No Answer from support@eset.sk

Discussion in 'NOD32 version 2 Forum' started by Blackspear, May 27, 2004.

Thread Status:
Not open for further replies.
  1. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Both myself and a client sent the following zipped file that comes up as a trojan, to support@nod32.com and support@eset.sk last week and have yet to receive a reply as to if this is a false positive or not?

    Cheers :D
     

    Attached Files:

  2. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I think Eset's system is really messed up. Recall I was impressed recently that I got a response from support within one hour and then a follow up "how did we do" survey the next day? Well, one week later, I got an email from Eset tech support stating that my request had been read! Huh? And this last email did not come from the technician who replied so swiftly a week earlier.

    This response I got was one of those auto responses in reply to my Outlook Express which I have set to ask for a reply when the email is read. So, somehow, it looked to Eset like my email had not been opened by anyone in a week even though it was opened, read and replied to within an hour of my sending it.

    My conclusion is that Eset has a very poor system for tracking incoming support requests and must loose a lot of them or have them go into some obscure place where a techinician may or may not find them weeks later and reply or not reply and not know if another tech has found the email in the meantime and replied....very poor setup I suspect. I think your request and your client's got lost in this mess.
    It was Marcos or Anders who recently commented in a thread here that this terrible system is in the process of being overhauled so hopefully support won't be so hit or miss in the future.
     
  3. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hi Blackspear and Mele,

    >Both myself and a client sent the following zipped file that comes up as a trojan, to support@nod32.com and support@eset.sk last week and have yet to receive a reply as to if this is a false positive or not?

    Thanks for sending the file. Anyway, the address for sending suspicious files (that might be viruses) and possible false alarms is not support@eset...., but samples@eset.com - there a filter on support@eset.... for the mails that are assigned as infected - so it's possible your message was filtered - sorry for that. Please send such mesages to samples@eset.com in the future, if possible.

    >system is in the process of being overhauled so hopefully support won't be so hit or miss in the future.

    You are right - sorry for the troubles - a new more sophisticated system is going to be applied shortly.

    Thanks, :)

    jan
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Jan, I was advised by Rod from Nod32 Australia to send the file to support@eset.sk with the file zipped and subject marked "Urgent".

    I still have no answer as to if the file is infected or it is a false positive.

    Cheers :D
     
  5. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Blackspear,

    Well, since Jan is from Eset HQ - seems best to follow his advice ;)

    regards.

    paul
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Paul, pretty sure it was sent to samples, not support as I posted above...

    I'll have to check my sent items folder at work.

    I'm going to resend the file, as both the customer and I would like to know if it is a false positive, pretty sure it will be, being that the file is found in Sun Java.

    Cheers :D
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,722
    Location:
    Texas
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Many thanks yet again Ronjor, so after all this they are known Trojans and Worms. With Mr Bandicoot's help, Eset has just replied to my email and advised me that they are indeed "little nasties" :rolleyes:

    From the link you posted:

    SYMPTOM(S)

    Malicious applets have been discovered in the JRE cache directory. Anti-virus programs have detected such malicious applets in the following directory:

    C:\Documents and Settings\<username>\Application Data\Sun\Java\Deployment\cache\javapi\v1. 0\jar\

    These malicious applets are designed to exploit vulnerabilities in the Microsoft VM (Microsoft Security Bulletin MS03-011).

    If you are using the Sun JVM™ as your default virtual machine, these malicious applets cannot cause any harm to your computer.


    CAUSE

    When the browser runs an applet, the JRE stores all the downloaded files into its cache directory for better performance. We have received reports of the following malicious applets in the cache directory:

    Trojan.ByteVerify
    VerifierBug.class
    Java.JJBlack worm
    Java.Shinwow trojan
    However, in this instance, storing these applets in the cache directory can not cause any harm to your computer because they are designed to exploit a vulnerability in the Microsoft VM, not the Sun JVM.


    SOLUTION

    If you find one of these malicious applets on your computer, please use an anti-virus program to delete the applet, or you can clean the cache directory manually.

    Here are the instructions on how to manually remove these malicious applets from the JRE cache directory:

    From the Start button, click Settings > Control Panel
    In the Control Panel, open the "Java Plug-in Control Panel"
    Select the Cache Tab
    Click the Clear button inside the Cache Tab, which will clear your JRE cache directory
    To enable the Sun Java™ Virtual Machine as the default JVM, please refer to:

    http://java.com/en/download/help/switchvm.jsp

    Cheers :D
     
Thread Status:
Not open for further replies.