First NOD 32 Quarantined exe was OA!

Hello:

Nod 32 just quarantined a file named OAFreeReg.exe via the heuristics.

My guess is that is a vestige of my OA free trial, now I have OA licensed.

I restored it to it's original location as I don't think it is a Trojan/Virus.

After I restored it, I did a search for it found it and as soon as I clicked properties on this exe Nod 32 promptly popped it back into quarantine!

Impressive. I have submitted this one to their lab for testing.

Any other possibilities?

 

Report as possible false positive:

http://www.eset.com/threat-center/up/submit.htm

 

Hi:

Just posted this at OA forum. I will also post at the eset threat site as you suggest.

Hi again:

Just posted this over at Wilder's, so I thought it only reasonable I duplicate it here for comment:

Further experimentation results:

1. Restored OAFreeReg.exe to base location again
2. Ran a ThreatFire scan it was clean.
3. Ran an on demand Nod 32 it found zip, but didn't detect the exe.
4. Ran a window washer.
5. Searched for file again it was gone.

Observations:

1) Nod32 Heuristics scan results are different than on demand scan
2) TF thinks it is a non issue

It was a temp file, wiped clean by ww.

Conclusion: It is a NOD 32 FP.

 

https://www.wilderssecurity.com/showthread.php?t=188860

 

It seems that eset has fixed the fp.When I install OA Free,nod32 doesn't detect it.

 

If so, thank you "ESET"

 

Yes, key word is "if".

I have "assumed" the file

OAFreeReg.exe which was a temporary file belonged to OA.

Any poster could run search on their C drive to see if it is present.

Don't forget it wasn't an on demand scan that id'd it it was NOD 32's heuristics.

I like this fact that the heuristics picked it up.

It is gone from my system. Thing is NOd 32 actually works and does stuff my old tools didn't.

 

Yes, it looks like the same file name but mine wasn't all caps?

At any rate they know about it and can or have fixed it.

Thanks