False Positive???

Discussion in 'ESET NOD32 Antivirus' started by acooldozen, Dec 14, 2008.

Thread Status:
Not open for further replies.
  1. acooldozen

    acooldozen Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    218
    Location:
    White Rock, BC, Canada
    14/12/2008 4:26:34 AM Real-time file system protection file C:\Program Files\HostsMan\uninstall.exe Win32/Adware.Cinmus application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Disable AV, restore file, zip up with password "infected" and send to samples("at")eset.com with subject "False Positive".
     
  3. andyr2005

    andyr2005 Registered Member

    Joined:
    May 22, 2008
    Posts:
    5
    Location:
    Gateshead, United Kingdom
    Hi,

    I have also just began getting the FP's as per the original poster.

    However, the files quarantined are from PowerDVD, Notepad ++ and Daemon-Tools.

    Any instructions on providing information to report the FP's?

    Andrew.
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    What I just said above your post.

    I have both powerdvd and n++ and neither are detected. DB 3689.
     
  5. andyr2005

    andyr2005 Registered Member

    Joined:
    May 22, 2008
    Posts:
    5
    Location:
    Gateshead, United Kingdom
    Hi,

    Well I have sent the report, there seems to be a pattern where the files being detected as FP's are actually uninstaller files of programs which use the Nullsoft Install Script (NSIS) to perform the Install/Uninstall process.

    Andrew.
     
  6. Wonkabear

    Wonkabear Registered Member

    Joined:
    Feb 8, 2008
    Posts:
    20
    Location:
    Fayetteville NC
    NOD32 also tagged Secunia's PSISetup.exe and the c:\Program Files\Secunia\PSI\uninstall.exe as WIN32/Adware.Cinmus application.

    I think this is a FP.

    Ya'll have a great day.

    Bill
     
    Last edited: Dec 14, 2008
  7. Fixer

    Fixer Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    141
    Location:
    Bulgaria, EU
    I downloaded this program from:
    http://download.softpedia.com/dl/98...1113/software/network/hm_3.1.57_installer.zip

    When I tried to install the program, ESET Smart Security wiped a temp file and the installation failed.
    I sent an e-mail to ESET about this FP.
     
  8. jongie

    jongie Registered Member

    Joined:
    Jun 14, 2005
    Posts:
    62
    Location:
    Mold, Wales, UK
    I got the same false positive - mine is the uninstaller for Faststone image viewer. How quickly does ESET pick this up?
     
  9. BJStone

    BJStone Registered Member

    Joined:
    Oct 31, 2005
    Posts:
    139
Thread Status:
Not open for further replies.