false positive

Discussion in 'ESET NOD32 Antivirus' started by asifsk, Jun 22, 2010.

Thread Status:
Not open for further replies.
  1. asifsk

    asifsk Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    3
    Actual Filename: ucp.exe

    Archive password: infected

    Developer Name: Endi

    Application Name: Ultra Core Protector

    Application Version: 6.1.0.0

    Website: xxtp://ucp-anticheat.org/

    Direct Download: xxtp://ucp-anticheat.org/download/ucpsetup.exe

    Application Purpose: Multiplayer Anti-cheat Software

    Virus Name: vmprotect.aaa Trojan

    Also Detected by: Symantec [Packed.Vmpbad!gen1], Kaspersky [HEUR:Trojan.Win32.Generic]
    It is a false positive that this Anti-Cheat Software is a virus. It’s just a secure/packed file from not being altered, injected or modified by Cheats/Hacks/Scripts during multiplayer games like Counter-Strike.

    Please take some necessary steps to make this file clear from your virus list or blacklist, its urgent. I have also submitted the request on Symantec/Kaspersky website and recently they had removed this file from their virus list / blacklist.

    Waiting for your response.

    Thanks


    PS. Reason to post here is that i was unable to send zip/rar in email to samples[at]eset.com
     
    Last edited by a moderator: Jun 22, 2010
  2. asifsk

    asifsk Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    3
    Here is the exe file: xxtp://rapidshare.com/files/401774261/ucp.zip.html
     
    Last edited by a moderator: Jun 22, 2010
  3. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Just to confirm, the software was reported as "vmprotect.aaa Trojan" and not "vmprotect.aaa Potentially Unsafe Application"?

    Regards,

    Aryeh Goretsky
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    They are using an illegal version of the protector which was confirmed in a reaction to a complaint from the vendor of VMProtect at the UPC-Anticheat Russian forum. If you want to use the application though, add it to the exclusion list.
     
  5. asifsk

    asifsk Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    3
    "23.06.10 VMProtect Software Company kindly provided an exclusive version VMProtect Professional for anticheat protection. I express my special thanks to the company at a really high quality product, unmatched in the market."
    Website: xxtp://ucp-anticheat.org/


    Now please clear this file from your virus database.
     
    Last edited: Jun 24, 2010
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    You must protect the executable with a legit version of VMProtect and replace the installer on the web. This will make the exe undetected.
     
  7. sf100

    sf100 Registered Member

    Joined:
    Jun 26, 2010
    Posts:
    3
    Is this going to be corrected? Its clearly a false positive and one of the reasons I went with nod32 is the fact they seem to not have nearly the false positives of other software.
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    See my reply above. Files packed with legit versions of packers are not detected whatsoever. Simply use a legit version of the packer to protect the file and replace it on the web.
     
  9. sf100

    sf100 Registered Member

    Joined:
    Jun 26, 2010
    Posts:
    3
    Im surprised that while other AV companies have removed this false positive ESET wont, it always seemed to be the other way around. Guess I might go back to Kaspersky when my sub is up.
     
  10. sf100

    sf100 Registered Member

    Joined:
    Jun 26, 2010
    Posts:
    3
    So is the final word that ESET will not remove it from detection even though it is not a virus?
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    If the statement "VMProtect Software Company kindly provided an exclusive version VMProtect Professional for anticheat protection." is true, use the legit version of the packer to protect your files and replace them on the web so that the application is not detected.
    Since everything has been said and explained, we'll draw this thread to a close.
     
Thread Status:
Not open for further replies.