Getting tons of alerts false positives

Discussion in 'ESET NOD32 Antivirus' started by bradtech, Nov 18, 2009.

Thread Status:
Not open for further replies.
  1. bradtech

    bradtech Registered Member

    Joined:
    Nov 16, 2009
    Posts:
    84
    C:\WINNT\System32\MIL.dll contains probably a variant of Win32/Genetik trojan

    C:\Program Files\Intel\WiFi\bin\EvtEng.exe contains probably a variant of Win32/Genetik trojan.

    I just started getting these like crazy in the past 30 minutes to an hour... I have looked online, and they appear to be legitmiate files.. MIL.DLL appears to be a Microsoft file..
     
  2. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    Just a heads up, users connecting to Wifi with the Intel agent instead of the Windows one will fail to connect if EvtEng.exe is missing after a reboot. Hold on to your butt, things are about to get fun.
     
  3. bradtech

    bradtech Registered Member

    Joined:
    Nov 16, 2009
    Posts:
    84
    ........................................................ :thumbd: :thumbd: :thumbd: :thumbd: :thumbd: :thumbd:
     
  4. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    Yeah, I smell a PR disaster in the making on this one.
     
  5. vbuckjr

    vbuckjr Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    10
    Location:
    Nashville, TN
    My boss just ran into this as well, does anyone know if Eset is aware and trying to fix?
     
  6. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    I have a ticket open on it right now.
     
  7. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  8. ThomasC

    ThomasC Former ESET Support Rep

    Joined:
    Sep 8, 2008
    Posts:
    209
    As of approxamitly 6:00 PM PST virus databse version 4621 was released which should have corrected the problem. Please let us know if any of you continue to get any false threat notifications.

    -Tom
     
  9. bradtech

    bradtech Registered Member

    Joined:
    Nov 16, 2009
    Posts:
    84
    Thomas this morning I got this

    C:\Program Files\Symantec\Ghost\UPDATE.EXE contains probably a variant of Win32/Genetik trojan.

    C:\Program Files\Intel\WiFi\bin\EvtEng.exe contains probably a variant of Win32/Genetik trojan.
     
  10. ThomasC

    ThomasC Former ESET Support Rep

    Joined:
    Sep 8, 2008
    Posts:
    209
    What version of the virus DB is the computer(s) that received those notifications currently on?

    The latest DB is 4622 released some time this morning.

    If they are 4622 are you still getting threat notifications?

    If you are please contact ESET Customer Support so we can collect samples and get this taken care for you.



    -Tom
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    As far as I know, this was rectified in update 4621.
     
  12. bradtech

    bradtech Registered Member

    Joined:
    Nov 16, 2009
    Posts:
    84
    It was early this morning and I have not witnessed any more false positives.. It could be that they did not have the most up to date databases signatures.. I have done a mass Update Now command to all my clients
     
  13. bfrederick

    bfrederick Registered Member

    Joined:
    Nov 19, 2009
    Posts:
    3
    I have loaded the 4622 database and still getting threat notifications for the evteng.exe.
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Could you upload it to VirusTotal? There's no reason to detect that file with recent updates.
     
  15. bradtech

    bradtech Registered Member

    Joined:
    Nov 16, 2009
    Posts:
    84
    11/19/2009 10:43:08 AM - Module Real-time file system protection - Threat Alert triggered on computer SWP-110544: C:\Program Files\Intel\WiFi\bin\EvtEng.exe contains probably a variant of Win32/Genetik trojan.

    What's odd is that I sent the file to vt and it says ESET didn't detect it..But yet somehow it did on this one machine with 4622... I'm kind of stumped.. I also made an exception through policy manager to exclude this.. I wonder if it is a delayed response from yesterday even though it says it occured today 2-3 minutes ago..
     
  16. bfrederick

    bfrederick Registered Member

    Joined:
    Nov 19, 2009
    Posts:
    3
    I uploaded the file to Virus Total and got 0%. I verified I am on 4622. I am going to pull the file from quaratine again and see if NOD32 ignores it this time.
     
  17. bradtech

    bradtech Registered Member

    Joined:
    Nov 16, 2009
    Posts:
    84
    The MIL.DLL file that got deleted was needed by a program that we do drivers license imaging on.. The program will not run without.. It is no longer being detected but it ate it off 15 computers in different locations across our state. There is nothing in the quarantine, and there are error messages popping up logging in about the file missing.. Was NOD32 suppose to place the file back in system 32 after a definition came back if so, it did not, and I cannot unquarantine it.
     
  18. bfrederick

    bfrederick Registered Member

    Joined:
    Nov 19, 2009
    Posts:
    3
    After further review, I think 4622 fixed mine. The message I received from NOD32 was to submit the suspicious file to ESET, not an infection notification. I think we're good now. Appreciate everyone's input.
     
Thread Status:
Not open for further replies.