False positive

Discussion in 'NOD32 version 2 Forum' started by Don W., Aug 15, 2006.

Thread Status:
Not open for further replies.
  1. Don W.

    Don W. Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4
    There is a new freeware called rockXP that:

    "RockXP freeware for Windows XP allows you to; retrieve and change your XP Key, retrieve all Microsoft Products keys, save your XP activation file, retrieve your lost XP system passwords, retrieve your lost RAS (Remote access Settings) passwords, and generate new passwords."

    It comes up positive in NOD32. I, personally don't use XP but help out with some XP machines. Just wondering.

    The file itself is called rockXP4.exe

    It can be found at Major Geeks

    http://www.majorgeeks.com/download4138.html

    They say:

    Avast is detecting a virus in this latest version. It is a false positive, no other anti-virus programs can find a problem.

    All above just FYI, really like NOD32, use it on many machines.:thumb:

    Thanks,

    Don
     
  2. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    I don't think that this is a false positive - it is detected as 'Win32/PSWTool.RAS.A application' if you have checking for Potentially Dangerous Applications enabled (which is not enabled by default) HTH

    Cheers :)
     
  3. Don W.

    Don W. Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4
    Don't usually hang here. NOD works very well for me. And, yes, I have that checked. I haven't even run the exe as I don't have XP on this machine. (There is an XP machine in the house and help with others so just being careful.) Since NOD catching something is fairly rare for me I thought I'd check in and just post an FYI so the info was out there.

    Thanks,

    Don
     
  4. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Many thanks :)
     
  5. Don W.

    Don W. Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4
    You be welcome...
     
  6. covaro

    covaro Registered Member

    Joined:
    Jul 4, 2006
    Posts:
    149
    Location:
    Abingdon, MD, USA
    RockXP isn't really all that new, and it is NOT a FP. As with most tools that can pull passwords from protected areas of this system this program is seen as a PDA. Symantec Corp v10 and above and KAV both detect it (from personal experience).

    So it's either exclude the PDAs from being scanned or exclude that particular file in AMON.

    -Cov
     
Thread Status:
Not open for further replies.