NOD32 considers WPESPY.DLL A THREAT

Discussion in 'NOD32 version 2 Forum' started by whistl3r, May 23, 2006.

Thread Status:
Not open for further replies.
  1. whistl3r

    whistl3r Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    69
    I have attempted to add wpespy.dll to the exclusions list, but NOD32 still recognizes it being a threat and kills the application. My only choice so far is to remove NOD32.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It seems to be part of a sniffer. Is it detected with potentially dangerous applications disabled?
     
  3. whistl3r

    whistl3r Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    69
    I believe I added it to the exclusion list from potentially dangerous applications, but did not try disabling it. I'll have to try that next time.
     
  4. whistl3r

    whistl3r Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    69
    Ok this time i've noted what I've done:

    1st Step
    AMON: (Disabled the Following)
    Heuristics
    AdwareSpyware/Riskware
    Potentially dangerous applications (disabled by default)

    Additional Options: (Disabled the Following)
    Runtime packers
    Advanced heuristics

    Added exclusions to:
    Added full path where WpeSpy.dll is located
    Added WpeSpy.dll as an individual exclusion by file.

    WpeSpy.dll still detected after these steps were performed, even after a recycle.

    2nd Step:
    Disabled AMON, this time WpeSpy.dll was not detected. I find this interesting, prior to uninstalling NOD32, NOD detected WpeSpy's presence even after disabling AMON. So disabling AMON did not work or adding exclusions so I went ahead and killed nod32krn.exe, and prevented the krn from restarting and reinstalling as a service. NOD still wouldn't allow the file to copy over and system errors were generated stating the file was either in use or the disk was full, I thought to myself, thats literally impossible, WpeSpy.dll is not an harmful file, it sniffs packets, the files not even actively running, nothing harmful about it, unless nod32krn.exe somehow, even after being disabled, was preventing my system from reading the drive and the file. Hey, least we can say NOD works as intended, in some ways. But this seems odd.

    I guess no harm no foul. Seems to be working as it should now :)
     
    Last edited: May 23, 2006
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thanks for letting us know, no doubt it will help someone in the future.

    Cheers :D
     
Thread Status:
Not open for further replies.