last update Sentinel Win32/Adware.LastDefender application

Discussion in 'ESET NOD32 Antivirus' started by mantra, Apr 17, 2008.

Thread Status:
Not open for further replies.
  1. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,514
    Hi
    i downloaded the last version of sentinel http://www.runtimeware.com/products_home.html

    well nod32 detect it like setup.exe - Win32/Adware.LastDefender application

    is a false allarm or is there a adware inside?

    thanks
     
  2. rdfye

    rdfye Registered Member

    Joined:
    Apr 17, 2008
    Posts:
    8
    Location:
    Valencia, CA
    I'm having the same issue with several known good exe's and have a call into support. I have a feeling it's false positives and an issue with update 3034.
     
  3. mkuntic

    mkuntic Registered Member

    Joined:
    Mar 6, 2008
    Posts:
    54
    SERIOUS ISSUE!!!

    Multiple installed applications have been dumped into Quarantine on multiple known machines! This includes, but is not limited to:
    eyebeam, PRTG traffic grapher, nmap, ultravnc

    Recent definitions are FLAWED!
     
  4. lamaslany

    lamaslany Registered Member

    Joined:
    Feb 24, 2006
    Posts:
    5
    Just had ROHOS_MINI.EXE deleted (quarantined).

    The reported threat was 'Win32/Adware.LastDefender application' detected with the definition file 3034 (20080417)


    Rohos: http://www.rohos.com/free-encryption/

    Very useful utility as it does not require administrative rights on the client and, even more importantly, it is free. I downloaded the file a few weeks ago and I'll confess I've been hesitant to trust it due to the lack of peer review so I am not sure if this is a false positive or a vindication of my paranoia! :)
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    An update with a fix will be released shortly.
     
  6. Angrandir

    Angrandir Registered Member

    Joined:
    Apr 17, 2008
    Posts:
    1
    On my PC it detected the same "infection" in HTTrack Website Copier, All Phones Data Suite (Czech communication SW for mobile phones), Gothic 1 game, PDF Password Remover, some graphic card utilities and several others. I believe that it is false positive, hope that Eset will release fixed update soon, preferably with some official explanation.
     
  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    4/17/2008 12:37:21 PM Real-time file system protection file C:\Documents and Settings\Steven Yevchak\Desktop\pg2-050918-nt.exe Win32/Adware.LastDefender application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.

    Guess we all know which one THAT is! :argh: :argh: *puppy*
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,415
    The update 3035 with a fix for this problem has just been released.
     
  9. rdfye

    rdfye Registered Member

    Joined:
    Apr 17, 2008
    Posts:
    8
    Location:
    Valencia, CA
    I just got the 3035 update... hopefully will take care of this. Very lucky here that it was mainly my system that was affected. I can't imagine having to restore files from quarantine on 100's of machines.
     
  10. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Add XviD-1.1.0-30122005.exe to the list, using update 3035. File has been submitted to Eset for further analysis.

    Is this your way of telling me that I should update to XviD 1.1.3? :p

    ***EDIT***
    It turns out that the XviD file was caught by 3034, but NOD32 updated to 3035 three minutes later. In other words, 3034 *was* the problem. I have restored the file with 3035, and it seems to work just fine now.

    Thanks for correcting the problem, Marcos and everyone else at Eset.
     
    Last edited: Apr 17, 2008
  11. lamaslany

    lamaslany Registered Member

    Joined:
    Feb 24, 2006
    Posts:
    5
    Can I ask what the cause of the problem was? (just curious how it'd pick up so many unrelated instances)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.