JS/Exploit.CVE-2008-0015.A.Gen trojan [FP] *? *

Discussion in 'ESET NOD32 Antivirus' started by siljaline, Jul 7, 2009.

Thread Status:
Not open for further replies.
  1. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Threat details:
    Other members of DSL Reports are reporting the same Flag, it would be appreciated if this could be investigated as soon as possible

    Thanks.
     

    Attached Files:

    Last edited by a moderator: Jul 7, 2009
  2. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,113
    * Bump *

    Same here, Silj !

    ESET, please look at this.

    This is happening on a thread at the DSLR/BBR Security Forum !

    NOD32 V2 :
    NOD32 antivirus system information
    Virus signature database version: 4222 (20090707)
    Dated: dinsdag 7 juli 2009
    Virus signature database build: 16262

    Information on other scanner support parts
    Advanced heuristics module version: 1091 (20090309)
    Advanced heuristics module build: 1200
    Internet filter version: 1.002 (2004070:cool:
    Internet filter build: 1013
    Archive support module version: 1088 (20090702)
    Archive support module build version: 1231

    Information about installed components
    NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Base
    Version: 2.70.39
    NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Internet support
    Version: 2.70.39
    NOD32 for Windows NT/2000/XP/2003/Vista/x64 - Standard component
    Version: 2.70.39
     
  3. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    & Other DSLR Users. :shifty:
     
  4. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
    Hello siljaline,

    I have taken the file that appears as a threat and uploaded to Virus Total to see if we are the only company flagging it. One other is detecting it, eTrust-Vet as JS/Dish!exploit. I have submitted the file to our virus lab for analysis so we can try and get it resolved.
     
  5. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Thank you, Wayne.
    I was going to post this to the DSLR board but advised a Mod of the Security Forum of this occurence so that they are aware.
    Edit >
    Perhaps this is why NOD is flagging the URL due to the reference ? Speculation, yet a possibility.
    http://www.securityfocus.com/bid/35558
     
    Last edited: Jul 7, 2009
  6. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,113
    Hi Randy, my friend,

    Just only a suggestion ;) :
    Perhaps it would have been better to post that in a new posting in this thread. In that way it is easier to keep track of things ;)
     
  7. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Noted, thanks ;)
     
  8. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Trojan alert on DSLR, wouldn't be the first time !

    It was with another AV though, and then verified as a nasty by 2 very respected vendors after the file was sent to them. So in that case not a FP.
     
  9. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    All alerts i have seen on DSLR were due to faulty AV detection that needed tweaking. What case are you talking about?
     
  10. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Can't remember exactly, but it did happen.
     
  11. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,113
    Hi StevieO,

    I'm not so sure whether you're right here, to say the least.....

    About the current issue:
    It could very well be that a "code" in that thread is causing EAV/NOD32 to jump up, causing a FP.

    I wouldn't jump to conclusions too soon. Let's give the AV companies time to look at it.
     
  12. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    FanJ

    Hi how are you ?

    I totally agree with you, about the current issue: It could indeed very well be some code" in that thread that's causing EAV/NOD32 to jump up, causing a FP.

    Regards
     
  13. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    there is code in this post but it can't and does not represent danger
    xttp://www.dslreports.com/forum/r22665691-
     
  14. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  15. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,113
    Hi Stevie,
    Thanks ! I'm OK. ;)

    Hi Cudni,
    Thanks !
    I didn't have the time to have a closer look.

    Hi Randy,
    Thanks !
     
  16. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    I think at this juncture we should just let the minds-that-be at ESET figure
    out what this is and wait and see. :cool:
    Samples have been submitted galore, et alia....
     
  17. Dude111

    Dude111 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    212
    Well the same code the virus uses is posted on page 2 of that thread and AV's are not smart enough to realize that so they take action!
     
  18. BedreAntivirus

    BedreAntivirus Registered Member

    Joined:
    Mar 11, 2008
    Posts:
    92
    real men dont use evil internet explorer :D
     
  19. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,619
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.