IE7 beta/Yahoo! Search false positive?

Discussion in 'NOD32 version 2 Forum' started by jmc777, May 27, 2006.

Thread Status:
Not open for further replies.
  1. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    When you visit http://search.yahoo.com in IE7, a bar pops up at the top of the page asking you if you'd like to set Yahoo! search as the default search option in the IE7 search box. On clicking the orange "Choose Yahoo!" button and saving the file to my HD, NOD32 shows the red "threat detected" window and says that ysetsearch.exe is "probably unknown NewHeur_PE virus".

    The strange thing is, once I have downloaded the small file to my desktop and re-scanned it, NOD says that the file's clean.

    Can anyone else confirm/deny this behaviour?
     
    jmc777, May 27, 2006
    #1
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    I don't get any pop-ups, could send that file to samples[at]eset.com for analysis?
     
    Marcos, May 27, 2006
    #2
  3. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    Hi Marcos,

    If you clear your cookies and delete all temp internet files, you should see the following....

    http://img142.imageshack.us/img142/6919/yahoo0on.gif


    I think the file got sent via ThreatSense, but I'll email it to you as well. As I said in my first post, NOD is only flagging the file when I click on the link on the Yahoo! page; when I scan it after it's been downloaded to my HD, NOD thinks it's clean. (It's AMON that's catching it as I don't use IMON)
     
    jmc777, May 27, 2006
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...