False Positive?

Discussion in 'NOD32 version 2 Forum' started by btman, Dec 16, 2006.

Thread Status:
Not open for further replies.
  1. btman

    btman Registered Member

    Joined:
    Feb 11, 2006
    Posts:
    576
    unknown NewHeur_PE virus. Says the scan log, where should I send it to for it to be analyzed. Just scanned with the 2.7 trial version. This was a scan with like all the options to scan someplace on.

    Everything under threatsense, scan and system was checked (except for list all files)

    Antivirus Version Update Result
    AntiVir 7.3.0.19 12.15.2006 no virus found
    Authentium 4.93.8 12.15.2006 could be a corrupted executable file
    Avast 4.7.892.0 12.16.2006 no virus found
    AVG 386 12.16.2006 no virus found
    BitDefender 7.2 12.16.2006 no virus found
    CAT-QuickHeal 8.00 12.15.2006 no virus found
    ClamAV devel-20060426 12.16.2006 no virus found
    DrWeb 4.33 12.16.2006 no virus found
    eSafe 7.0.14.0 12.14.2006 no virus found
    eTrust-InoculateIT 23.73.87 12.16.2006 no virus found
    eTrust-Vet 30.3.3254 12.15.2006 no virus found
    Ewido 4.0 12.16.2006 no virus found
    Fortinet 2.82.0.0 12.16.2006 suspicious
    F-Prot 3.16f 12.15.2006 no virus found
    F-Prot4 4.2.1.29 12.15.2006 no virus found
    Ikarus T3.1.0.26 12.16.2006 no virus found
    Kaspersky 4.0.2.24 12.16.2006 no virus found
    McAfee 4920 12.15.2006 no virus found
    Microsoft 1.1804 12.15.2006 no virus found
    NOD32v2 1924 12.15.2006 probably unknown NewHeur_PE virus
    Norman 5.80.02 12.15.2006 no virus found
    Panda 9.0.0.4 12.16.2006 no virus found
    Prevx1 V2 12.16.2006 no virus found
    Sophos 4.12.0 12.14.2006 no virus found
    Sunbelt 2.2.907.0 11.30.2006 no virus found
    TheHacker 6.0.3.133 12.16.2006 no virus found
    UNA 1.83 12.15.2006 no virus found
    VBA32 3.11.1 12.16.2006 no virus found
    VirusBuster 4.3.19:9 12.16.2006 no virus found
     
  2. ASpace

    ASpace Guest

    Hello . If your NOD32 detects this , you can use ThreatSense and send it via the program to ESET . If not , send it via email to samples@eset.com .

    Keep us informed ;)
     
  3. btman

    btman Registered Member

    Joined:
    Feb 11, 2006
    Posts:
    576
    Sent.
     
  4. btman

    btman Registered Member

    Joined:
    Feb 11, 2006
    Posts:
    576
    Another false positive, same settings as before.

    C:\Program Files\a-squared Anti-Dialer\a2adguard.exe - probably unknown NewHeur_PE virus [7]

    Sending it now. (VirusTotal says NOD32 didn't detect it but nothing else did either, but it's a legit program)
     
  5. btman

    btman Registered Member

    Joined:
    Feb 11, 2006
    Posts:
    576
    Is this one going to be fixed? Because this is a legit program
     
  6. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    Your best bet is to email support @ eset .com with a link to this thread, if you've emailed it to samples @ eset in my experience it will take a lot longer and you may not get a reply.

    Londonbeat
     
  7. btman

    btman Registered Member

    Joined:
    Feb 11, 2006
    Posts:
    576
    Thanks, I'll do that in a week if it's still not fixed.
     
  8. btman

    btman Registered Member

    Joined:
    Feb 11, 2006
    Posts:
    576
    Sending it now... Suprised it hasn't been fixed yet... Very suprised actually...Just found out comodo was stopping updates... scanning again to see if it was fixed in previous updates.

    Edit: Nope it's still detected... Can it be fixed....
     
    Last edited: Jan 4, 2007
  9. ctrlaltdelete

    ctrlaltdelete Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    318
    Location:
    NL
    Just installed the program, version 2.1.0.16

    No FP here, i've send the file to virustotal:

    a2adguard.exe

    NOD32v2 1955 01.03.2007 no virus found

    File size: 996864 bytes
    MD5: c0fba72d5f2208d577c61de2d09ded51
    SHA1: 0a5abc6fc0c6ffad864ee4a60731fd2e574e42b1
     
  10. btman

    btman Registered Member

    Joined:
    Feb 11, 2006
    Posts:
    576
    Yep it's fixed now.
     
Thread Status:
Not open for further replies.