NIS 2004 > ISSTE.dll as a virus

Discussion in 'NOD32 version 2 Forum' started by backfolder, Jun 26, 2004.

Thread Status:
Not open for further replies.
  1. backfolder

    backfolder Registered Member

    Joined:
    May 25, 2004
    Posts:
    72
    Location:
    Spain
    Last night I´ve had a NOD32 vir warning. It aplies at Norton IS 2004 (firewall, not AV): ISSTE.dll > CRYPT.WIN32 Virus
    The FW hangs, and I need to restart my computer. After that I´ve just scan again that directory and nothing´s found.
    I´ve just added that directory to a temporary not scan option. But don´t know if this could be correct.
    Any sugestions?

    backfolder.-
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi BF, can you send a copy of your scan log to support@nod32.com if it is a false positive they will let you know and fix it in the next update or so...

    Cheers :D
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    Here is a discussion on isste.dll
    Link

    Appears to be a false alarm. I would wait for Eset's reply to be sure.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hi Backfolder,
    I received the file in question, but my AMON didn't detect anything in it, even with AH enabled and the heuristics sensitivity set to deep. Please make sure your NOD32 is up to date.
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Marcos, from the link provided by Ronjor, it appears to be a false positive.

    Cheers :D
     
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Um, yeah but... o_O

    That thread says KAV detected that file as a false positive, not NOD32. And the KAV folks fixed it so it doesn't detect anymore. And, in this thread Marcos has a copy of the file from backfolder, and it is not being detected as a false positive by a current NOD32. So, either backfolder really got an alert from KAV, or as Marcos suggests they might have an out of date NOD32.
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    That is why I mentioned Eset in the reply. It does state in the discussion that the file in question is part of the program being discussed.
     
  8. backfolder

    backfolder Registered Member

    Joined:
    May 25, 2004
    Posts:
    72
    Location:
    Spain
    Well, this happend to me in two diferent machines this same week. This mine and one of a friend. The thing is that the Virus Definition is 1.795 (20040625) in my machine. And also updated im my friend´s machine to any previous. The effect is NIS get disabled and you exposed to the damages of the net.
    - My pc: NIS04 yet installed, and then/over NOD32, get this warning.
    - The guy: NOD32 yet installed, and then/over NIS04, and get this warning. Result is corrupted installation of the rest of NIS and then you need to uninstall, disable AMON - NOD32, and reinstall.

    KAV Online says:
    ---------------
    Scanned file: ISSTE.dll

    ISSTE.dll - packed with XLok
    ISSTE.dll - OK

    Strange NOD behavior, never happend before.

    Thanks anyway to all.
    backfolder.-
     
    Last edited: Jun 26, 2004
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hey LWM, I caught that ;) It just looked like there was an issue regarding that particular file and Kav, and there appears still to be a problem while installing with Nod on a system, maybe this is the only way the problem can be replicated?

    Cheers :D
     
  10. DonKid

    DonKid Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    566
    Location:
    S?o Paulo, Brazil
    Hi Folks,

    I have the same problem with false positive, but installing the last version of Nero 6.3.1.17.

    Any ideas ?
     
  11. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas

    Look here.
     
  12. DonKid

    DonKid Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    566
    Location:
    S?o Paulo, Brazil
    Thanks a lot for your help.

    Best Regards,

    DonKid.
     
  13. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    You're welcome DonKid.
     
Thread Status:
Not open for further replies.