NOD 32 False Positive New Prevx CSI

Discussion in 'ESET NOD32 Antivirus' started by Hermescomputers, Feb 5, 2008.

Thread Status:
Not open for further replies.
  1. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Hello all... here's a sure FP...
    I downloaded the Executable as well as performed an built in update and both detected and killed by NOD32 3.0

    A scan at virus total came up clean:
    [ file data ]
    * name: PREVXCSIFREE.EXE
    * size: 621624
    * md5.: 5b3f4f9e32eafe0a975bafc596baed9d
    * sha1: 48a2770a41849ed7a9a42d0c3d00ef8ed89d293d

    Sorry, I already had it posted in the "other malware Thread"....
    https://www.wilderssecurity.com/showpost.php?p=1176615&postcount=1
     
  2. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    make sure you have letest update of eav v3 (2851)
    i download the file no any warning
     

    Attached Files:

  3. ctrlaltdelete

    ctrlaltdelete Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    318
    Location:
    NL
    I did send an e-mail about the FP to ESET support on monday.

    The download is clean on virustotal, it's prevxcsi.exe in a temp directory that triggers the heuristics.
    Or the same file if the program is installed.

    "probably a variant of Win32/Genetik trojan"

    Also detected by another AV as Generic9.AYPR and some suspicious AV's think it's Suspicious :cool:

    prevxcsi.exe
    File size: 89600 bytes
    MD5: 2e1dc859748231b6485c27d594a9331c
    SHA1: 1dec79c42237c443e93f71383ea8dbe332e3739e
     
  4. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    Strangely enough I don't get the FP with NOD2.7.o_O
     
  5. ctrlaltdelete

    ctrlaltdelete Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    318
    Location:
    NL
    Did you install the latest release (v1.2.103.196 or higher)?
    And are NOD32's heuristics enabled?
     
  6. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    The answer to both questions is Yes.
    On another machine AVG Free also 'detects' it as a threat (Trojan horse Generic9.AXPJ).
     
  7. ctrlaltdelete

    ctrlaltdelete Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    318
    Location:
    NL
    I guess version 2.7 is using another heuristics module.

    Did try to run the file on another machine with NOD32 v 3 def. 2852 and it got busted again.
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    Since this issue is/has been handled in the thread mentioned above, please hop over there.

    This thread is closed.

    regards,

    paul
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.