IE7 beta/Yahoo! Search false positive?

Discussion in 'NOD32 version 2 Forum' started by jmc777, May 27, 2006.

Thread Status:
Not open for further replies.
  1. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    When you visit http://search.yahoo.com in IE7, a bar pops up at the top of the page asking you if you'd like to set Yahoo! search as the default search option in the IE7 search box. On clicking the orange "Choose Yahoo!" button and saving the file to my HD, NOD32 shows the red "threat detected" window and says that ysetsearch.exe is "probably unknown NewHeur_PE virus".

    The strange thing is, once I have downloaded the small file to my desktop and re-scanned it, NOD says that the file's clean.

    Can anyone else confirm/deny this behaviour?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I don't get any pop-ups, could send that file to samples[at]eset.com for analysis?
     
  3. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    Hi Marcos,

    If you clear your cookies and delete all temp internet files, you should see the following....

    http://img142.imageshack.us/img142/6919/yahoo0on.gif


    I think the file got sent via ThreatSense, but I'll email it to you as well. As I said in my first post, NOD is only flagging the file when I click on the link on the Yahoo! page; when I scan it after it's been downloaded to my HD, NOD thinks it's clean. (It's AMON that's catching it as I don't use IMON)
     
Thread Status:
Not open for further replies.