NOD 32 False Positive New Prevx CSI

Discussion in 'ESET NOD32 Antivirus' started by Hermescomputers, Feb 5, 2008.

Thread Status:
Not open for further replies.
  1. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Hello all... here's a sure FP...
    I downloaded the Executable as well as performed an built in update and both detected and killed by NOD32 3.0

    A scan at virus total came up clean:
    [ file data ]
    * name: PREVXCSIFREE.EXE
    * size: 621624
    * md5.: 5b3f4f9e32eafe0a975bafc596baed9d
    * sha1: 48a2770a41849ed7a9a42d0c3d00ef8ed89d293d

    Sorry, I already had it posted in the "other malware Thread"....
    https://www.wilderssecurity.com/showpost.php?p=1176615&postcount=1
     
  2. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    make sure you have letest update of eav v3 (2851)
    i download the file no any warning
     

    Attached Files:

  3. ctrlaltdelete

    ctrlaltdelete Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    318
    Location:
    NL
    I did send an e-mail about the FP to ESET support on monday.

    The download is clean on virustotal, it's prevxcsi.exe in a temp directory that triggers the heuristics.
    Or the same file if the program is installed.

    "probably a variant of Win32/Genetik trojan"

    Also detected by another AV as Generic9.AYPR and some suspicious AV's think it's Suspicious :cool:

    prevxcsi.exe
    File size: 89600 bytes
    MD5: 2e1dc859748231b6485c27d594a9331c
    SHA1: 1dec79c42237c443e93f71383ea8dbe332e3739e
     
  4. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    Strangely enough I don't get the FP with NOD2.7.o_O
     
  5. ctrlaltdelete

    ctrlaltdelete Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    318
    Location:
    NL
    Did you install the latest release (v1.2.103.196 or higher)?
    And are NOD32's heuristics enabled?
     
  6. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    The answer to both questions is Yes.
    On another machine AVG Free also 'detects' it as a threat (Trojan horse Generic9.AXPJ).
     
  7. ctrlaltdelete

    ctrlaltdelete Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    318
    Location:
    NL
    I guess version 2.7 is using another heuristics module.

    Did try to run the file on another machine with NOD32 v 3 def. 2852 and it got busted again.
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Since this issue is/has been handled in the thread mentioned above, please hop over there.

    This thread is closed.

    regards,

    paul
     
Thread Status:
Not open for further replies.