I need to run a file that NOD32 detected as a virus...

Discussion in 'ESET NOD32 Antivirus' started by shm84, Apr 17, 2009.

Thread Status:
Not open for further replies.
  1. shm84

    shm84 Registered Member

    Joined:
    Apr 17, 2009
    Posts:
    2
    ...I tried to turn off NOD32 but I can't run this file anyway. I also tried to rename this file but it was automatically deleted (by Win XP, I suppose...) just after I renamed it (NOD32 was closed). How can I "unlock" this file? Thanks
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    I guess it's not an official file so add it to your exclude list.
     
  3. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    What application was the file from and what was the exact name of the detected threat?

    ESET NOD32 Antivirus detects viruses and other malware but it also will detect programs potentially unsafe or as potentially unwanted, depending upon the configuration options.

    If the application you are trying to run is being reported as either a potentially unsafe application or a potentially unwanted application, you can disable the options in ESET NOD32 Antivirus to detect these classes of software to allow the program to run.

    If the file is being reported as a virus, worm, Trojan horse or other type of threat, then it could be a possible false positive alarm, i.e., a report of a threat where none exists. If you believe this to be the case, then submit the file in a .ZIP or .RAR archive protected with a password of "infected" to samples@eset.sk with a Subject: of "False Positive - {name of threat} - {virus signature database}".

    For example, let's say a file named WHALE.EXE is being reported as "probably a variant of the Frodo virus" by ESET NOD32 Antivirus v4.0 with virus signature database 4096. In that case, you would send an email to ESET's virus researchers with a Subject: of "False Positive - Frodo variant - 4096" and the WHALE.EXE file attached in a password-protected archive.

    In the message body of your e-mail, include the following information:
    • version information from your copy of ESET NOD32 Antivirus (Open the user interface and select Help→About from the main menu bar to view, click in the list, press Ctrl+A to select it, Ctrl+C to copy it and Ctrl+V to paste it into the email.)
    • name of the company that made the application
    • name and version of the application
    • why you think it is a false positive alarm
    • a link to this message thread
    • your contact information
    This will help the researcher analyzing the file.

    It is often helpful to include a log file from ESET's diagnostic tool, ESET SysInspector as well. You can download a copy of ESET SysInspector from ESET's web site.

    Regards,

    Aryeh Goretsky
     
  4. shm84

    shm84 Registered Member

    Joined:
    Apr 17, 2009
    Posts:
    2
    First sorry for my inaccuracy ;) . Where I work we are trying to run a cracked version of OrCAD in order to check some feature of the 16.0 release. We have the license but it occurs some trouble with it and with the official support service. At this time I don't remember the NOD32 version.
    Anyway, NOD32 detect a file of the crack as potentially unsafe.
    The suspected file is named NOLIC.COM and it's in the NoLic_Orcad_16.0.rar that I found on p2p.
    Monday I will try to disable the options for this kind of files.
    Thanks
     
Thread Status:
Not open for further replies.