NOD saved me yet again

Discussion in 'NOD32 version 2 Forum' started by Brian N, Sep 23, 2005.

Thread Status:
Not open for further replies.
  1. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Having recently just downloaded the Starship Troopers demo, I felt like cheating a little - So I found a trainer for the demo from gamecopyworld, which usually never host malicious files, and NOD pops up with a warning:

    http://img391.imageshack.us/img391/5531/nod321pb.gif

    I then upload it to Virustotal to see if it's a F/P which I think it isn't:

    http://img165.imageshack.us/img165/7938/virustotal6yk.gif

    All the popular gaming sites such as gaminhell, gamespot, IGN are hosting this file,
    and NOD pops up from each and every one of them :cool:

    Gotta love that!
     
  2. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England

    Just about any places that deals with cheats, no-cd-cracks, serial cracks, etc...has bad stuff, GCW has been notorious for those like the others.
     
  3. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Good to hear it bagged the bugger for ya though! :D
     
  4. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    This is actually a false positive from NOD32 (and few others).
    The KeyHook part is watching over Trainer keys you press while you play the game (and you want to cheat). But some AVs detect it as malware.
    I know coz i got such warning a year ago or so.
     
  5. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Hmm.. There are actually a txt file included that talks about this, didn't even see that.. Also my german is rusty, so I have no idea what it says :p
     

    Attached Files:

  6. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    A rusty babelfish translation:



    Babel Fish Translation Help

    In English:
    - Trojan.Keylogger.HotKeysHook.A - the most famous false alarm Some years ago this file was falsely classified of the virus software AvP as Trojaner, removed after two days however again (on my intervention by the way). Since many smaller anti-virus programs take over simply their data base, this Mismeldung did not spread racing fast, unfortunately all programs the virus sample had again removed (most to have it however done). Straight lately some scanners the message took up stupid way again. Thus here still times completely clearly: World-wide the furthest common coach production software TMK coach Maker kit uses an algorithm, which looks like a Keylogger. Is also somehow in obvious, because in the long run coach makes nothing different one than keystrokes into a program to transfer. I assume times, everyone, which used already times a coach of this kind, have the pertinent file H@tKeysH@@k.DLL in the Windows/System32-Ordner to lie. , is however no safety risk looks piratenmaessig.
     
  7. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    hmm.. Think I'll submit it to Eset so they can fix it.
    Thanks for the translation ;)
     
  8. yaslaw

    yaslaw Registered Member

    Joined:
    Feb 27, 2005
    Posts:
    167
    Location:
    Poland
    Today I had a similar story.. I download a file setup.exe via p2p... I thought that it's a FP but I was wrong ;(( By my fault I was infected by new virus...
     

    Attached Files:

    Last edited by a moderator: Sep 24, 2005
  9. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Congratulations to ESET.. They heuristics saves the day again. ;)
     
  10. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Hmm .. Still detects it as a trojan
     
Thread Status:
Not open for further replies.