last update Sentinel Win32/Adware.LastDefender application

Discussion in 'ESET NOD32 Antivirus' started by mantra, Apr 17, 2008.

Thread Status:
Not open for further replies.
  1. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,153
    Hi
    i downloaded the last version of sentinel http://www.runtimeware.com/products_home.html

    well nod32 detect it like setup.exe - Win32/Adware.LastDefender application

    is a false allarm or is there a adware inside?

    thanks
     
  2. rdfye

    rdfye Registered Member

    Joined:
    Apr 17, 2008
    Posts:
    8
    Location:
    Valencia, CA
    I'm having the same issue with several known good exe's and have a call into support. I have a feeling it's false positives and an issue with update 3034.
     
  3. mkuntic

    mkuntic Registered Member

    Joined:
    Mar 6, 2008
    Posts:
    54
    SERIOUS ISSUE!!!

    Multiple installed applications have been dumped into Quarantine on multiple known machines! This includes, but is not limited to:
    eyebeam, PRTG traffic grapher, nmap, ultravnc

    Recent definitions are FLAWED!
     
  4. lamaslany

    lamaslany Registered Member

    Joined:
    Feb 24, 2006
    Posts:
    5
    Just had ROHOS_MINI.EXE deleted (quarantined).

    The reported threat was 'Win32/Adware.LastDefender application' detected with the definition file 3034 (20080417)


    Rohos: http://www.rohos.com/free-encryption/

    Very useful utility as it does not require administrative rights on the client and, even more importantly, it is free. I downloaded the file a few weeks ago and I'll confess I've been hesitant to trust it due to the lack of peer review so I am not sure if this is a false positive or a vindication of my paranoia! :)
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    An update with a fix will be released shortly.
     
  6. Angrandir

    Angrandir Registered Member

    Joined:
    Apr 17, 2008
    Posts:
    1
    On my PC it detected the same "infection" in HTTrack Website Copier, All Phones Data Suite (Czech communication SW for mobile phones), Gothic 1 game, PDF Password Remover, some graphic card utilities and several others. I believe that it is false positive, hope that Eset will release fixed update soon, preferably with some official explanation.
     
  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    4/17/2008 12:37:21 PM Real-time file system protection file C:\Documents and Settings\Steven Yevchak\Desktop\pg2-050918-nt.exe Win32/Adware.LastDefender application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.

    Guess we all know which one THAT is! :argh: :argh: *puppy*
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The update 3035 with a fix for this problem has just been released.
     
  9. rdfye

    rdfye Registered Member

    Joined:
    Apr 17, 2008
    Posts:
    8
    Location:
    Valencia, CA
    I just got the 3035 update... hopefully will take care of this. Very lucky here that it was mainly my system that was affected. I can't imagine having to restore files from quarantine on 100's of machines.
     
  10. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Add XviD-1.1.0-30122005.exe to the list, using update 3035. File has been submitted to Eset for further analysis.

    Is this your way of telling me that I should update to XviD 1.1.3? :p

    ***EDIT***
    It turns out that the XviD file was caught by 3034, but NOD32 updated to 3035 three minutes later. In other words, 3034 *was* the problem. I have restored the file with 3035, and it seems to work just fine now.

    Thanks for correcting the problem, Marcos and everyone else at Eset.
     
    Last edited: Apr 17, 2008
  11. lamaslany

    lamaslany Registered Member

    Joined:
    Feb 24, 2006
    Posts:
    5
    Can I ask what the cause of the problem was? (just curious how it'd pick up so many unrelated instances)
     
Thread Status:
Not open for further replies.