Pro 9 and I've never ever encountered any of this type of prob, plus also previously I used O&O defrag on my PC with NOD32 and again didnt have any probs.

My suggestions:

1. Uninstall O&O Defrag
2. Clr all your cache and temp internet files
3. Re-Boot your PC in safe mode and do a full scan of your HDD.

Note: Make sure that your NOD32 is fully updated before following steps 1 - 4.

 

Basically, what you are saying is that the fresh NOD32 program should come with virus definitions that are newer than the ones currently included. For example, if the virus definitions now included come from January, and the O&O problem was fixed in March, then NOD32 should come with virus definitions from April or later.

Something like that?

 

Yeah I still don't get it.. How are they supposed to fix an FP without updating? ...

 

IMHO that would only be true if the user selected Restart Now versus Restart Later during the final step of installing Nod32.

I personally would suggest you consider downloading up to date signatures before restarting if at all possible.

 

Something like that.
But that only if we(they) admit there is a problem.

 

A FP rendering a Terminal Server useless qualifies as a problem

I just experienced a similar problem. While configuring NOD32 I've also configured a weekly scan. This scan is configured to run immediately if it has not run within 400 hours. The update is configured to run each hour.

We're using RES PowerFuse for managing our Terminal Servers.

If I push NOD32 Enterprise to a Terminal Server the weekly scan immediately runs without an update:

Pwrstart.exe is an essential part of our Terminal Servers, which means it now has become useless.

After restoring pwrstart.exe and repeating the scan with an update it no longer is detected:

VirusTotal doesn't find any virus.

The easiest way to solve my problem has already been mentioned: the fresh NOD32 program should come with virus definitions that are newer than the ones currently included.

Currently I'm using 2.50.25, I could try if 2.51.26 solves the problem.

AFAIK I can't exclude files from on-demand scanning, so this will be very difficult. Any suggestion - except not using on-demand scanning, disabling AH or other major changes in my configuration - is welcome.

 

Virus definitions in setup program is from 24.03.2006 !!
This is causing problems to many peoples due to those FP at a fresh install.
So I have a common sense question : why is eset keeping those virus definitions like that ? Maybe they have a reson for that ?!

 

It's impossible to have always the latest definitions included in the installer. This would mean creating newer installer several times a day and uploading 1,5 GB of data with every update (not taking trial versions into account). At any rate, the current installers come with update 1.1618 embedded.

 

Thanks, I'll try that and hope it solves the FP.

 

I reinstalled NOD32 using the 2.51.26 installer. First the problem didn't occur, because the definitions were updated before the scan started. After reinstalling while disabling updates I was able to test this issue with 2.51.26.

Problem appears to be solved with the 1.1458 definition.

2.51.26 comes with 1.1458, so I don't know what installer you are refering to that comes with 1.1618? Anyway, problem is solved with 1.1458.

 

I think we are all too serious to speak about " creating newer installer several times a day" . Without exaggeration I belive once a week will be just fine.
THIS IS JUST A PERSONAL OPINION.

 

the best will be one installer per month and it will be the best choice for everyone I believe.