NOD32 alerts on Spyware Doctor v6

Discussion in 'ESET NOD32 Antivirus' started by ron_c, Jan 16, 2009.

Thread Status:
Not open for further replies.
  1. ron_c

    ron_c Registered Member

    Joined:
    Jan 16, 2009
    Posts:
    21
    Two days ago I updated my Spyware Doctor Antispyware program from v 5.1 to v6.0 (not Beta), both programs without Antivirus. The first time I ran SD I received an alert from NOD32 stating that "Event occurred on a new file created by the application C:\ProgramFiles\SpywareDoctor\pctsSvc.exe. The file was moved to quarantine". The file is SpywareDoctor\avdb\temp\CB20D02.vbt and is a variant of Win32/TrojanDownloader.FakeAlert.KDTrojan.

    I posted in the PCTools Forum and told them what had happened and this is their responce "This is a false positive by NOD32. Please report it as so. That file is part of the antivirus definitions/signatures for Spyware Doctor. You can get this file by performing a Smart Update". (Not using Antirivus in SD, NOD32 only).

    I have since ran three more scans by Spyware Doctor and each time I get the same alert from NOD32 except the file has a different name.
    1st scan - CB20D02.vbt
    2nd scan - 52858E63.vbt
    3rd scan - ICF62B57.vbt
    4th scan - F9AFE9B2.vbt
    I have checked in SD\acdb\temp folder before each scan and the folder is empty. So, it is only when SD is scanning.

    I tried to reply to my post in SD Forum but I can't reply. Says it is locked. Guess as far as they are concerned the matter is closed and not their problem.

    If this is any help I'm using XP Pro. Any ideas or suggestions?
    Update: forgot to mention, I'm using v2.7.
     
    Last edited: Jan 16, 2009
  2. Rmuffler

    Rmuffler Former Eset Moderator

    Joined:
    Jun 26, 2008
    Posts:
    995
    Location:
    San Diego, CA USA
  3. ron_c

    ron_c Registered Member

    Joined:
    Jan 16, 2009
    Posts:
    21
    Problem Resolved.

    Every time I would start Spyware Doctor (v6.0) NOD32 would alert me about 3 to 4 minutes into the scan. Finally saw in the Scanning Entry of SD that when it reach a folder I named Downloaded Programs, I would get the alert. The Downloaded Programs folder is where I store all downloaded programs that I would Save and then later Run. By removing a few folders at a time and rescanning with SD, I located which folder was causing the problem. It was the folder I named NOD32 which has the installer icons for v2.7 and v3.0 (using v2.7 right now haven't removed this version and installed v3.0 as yet) By removing these installer icon the alert has stopped. I have run about 5 scans with SD until after it scans the Downloaded Programs and no alert and it appears, I hope, to have sloved the problem. Will probabaly put the NOD32 folder back in the Downloaded Programs folder and add to the Global Action List in SD. Don't understand why this is so, but don't really need the installer icons any way. Still don't know why NOD32 alerted me while installing Spyware Doctor v6.0 but every thing seems to working ok for now.
     
  4. Kidd

    Kidd Registered Member

    Joined:
    Apr 12, 2009
    Posts:
    1
    Hi all first post on this forum,
    Since wednesday 8-4-09 when running a full scan with Spyware Doctor (without A/V), McAfee Security Center removes files from Spyware Doctor\avdb\temp to quarantine and flags them as 'W32/Waledac.gen.1'
    I sent some of the files to McAfee and received emails that the files were infected but I've run full scans with most of the usual progs with nothing detected. o_O
    The folder Spyware Doctor\avdb\temp is always empty so it must be something S/D is placing there but S/D never detects anything and this problem only occurs on a full scan not a quick scan.
    I assume these are false positives?
    Ive been using S/D & McAfee for a few years now with no problems.

    Kidd
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    It sounds like S/D decompresses files to the temp folder at which point are detected by real-time protection. That's one of the reasons why running more scanners at a time may cause certain problems.
     
Thread Status:
Not open for further replies.