False Positive???

Discussion in 'ESET NOD32 Antivirus' started by acooldozen, Dec 14, 2008.

Thread Status:
Not open for further replies.
  1. acooldozen

    acooldozen Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    221
    Location:
    White Rock, BC, Canada
    14/12/2008 4:26:34 AM Real-time file system protection file C:\Program Files\HostsMan\uninstall.exe Win32/Adware.Cinmus application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,001
    Disable AV, restore file, zip up with password "infected" and send to samples("at")eset.com with subject "False Positive".
     
  3. andyr2005

    andyr2005 Registered Member

    Joined:
    May 22, 2008
    Posts:
    5
    Location:
    Gateshead, United Kingdom
    Hi,

    I have also just began getting the FP's as per the original poster.

    However, the files quarantined are from PowerDVD, Notepad ++ and Daemon-Tools.

    Any instructions on providing information to report the FP's?

    Andrew.
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,001
    What I just said above your post.

    I have both powerdvd and n++ and neither are detected. DB 3689.
     
  5. andyr2005

    andyr2005 Registered Member

    Joined:
    May 22, 2008
    Posts:
    5
    Location:
    Gateshead, United Kingdom
    Hi,

    Well I have sent the report, there seems to be a pattern where the files being detected as FP's are actually uninstaller files of programs which use the Nullsoft Install Script (NSIS) to perform the Install/Uninstall process.

    Andrew.
     
  6. Wonkabear

    Wonkabear Registered Member

    Joined:
    Feb 8, 2008
    Posts:
    20
    Location:
    Fayetteville NC
    NOD32 also tagged Secunia's PSISetup.exe and the c:\Program Files\Secunia\PSI\uninstall.exe as WIN32/Adware.Cinmus application.

    I think this is a FP.

    Ya'll have a great day.

    Bill
     
    Last edited: Dec 14, 2008
  7. Fixer

    Fixer Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    141
    Location:
    Bulgaria, EU
    I downloaded this program from:
    http://download.softpedia.com/dl/98...1113/software/network/hm_3.1.57_installer.zip

    When I tried to install the program, ESET Smart Security wiped a temp file and the installation failed.
    I sent an e-mail to ESET about this FP.
     
  8. jongie

    jongie Registered Member

    Joined:
    Jun 14, 2005
    Posts:
    62
    Location:
    Mold, Wales, UK
    I got the same false positive - mine is the uninstaller for Faststone image viewer. How quickly does ESET pick this up?
     
  9. BJStone

    BJStone Registered Member

    Joined:
    Oct 31, 2005
    Posts:
    139
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.