First NOD 32 Quarantined exe was OA!

Discussion in 'NOD32 version 2 Forum' started by Escalader, Oct 24, 2007.

Thread Status:
Not open for further replies.
  1. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hello:

    Nod 32 just quarantined a file named OAFreeReg.exe via the heuristics.

    My guess is that is a vestige of my OA free trial, now I have OA licensed.

    I restored it to it's original location as I don't think it is a Trojan/Virus.

    After I restored it, I did a search for it found it and as soon as I clicked properties on this exe Nod 32 promptly popped it back into quarantine!

    Impressive. I have submitted this one to their lab for testing.

    Any other possibilities?
     
    Last edited: Oct 24, 2007
  2. ASpace

    ASpace Guest

  3. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi:

    Just posted this at OA forum. I will also post at the eset threat site as you suggest.

    Hi again:

    Just posted this over at Wilder's, so I thought it only reasonable I duplicate it here for comment:

    Further experimentation results:

    1. Restored OAFreeReg.exe to base location again
    2. Ran a ThreatFire scan it was clean.
    3. Ran an on demand Nod 32 it found zip, but didn't detect the exe.
    4. Ran a window washer.
    5. Searched for file again it was gone.

    Observations:

    1) Nod32 Heuristics scan results are different than on demand scan
    2) TF thinks it is a non issue

    It was a temp file, wiped clean by ww.

    Conclusion: It is a NOD 32 FP.
     
  4. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
  5. Don johnson

    Don johnson Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    77
    It seems that eset has fixed the fp.When I install OA Free,nod32 doesn't detect it.
     
  6. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
    If so, thank you "ESET":thumb: :D ;)
     
  7. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Yes, key word is "if".

    I have "assumed" the file

    OAFreeReg.exe which was a temporary file belonged to OA.

    Any poster could run search on their C drive to see if it is present.

    Don't forget it wasn't an on demand scan that id'd it it was NOD 32's heuristics.

    I like this fact that the heuristics picked it up.

    It is gone from my system. Thing is NOd 32 actually works and does stuff my old tools didn't. :)
     
  8. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
Thread Status:
Not open for further replies.