Gene6 FTP server false positive?

Discussion in 'NOD32 version 2 Forum' started by dsi-ap, Mar 1, 2006.

Thread Status:
Not open for further replies.
  1. dsi-ap

    dsi-ap Registered Member

    Joined:
    Jul 4, 2005
    Posts:
    118
    Location:
    UK
    Hello

    I keep getting NOD32 picking up the following threat;

    Code:
    Log Details
    Scanning Log
    NOD32 version 1.1422 (20060301) NT
    Command line: /config=
    Operating memory - is OK
    
    Date: 1.3.2006  Time: 08:50:17
    Scanned disks, folders and files: C:
    C:
    C:\pagefile.sys - error opening (file locked)
    .
    .
    .
    C:\Downloads\FTP-Servers\BPFTP\Service Addon\G6Service.exe - Win32/Tool.ServiceRunner.D Application
    C:\Downloads\FTP-Servers\BPFTP\Service Addon\g6service.zip - Win32/Tool.ServiceRunner.D Application
    C:\Downloads\FTP-Servers\BPFTP\Service Addon\g6service.zip »ZIP »G6Service.exe - Win32/Tool.ServiceRunner.D Application
    .
    .
    .
    Number of scanned files: 444611
    Number of threats found: 2
    Number of active threats: 2
    Time of completion: 09:35:36 Total scanning time: 2719 sec (00:45:19)
    
    Notes:
    [4] File cannot be opened. It may be in use by another application or operating system.
    
    
    What should i do?
     
  2. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    Not impossible that this component (of the BulletProof FTP server) has also been used in some kind of trojan backdoor.

    Try disabling "potentially dangerous applications" in the setup of your AMON/On-demand scan profile and see if that helps (but that could leave your computer "less" protected). If not, you can try to exclude it from AMON.
     
  3. dsi-ap

    dsi-ap Registered Member

    Joined:
    Jul 4, 2005
    Posts:
    118
    Location:
    UK
    OK I think its wise to be left as is, and the scan logs reports ignore for this particular warning on Gene6.
     
  4. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    It's not a false positive, it's a positive identification. Just exclude the affected files if need be.
     
Thread Status:
Not open for further replies.