JS/Exploit.CVE-2008-0015.A.Gen trojan [FP] *? *

Discussion in 'ESET NOD32 Antivirus' started by siljaline, Jul 7, 2009.

Thread Status:
Not open for further replies.
  1. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Threat details:
    Other members of DSL Reports are reporting the same Flag, it would be appreciated if this could be investigated as soon as possible

    Thanks.
     

    Attached Files:

    Last edited by a moderator: Jul 7, 2009
  2. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    * Bump *

    Same here, Silj !

    ESET, please look at this.

    This is happening on a thread at the DSLR/BBR Security Forum !

    NOD32 V2 :
    NOD32 antivirus system information
    Virus signature database version: 4222 (20090707)
    Dated: dinsdag 7 juli 2009
    Virus signature database build: 16262

    Information on other scanner support parts
    Advanced heuristics module version: 1091 (20090309)
    Advanced heuristics module build: 1200
    Internet filter version: 1.002 (2004070:cool:
    Internet filter build: 1013
    Archive support module version: 1088 (20090702)
    Archive support module build version: 1231

    Information about installed components
    NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Base
    Version: 2.70.39
    NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Internet support
    Version: 2.70.39
    NOD32 for Windows NT/2000/XP/2003/Vista/x64 - Standard component
    Version: 2.70.39
     
  3. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    & Other DSLR Users. :shifty:
     
  4. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
    Hello siljaline,

    I have taken the file that appears as a threat and uploaded to Virus Total to see if we are the only company flagging it. One other is detecting it, eTrust-Vet as JS/Dish!exploit. I have submitted the file to our virus lab for analysis so we can try and get it resolved.
     
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Thank you, Wayne.
    I was going to post this to the DSLR board but advised a Mod of the Security Forum of this occurence so that they are aware.
    Edit >
    Perhaps this is why NOD is flagging the URL due to the reference ? Speculation, yet a possibility.
    http://www.securityfocus.com/bid/35558
     
    Last edited: Jul 7, 2009
  6. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hi Randy, my friend,

    Just only a suggestion ;) :
    Perhaps it would have been better to post that in a new posting in this thread. In that way it is easier to keep track of things ;)
     
  7. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Noted, thanks ;)
     
  8. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Trojan alert on DSLR, wouldn't be the first time !

    It was with another AV though, and then verified as a nasty by 2 very respected vendors after the file was sent to them. So in that case not a FP.
     
  9. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    All alerts i have seen on DSLR were due to faulty AV detection that needed tweaking. What case are you talking about?
     
  10. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Can't remember exactly, but it did happen.
     
  11. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hi StevieO,

    I'm not so sure whether you're right here, to say the least.....

    About the current issue:
    It could very well be that a "code" in that thread is causing EAV/NOD32 to jump up, causing a FP.

    I wouldn't jump to conclusions too soon. Let's give the AV companies time to look at it.
     
  12. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    FanJ

    Hi how are you ?

    I totally agree with you, about the current issue: It could indeed very well be some code" in that thread that's causing EAV/NOD32 to jump up, causing a FP.

    Regards
     
  13. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    there is code in this post but it can't and does not represent danger
    xttp://www.dslreports.com/forum/r22665691-
     
  14. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  15. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hi Stevie,
    Thanks ! I'm OK. ;)

    Hi Cudni,
    Thanks !
    I didn't have the time to have a closer look.

    Hi Randy,
    Thanks !
     
  16. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    I think at this juncture we should just let the minds-that-be at ESET figure
    out what this is and wait and see. :cool:
    Samples have been submitted galore, et alia....
     
  17. Dude111

    Dude111 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    212
    Well the same code the virus uses is posted on page 2 of that thread and AV's are not smart enough to realize that so they take action!
     
  18. BedreAntivirus

    BedreAntivirus Registered Member

    Joined:
    Mar 11, 2008
    Posts:
    92
    real men dont use evil internet explorer :D
     
  19. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
Thread Status:
Not open for further replies.