Is this a false/positive from NOD32?

Discussion in 'NOD32 version 2 Forum' started by Atomas31, Jun 16, 2005.

Thread Status:
Not open for further replies.
  1. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Hi,

    Since at least two weeks NOD32 found an adware call Hotbar at the following location : c:\Program Files\Your uninstaller 2004\HbUninst.exe

    Is this a false/positive or a legit nasty that I should get rid off?

    Thank you,
    Atomas31
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hotbar is a legit nasty and can be removed.

    Cheers :D
     
  3. PlexShaw

    PlexShaw Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    62
  4. divedog

    divedog Registered Member

    Joined:
    Jun 7, 2004
    Posts:
    265
    Location:
    Seabeck WA
    I had the same problem with uninstaller 2004. I have since removed it. I am now using advanced uninstaller.
     
  5. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    I have check on the site Plexshaw has given and the file tag as hotbar doesn't correspond to those on this siteo_O?

    Your uninstaller! 2004 is a legit program and no anti-spyware or anti-adware detecting anything in it so, how can NOD32 detect an adware in it? My system has no strange behavior and I have no additional and undesired bar in any of my programo_O

    Thank you,
    Atomas31
     
  6. dog

    dog Guest

    If you want to recheck the file either, run an online scan or upload it to jotti's - http://virusscan.jotti.org/

    Your Uninstaller 2004 by ursoftware looks like a legit program - so I'd test the file a jotti's
     
  7. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    I upload the file to Jotti and 5 anti-virus found the files has being Hotbar and 8 indicated that they found nothingo_O?

    Even there what can I trust? Should I trust some anti-virus (the majority telling me that they found nothing) telling me that they found an Adware or my anti-spyware that telling me that they are no adware or spyware on my systemo_O?

    Thanks,
     
  8. dog

    dog Guest

    Send the file to Eset (samples@eset.com) and ask them to recheck the findings. ;) (zip the file and lock the archive with the password infected)

    You could do the same with the other AV's that tagged it at Jotti's. :doubt: ... If nothing is amiss I'd leave it for now, until you here something back. Unless you don't use the program, then I'd uninstall it, and rescan.
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Before you submit the file, be sure that the file is still picked up with the latest virus signature database (currently 1.1143)
     
  10. Eng

    Eng Guest

    Hi folks,

    I tend to think that it's a false positive because if I correctly understand to what is stated in the product intro, YU 2004 boasts to be capable of removing HotBar virus and HbUninst.exe should be the clue, hopefully. I can't testify it as my comp is clear, thank goodness.

    NOD has discovered the file during ad-aware scan and quarantined it. So, I am also keen to get know the result of HbUninst.exe assessment.

    BTW, apart above, YU 2004 is really great tool which after intensive using I trust to.

    Regards,
    Eng
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thanks Eng.

    Cheers :D
     
  12. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Hi,

    You are right Eng, Your uninstaller 2004 have in option to uninstall Hotbar wich like you said may be the reason of HbUninst.exe.

    So do I have to send it anyway to ESET and if yes, how do I do that exactly and without removing the file since it is not actually Hotbat but the uninstaller of Hotbar using by Your uninstaller 2004?

    Marcos : I just did a scan with the latest update and yes, NOD32 still pick this file in c:\program files\Your uninstaller 2004\HbUninst.exe as the adware call Hotbar.

    Thank you,
    Atomas31
     
  13. Eng

    Eng Guest

    dog has written this in his post #8 above, so zip, lock and send the HbUninst.exe to ESET for evaluation ... I am becoming more convinced that the might be a false positive because NOD has labelled the file as an infiltration variety of Win32/Adware.HotBar application instead of a real virus. Anyway, I am curious what the result is in the end.

    Regards,
    Eng
     
Thread Status:
Not open for further replies.