False Positve (nero_photoshow_express_5_setup.exe)

Discussion in 'NOD32 version 2 Forum' started by 'G', Dec 19, 2007.

Thread Status:
Not open for further replies.
  1. 'G'

    'G' Registered Member

    Joined:
    Aug 21, 2004
    Posts:
    64
    Location:
    United Kingdom
  2. ASpace

    ASpace Guest

    No , it isn't . It is a toolbar - potentially unwanted application
     
  3. 'G'

    'G' Registered Member

    Joined:
    Aug 21, 2004
    Posts:
    64
    Location:
    United Kingdom
    Actually just to make it clear, the detection was not during installation as it has not been installed. This was detected at an infection during the final 99 per cent download process.
     
  4. ASpace

    ASpace Guest


    So ?

    IMON can detect threat before they touch your hard drive
     
  5. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Wrong. The malware code already exists on your hard drive (how else do you think it got scanned?), it just hasn't been passed to the process that requested it.
     
  6. ASpace

    ASpace Guest


    You misunderstand why did I mentioned the above .
     
  7. 'G'

    'G' Registered Member

    Joined:
    Aug 21, 2004
    Posts:
    64
    Location:
    United Kingdom
    No there is no malware or any other type of infection on my machine. In fact I supply over 50,000 infections to anti-infection developers but that does not mean my machine is infected because it is not. I know what I’m doing.

    And no AMON is not detecting infections before they hit the hard disk drive – cute.

    I hope you are not being sarcastic. I’ve been an IT engineer for 15 years so I don't need to be told.

    Try this if you have Nero.

    Download Photo Express V5.0.0.85 if you have a logged in account but a trial version will do I guess and as the file is being copied from the temp file to the location specified, this is when the infection adinstaller alert is mentioned.

    I scan with the latest version of NOD32 def using the latest version of NOD32 2.7, and the latest version of CouterSpy (whom I beta test for and supplied 25,000 pre-2005 infections that where not in there database, so all CounterSpy users can thank me for that time and expense ;-) ) with the latest def file.

    My system is up to data and clean.

    In fact anyone trying to get in to my machine would have a touch time. I have pre-boot authentication and my volumes are encrypted with 3DES and any new files are encrypted and decrypted on-the-fly. I also have My Documents that uses it own tough encryption. On boot up a special password must be inserted or the MD contents to be useable, otherwise they will be garbage to anyone trying to read them.

    My point was to inform you of this. It is not me that is concerned but any newbie or less experienced user using NOD32 and downloading PhotoExpress (which I don’t use but supply to clients) may be confused.

    I hope this clarifies this matter

    All the best,
    Gavin
     
  8. 'G'

    'G' Registered Member

    Joined:
    Aug 21, 2004
    Posts:
    64
    Location:
    United Kingdom
    Eset states that this is not a false positive.
     
  9. ASpace

    ASpace Guest

    If you reread my initial reply (post #2) I told you the same , Doubting Thomas. ;)
     
  10. 'G'

    'G' Registered Member

    Joined:
    Aug 21, 2004
    Posts:
    64
    Location:
    United Kingdom
    Yes u did ;)
     
  11. Norton360

    Norton360 Registered Member

    Joined:
    Nov 28, 2007
    Posts:
    71
  12. 'G'

    'G' Registered Member

    Joined:
    Aug 21, 2004
    Posts:
    64
    Location:
    United Kingdom
    I wish they wouldn't include that rubbish in the install file for the Nero packages as they have started to do.
     
Thread Status:
Not open for further replies.