NOD 32 and Side Step travel software

Discussion in 'NOD32 version 2 Forum' started by Salamander, Oct 24, 2005.

Thread Status:
Not open for further replies.
  1. Salamander

    Salamander Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    41
    I've been testing NOD 32 on my system. One problem - I have Side Step travel software on my system (it integrates with IE) and NOD32 insists it is dangerous malware. The only options I appear to have are (a) quarantine it, (b) delete it or (c) keep getting annoying messages about it from NOD32. Is there a way to tell it I want it to accept Side Step and quit warning about it?
     
  2. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    If you know the files involved, you can set up an exclusion for it in AMON. Go to AMON --> Setup --> Exclusions to do this.

    Excluding Side Step from full system scans is a bit trickier. I do not know of a way to exclude a file from the full system scans. The ability to do this has been added to the "Future CHanges to NOD32" wishlist sticky at the top of this forum.
     
    Last edited: Oct 24, 2005
  3. Salamander

    Salamander Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    41
    I tried to exclude it in AMON. The problem is that in my C drive it shows as an application, and when I try to exclude it as either a folder or file, it shows as a shortcut to IE. (There is a side step icon on my IE bar).
     
  4. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Do you mean the Side Step icon is at the same level as the "Back", "Forward", "Stop", "Refresh"... buttons, but at the right side of the browser? That could be a browser extension, in the form of a .dll file.

    Do you by any chance have WinXP SP2? If so, Microsoft added a new feature to Internet Explorer that helps you manage these add-ons. In Internet Explorer, go to Tools --> Internet Options.... Go to the Programs tab, and click the "Manage Add-ons" button at the bottom. This will bring up a list of add-ons and associated files. Look for Side Step and its associated files. Once you figure out which file is used for Side Step, try adding that to your AMON exclusions.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'd suggest that you send the file to samples[at]eset.com for analysis. If it doesn't do anything malicious it's possible that we'll remove detection.
     
  6. Salamander

    Salamander Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    41
    Tried that. It shows up as a browser extension, but doesn't have a file listed.
     
  7. Salamander

    Salamander Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    41
    I can't find the dll file associated with Side Step. Is there anyway you can check out Side Step software without a file from me?
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Can you please send Eset a link.

    Cheers :D
     
  9. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    In a way it never did anything malicious but was considered in some circles as Spyware. Today some authorities in this area have changed their respective positions including Andrew Clover of doxdesk.

    This link---> SideStep

    If you need more info let me know Marcos.
     
  10. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Hang on, I found the file. I downloaded and installed the application myself just so I could take a peak. Add the following file to your AMON Exclusions:

    C:\Windows\Downloaded Program Files\SbCIe02a.dll

    You cannot navigate to this file using the Windows Explorer (because Downloaded Program Files is a special system folder), but you navigate to it just fine using the Command Prompt. Just cut and paste the filename given above into the AMON Exclusion list. I tried it myself, and it works! :)

    Since I already have all the pertinent info, I will go ahead and send the link and files to Eset myself.
     
    Last edited: Oct 25, 2005
  11. Salamander

    Salamander Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    41
    Thanks all of you!!!

    Oops. I tried it, and I still get a warning every time I open IE.
     
    Last edited: Oct 25, 2005
  12. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    That's strange. I have tried it on two different computers, and it works fine for me both times. o_O Is this what it looks like when you add the exclusion? (note that the entire path does not fit in the screenshot)
     

    Attached Files:

  13. Salamander

    Salamander Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    41
    I tried it using the file you posted. I kept getting a message about a file with the word conflict in the name. I found a folder in the downloaded program files with conflict as the name of the folder. It had some files that appeared to have been put in there by NOD 32. I clicked on the dll files in that folder, and excluded them. So far, that appears to have done the trick.
     
  14. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Sounds good. :)

    In case you were wondering, the "CONFLICT" folder gets created if the ActiveX installation program detects a file with the same name already present. It sounds like you already had this file in your "Downloaded Program Files" folder, and then you reinstalled Side Step. The reinstallation uses the new file in the "CONFLICT" folder.

    http://support.microsoft.com/default.aspx?scid=kb;en-us;196150

    What other .dll files did you add to the exclusion list, out of curiosity? SbCIe02a.dll is the only one used by Side Step. The others must be used by other programs. If you are not sure what they are for, you can right-click on the .dll file, go to Properties, and look at the info in the Version tab.
     
  15. Salamander

    Salamander Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    41
    The other files had the same name except without the Conflict portion. Again, thanks for your help.
     
Thread Status:
Not open for further replies.