How can I send a sample?

Hello

I've just installed the Demo for Perimeter from http://www.3dgamers.com/dl/games/perimeter/perimeterdemo.exe.html and NOD 32 claims a file called protect.dll is an unknown virus.

There doesn't seem to be a built in function to send the suspected virus despite the help saying “When Nod32 detects a virus, it offers several actions. One of them is the "Export the file" button.” I can't seem to find this button.

Shall I email the NQI and NQF files from the C:\Program Files\ESET\infected folder?

Thanks

 

Well I sent a sample a week ago and have had no reply yet. According to this thread on the Codemasters Forum several people with NOD32 are having problems running the demo. Any word on a patch to stop NOD32 interfering with this legitimate program?

http://community.codemasters.com/forum/showthread.php?threadid=37155

 

Your protect.dll might be part of a poular shareware anti-crack system. If so, it may be a legitimate file ... but because it pulls defensive tricks often used by virus coders to protect their little creations, NOD32's heuristics may think it's malicious.

Try sending a zipped sample to samples@eset.com ... your first one might have gone astray in the mail or, if not zipped, might have been killed by NOD32 on arrival.

 

Thanks for the reply.

Sounds about right.

I sent the sample in a RAR archive, but I thought NOD32 could scan inside archives so how does zipping it help? Do I need to submit it in a password protected archive to bypass their scanner which is deleting viruses from the virus sample inbox?

Sounds like the sample submission process needs to be built into the virus scanner, like it was with my old copy of PC-cillin, so samples don't go astray and get blocked.

 

I agree completely that the submission process needs to be built into the virus scanner! Submission should be from quarantine. Every other av I have used does it this way. I'm surprised that Eset hasn't fixed this as this antiquated submission system with the wrong address in the NOD32 help file certainly doesn't help Eset get samples fast. Of course, I suppose Eset is depending on adv. heuristics to make it unnecessary for a signature to be put out quickly, but I'm not very comfortable with that even though I realize NOD's adv. heuristics are the best. I also think a sticky should be put at the top of this forum telling everyone where to submit and how to do it. I'm getting tired of seeing Paul's response on this.

Further, I hope this is not overstepping bounds here, but you might think of coming over to dslreports and using our submission process which, with one click, will submit the sample to all av vendors simultaneously (Submit Suspect Malware at top of dslr security forum). And yes, you should always password protect the zipped malware sample. (The idea of submitting to all vendors together is because we feel that av vendors should be fully cooperating on getting out signatures as fast as possible and competing only on other aspects of individual avs).

 

I also sent this dll to eset few days before...

Just simple add that dll to AMON exclusions and game will works fine...
(btw: ugly bad bad game, they defeat me each time! grr )

But - i can see that heuristics do own job...
Another trouble is with protection in Total Commander 1 sec start vs. over 6 secs when is AMON active... Same in NOD32 scanner...

I don't know why have Ghisler some stupid protections - when is there GENERIC keycrack that works from 5.x up to latest version (6.03a).