False positive

Discussion in 'ESET NOD32 Antivirus' started by prada, Dec 31, 2007.

Thread Status:
Not open for further replies.
  1. prada

    prada Registered Member

    Joined:
    Dec 31, 2007
    Posts:
    1
    C:\Program Files\Winamp\winampa.exe - Win32/TrojanDropper.Agent.DGO virus
    C:\Program Files\Winamp Remote\bin\OrbTray.exe - Win32/TrojanDropper.Agent.DGO virus

    Winampa and Winamp remote I installed to allow myself to access my music from my wii etc. I never got this BEFORE I installed the winamp remote to allow access from my wii.
     
  2. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Re: Fale positive

    Hi!

    I have got Winamp too and my ESS didn't detect the trojan. Test that files on www.virustotal.com and tell us results.

    Scan Log
    Version of virus signature database: 2758 (20071231)
    Date: 31. 12. 2007 Time: 13:52:50
    Scanned disks, folders and files: C:\Program Files\Winamp\
    Number of scanned objects: 54
    Number of threats found: 0
    Time of completion: 13:52:51 Total scanning time: 1 sec (00:00:01)


    :thumb:
     
  3. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Re: Fale positive

    Our policy concerning the posting of those results.

    Policy Regarding the Posting of Jotti/Virus Total Results

    Bubba
     
  4. ASpace

    ASpace Guest

    Re: Fale positive


    I would generally ask you if you use the latest version but Winamp Remote is from the latest . I don't use Winamp but I just installed the latest Pro version from their site , got no alert from NOD32 . I use the latest signature 2758.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Re: Fale positive

    To my best knoledge, this is a new dropper for Virtumonde that comes with a file infector. NOD32 should be able to clean infected files.
     
  6. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Re: Fale positive

    Virtumonde/Vundo infected by Virut? I've been seeing this lately.
     
  7. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Re: Fale positive

    Marcos didn't mention Virut. :rolleyes:
     
  8. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Re: Fale positive

    I know, but Virut is the most common file infector nowadays and it's infecting trojan downloaders/droppers.
     
  9. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If it's actually the dropper in question, it should drop Virtumonde along with another file that is responsible for infecting files run at startup, if I remember well.
     
Thread Status:
Not open for further replies.