False Positive

Discussion in 'NOD32 version 2 Forum' started by ugly, Jun 11, 2006.

Thread Status:
Not open for further replies.
  1. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    Today I made a fresh install of NOD32.
    But , surprise :

    FP.JPG

    Q&Q Defrag Agent seems to be a new virus !:eek:
    I think this happened before update.

    BTW I have to reinstall Q&Q Defrag to use it again !:mad:
     
  2. ASpace

    ASpace Guest


    So why do you think it is false-positive ? ? ?

    Place that file to quarantine and submit it for analyze . Also , samples@eset.com

    And something you know very well -> Virus Total
    www.virustotal.com

    ;) Let us know how it goes
     
  3. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    As you can see with current database NOD found nothing.


    FP1.JPG


    I am 100% sure that was a FP !:isay:
     
  4. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Well there you go. Update and let that be the end of it.
     
  5. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    This is not the point.
    Enyone else will have the same problem with Q&Q installed and a fresh NOD setup.
    I think they should eliminate this FP !
     
  6. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    just trying to understand the problem - when you install a fresh copy of NOD32 and BEFORE it is updated this file is flagged as a threat, but after NOD32 is updated it isn't flagged as a problem...if this is the case, then it isn't a problem. It is only a problem if, after updating it still flags a genuine file as a false positive.
     
  7. ASpace

    ASpace Guest


    Now I agree ! o_O
    :thumb:
     
  8. Nunes

    Nunes Registered Member

    Joined:
    Apr 4, 2006
    Posts:
    103
    Location:
    AMADORA,Portugal
    I use O&O Defrag and NOD never, never, flaged any O&O file with virus. So I don't understand this one.
     
  9. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    Why not just restore the file from NOD32's Quarantine? The program should work ok after that?
     
  10. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Agreed.

    Cheers :D
     
  11. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    If you look at my first post you can see : " action - error while cleaning..."
    There is no file in Quarantine. The program just do not work anymore after that.
    But if you all think this is normal I will put an end to this story now.

    Best regards.
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If the file is not detected with an up to date version of NOD32, where's the problem then? How can you fix it without updating NOD32?
     
  13. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    Sorry but when you mentioned Q&Q Defrag you mean O&O defrag correct. I'm using O&O Defrag on my Fathers PC and Bitdefender Pro 9 and I've never ever encountered any of this type of prob, plus also previously I used O&O defrag on my PC with NOD32 and again didnt have any probs.

    My suggestions:

    1. Uninstall O&O Defrag
    2. Clr all your cache and temp internet files
    3. Re-Boot your PC in safe mode and do a full scan of your HDD.

    Note: Make sure that your NOD32 is fully updated before following steps 1 - 4.
     
  14. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Basically, what you are saying is that the fresh NOD32 program should come with virus definitions that are newer than the ones currently included. For example, if the virus definitions now included come from January, and the O&O problem was fixed in March, then NOD32 should come with virus definitions from April or later.

    Something like that?
     
  15. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Yeah I still don't get it.. How are they supposed to fix an FP without updating? ...
     
  16. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    IMHO that would only be true if the user selected Restart Now versus Restart Later during the final step of installing Nod32.

    I personally would suggest you consider downloading up to date signatures before restarting if at all possible.
     
  17. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    Something like that.
    But that only if we(they) admit there is a problem.
     
  18. andrator

    andrator Registered Member

    Joined:
    Feb 10, 2006
    Posts:
    54
    Location:
    Netherlands
    A FP rendering a Terminal Server useless qualifies as a problem :D

    I just experienced a similar problem. While configuring NOD32 I've also configured a weekly scan. This scan is configured to run immediately if it has not run within 400 hours. The update is configured to run each hour.

    We're using RES PowerFuse for managing our Terminal Servers.

    If I push NOD32 Enterprise to a Terminal Server the weekly scan immediately runs without an update:

    Pwrstart.exe is an essential part of our Terminal Servers, which means it now has become useless.

    After restoring pwrstart.exe and repeating the scan with an update it no longer is detected:

    VirusTotal doesn't find any virus.

    The easiest way to solve my problem has already been mentioned: the fresh NOD32 program should come with virus definitions that are newer than the ones currently included.

    Currently I'm using 2.50.25, I could try if 2.51.26 solves the problem.

    AFAIK I can't exclude files from on-demand scanning, so this will be very difficult. Any suggestion - except not using on-demand scanning, disabling AH or other major changes in my configuration - is welcome.
     
  19. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    Virus definitions in setup program is from 24.03.2006 !!:blink:
    This is causing problems to many peoples due to those FP at a fresh install.
    So I have a common sense question : why is eset keeping those virus definitions like that ? o_O Maybe they have a reson for that ?!
     
  20. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's impossible to have always the latest definitions included in the installer. This would mean creating newer installer several times a day and uploading 1,5 GB of data with every update (not taking trial versions into account). At any rate, the current installers come with update 1.1618 embedded.
     
  21. andrator

    andrator Registered Member

    Joined:
    Feb 10, 2006
    Posts:
    54
    Location:
    Netherlands
    Thanks, I'll try that and hope it solves the FP.
     
  22. andrator

    andrator Registered Member

    Joined:
    Feb 10, 2006
    Posts:
    54
    Location:
    Netherlands
    I reinstalled NOD32 using the 2.51.26 installer. First the problem didn't occur, because the definitions were updated before the scan started. After reinstalling while disabling updates I was able to test this issue with 2.51.26.

    Problem appears to be solved with the 1.1458 definition.

    2.51.26 comes with 1.1458, so I don't know what installer you are refering to that comes with 1.1618? Anyway, problem is solved with 1.1458.
     
  23. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    I think we are all too serious to speak about " creating newer installer several times a day" . Without exaggeration I belive once a week will be just fine.
    THIS IS JUST A PERSONAL OPINION.
     
  24. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    the best will be one installer per month and it will be the best choice for everyone I believe. :)
     
Thread Status:
Not open for further replies.