False positive

Discussion in 'ESET NOD32 Antivirus' started by prada, Dec 31, 2007.

Thread Status:
Not open for further replies.
  1. prada

    prada Registered Member

    Joined:
    Dec 31, 2007
    Posts:
    1
    C:\Program Files\Winamp\winampa.exe - Win32/TrojanDropper.Agent.DGO virus
    C:\Program Files\Winamp Remote\bin\OrbTray.exe - Win32/TrojanDropper.Agent.DGO virus

    Winampa and Winamp remote I installed to allow myself to access my music from my wii etc. I never got this BEFORE I installed the winamp remote to allow access from my wii.
     
  2. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Re: Fale positive

    Hi!

    I have got Winamp too and my ESS didn't detect the trojan. Test that files on www.virustotal.com and tell us results.

    Scan Log
    Version of virus signature database: 2758 (20071231)
    Date: 31. 12. 2007 Time: 13:52:50
    Scanned disks, folders and files: C:\Program Files\Winamp\
    Number of scanned objects: 54
    Number of threats found: 0
    Time of completion: 13:52:51 Total scanning time: 1 sec (00:00:01)


    :thumb:
     
  3. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Re: Fale positive

    Our policy concerning the posting of those results.

    Policy Regarding the Posting of Jotti/Virus Total Results

    Bubba
     
  4. ASpace

    ASpace Guest

    Re: Fale positive


    I would generally ask you if you use the latest version but Winamp Remote is from the latest . I don't use Winamp but I just installed the latest Pro version from their site , got no alert from NOD32 . I use the latest signature 2758.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    Re: Fale positive

    To my best knoledge, this is a new dropper for Virtumonde that comes with a file infector. NOD32 should be able to clean infected files.
     
  6. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Re: Fale positive

    Virtumonde/Vundo infected by Virut? I've been seeing this lately.
     
  7. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Re: Fale positive

    Marcos didn't mention Virut. :rolleyes:
     
  8. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Re: Fale positive

    I know, but Virut is the most common file infector nowadays and it's infecting trojan downloaders/droppers.
     
  9. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    If it's actually the dropper in question, it should drop Virtumonde along with another file that is responsible for infecting files run at startup, if I remember well.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.