FP - again, please fix

Discussion in 'ESET Smart Security' started by Medank, Oct 19, 2008.

Thread Status:
Not open for further replies.
  1. Medank

    Medank Registered Member

    Joined:
    Aug 25, 2008
    Posts:
    102
    Last edited by a moderator: Oct 19, 2008
  2. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    It's been flagged as a 'potentially unsafe application'.
     
  3. Medank

    Medank Registered Member

    Joined:
    Aug 25, 2008
    Posts:
    102
    what is all this :D wow
    the file is safe it's not a virus or anything . eset detected as FP when will this file be removed ?
     
  4. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    It's not being flagged as a virus. If you don't want warnings about that program, untick 'Potentially unsafe applications' in your Threatsense settings.
     
  5. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    scan only MP3Rocket.exe then see result on virustotal
     
  6. Medank

    Medank Registered Member

    Joined:
    Aug 25, 2008
    Posts:
    102

    i did, i scaned again and it flagged as: a variant of Win32/AdInstaller application
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I've downloaded it and the result was as follows:
    File MP3Rocket.exe received on 10.18.2008 16:22:43 (CET)
    Current status: finished
    Result: 1/36 (2.78%)

    NOD32 3534 2008.10.18 -

    Additional information
    File size: 116224 bytes
    MD5...: 9fc505e6ad29c4909ab35cfadfd9e9c4
    SHA1..: 152849e3534f103e9ff623fbe8cec7fb7ff70c27
    SHA256: 6d3f91ca0b2d751f45019be57d1a4fc1ca446a5dc6c612f32e38dbf64fbc489a
    SHA512: 3371fb170922b187be07a2e80d0044e0005e90499f1e67d1178bad42ffacec7f
    bdff3567273d219d38acfe6d807c86d30b7be3921d65f9f8ce1febe97bdcbdf5
    PEiD..: -
    TrID..: File type identification
    Win32 Executable Generic (38.4%)
    Win32 Dynamic Link Library (generic) (34.1%)
    Win16/32 Executable Delphi generic (9.3%)
    Generic Win/DOS Executable (9.0%)
    DOS Executable Generic (9.0%)
     
  8. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    file apbarSp.MP3Rocket.exe is ad installer so it's not a FP
    i extract the installer with Universal Extractor v1.6
     

    Attached Files:

  9. Medank

    Medank Registered Member

    Joined:
    Aug 25, 2008
    Posts:
    102


    I just downloaded mp3rocket from same website as i mention above and scanned and result:
    -
    File MP3Rocket-Win.exe recived on 10.19.2008 23:18:36
    Current status: finished
    Resultat: 2/36 (5.56%)

    NOD32 3536 2008.10.19 - a variant of Win32/AdInstaller

    Additional Information
    File size: 3715432 bytes
    MD5...: 687d2ba0528f6f95b808d3c084db2898
    SHA1..: 580b174b6839beeb7e2a4404aef905f39db64a7e
    SHA256: 2e691587d6419cae0def80179d0f95bf28cece4fb5ba6c2a726869e61e644ed5
    SHA512: b4c87404867c0e746eed6181a1630eb447d40c386423e6a0b711c10030b55dd5
    1db1a117e809330a9a6ac89f4ee82a1904bd13688a28703d280164c75df37fbd
    PEiD..: -
    TrID..: File type identification
    Win64 Executable Generic (59.6%)
    Win32 Executable MS Visual C++ (generic) (26.2%)
    Win32 Executable Generic (5.9%)
    Win32 Dynamic Link Library (generic) (5.2%)
    Generic Win/DOS Executable (1.3%)
     
  10. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    That's what I got earlier - the file Marcos scanned was smaller?

    Saw that too:
    C:\Documents and Settings\xxxxxx\Desktop\MP3Rocket-Win.exe » NSIS » apbarSp.MP3Rocket.exe - a variant of Win32/AdInstaller application - was a part of the deleted object


    Cheers :)
     
  11. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    hey Marcos just curious is that 1/36 of VT and Not a FP.Disregard get my question answered and loving it.
     
    Last edited: Oct 19, 2008
  12. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Marcos appears to have tested the actual MP3Rocket.exe application file, versus what other have tested - i.e. the installer kit named MP3Rocket-Win.exe. It looks like NOD32 is not detecting the MP3Rocket.exe program itself once installed. It's just detecting the installer kit which contains a lot more than just the MP3Rocket.exe file. If it is a bundle containing adware among the other contents, then the detection isn't a FP, which is what proactivelover said above.
     
  13. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I guess it safe to say Nod was the first on the job.Time to signature watch.LOL
     
Thread Status:
Not open for further replies.