False positive?

Discussion in 'ESET NOD32 Antivirus' started by grun93, Mar 11, 2012.

Thread Status:
Not open for further replies.
  1. grun93

    grun93 Registered Member

    Joined:
    May 11, 2009
    Posts:
    24
    Hi guys,

    I'm using the latest v5.0.95.0 of NOD32, OS is Win7 64-bits. My problem is that NOD32 won't let me download an updatefile for my movie catalogue program, extreme movie manager. This is the file:

    http://isthisfilesafe.com/sha1/90975A7E6D8EC5E98FFC3640436880CAC576EF28_details.aspx

    Normally I would send it to ESET for analysis, but the download is cut off at 150 Kb, so I don't have anything to send. The actual file size is around 3-4 Mb. These update files are issued on a regular basis (once a week most of the time) and NOD32 had no concerns about previous versions. But with this new version 7.2.2.2 (and 7.2.2.3 as well) NOD32 claims it is infected with Win32/adware.Somoto.A.
    I've tried to exclude this file from scanning but was not able to. Even disabled NOD32 but the file still doesn't download. The checkbox exclude from scanning on the popup screen What To Do With This File is greyed out and I couldn't figure out why. I've also dropped a similar message like this on the xmm forum, but apart from someone with Avira Antivir, nobody else responded. So I guess it is a false positive (I know, dangerous assumption).
     
    Last edited: Mar 11, 2012
  2. hogndog

    hogndog Registered Member

    Joined:
    Jun 9, 2007
    Posts:
    628
    Location:
    In His Service
    A slim possibility but have you tried running a scan with another application? :)

    Thanks..
    Hogndog
     
  3. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    did you try to download on another machine and then install and submit to eset? If download stops with eset disabled then it might not be the cause.
     
  4. grun93

    grun93 Registered Member

    Joined:
    May 11, 2009
    Posts:
    24
    I saw that although NOD32 is disabled, HIPS remains still active. So I entered the advanced setup, disabled HIPS, rebooted the pc and temporarily disabled NOD32 again. Tried to download the update file again, but still NOD32 won't let me and a red NOD32 popup screen appears. Grrr...

    Time for some more drastic action then. This time I completely removed NOD32 and rebooted the pc. Off course I have backups of all the important stuff. Started extreme movie manager and pressed the update button. BTW: this is the only way to update, it is not possible to download a separate file but you have to update from within the program itself.
    Still the program stops at 150 Kb, while previous versions were about 3-4 Mb. No warning though, so I pressed next, only to find out that the look-and-feel of the update screen changed completely. From this version on, the default setting is trying to implement IncrediBar, a sort of toolbar within the browser, and tries to change the default homepage too. There is a custom setting which allows to bypass this default behaviour though. I don't like this kind of software... maybe it is time to look for another movie catalogue program.

    I will submit the update file to ESET for analysis. For the time being (to be able to receive update files) I installed NOD32 v4.2.71.2. After installing but before rebooting a NOD32 popup screen appears with a warning about a file in RAM, betterinstaller.exe. I'm pretty sure that the update file put it there. After a reboot also suddenly a new icon appears called Homegroup. Didn't press anything yet, but googled to find out that probably this is hopefully harmless. Still, I didn't initiate the installation of this icon so it shouldn't be there.
     
Thread Status:
Not open for further replies.