NOD32 detected virus in a file hosted by Sourceforge mirror.

Discussion in 'NOD32 version 2 Forum' started by spacenoxx, Aug 23, 2007.

Thread Status:
Not open for further replies.
  1. spacenoxx

    spacenoxx Registered Member

    Joined:
    Feb 22, 2006
    Posts:
    7
    The file is a OCSNG Windows client and the URL is:
    ht tp://internap.dl.sourceforge.net/sourceforge/ocsinventory/OCSNG_WIN32_AGENT_1.01_repack.zip

    It was deteced as Win32/Adware.HitVirus application. However I have my doubts regarding this. Could you please check the file from the above link and verify whether it really has an adware.hitvirus in it or not?

    Thanks,
     
    Last edited by a moderator: Aug 23, 2007
  2. spacenoxx

    spacenoxx Registered Member

    Joined:
    Feb 22, 2006
    Posts:
    7
  3. Megachip

    Megachip Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    243
    Submit the file to support (at) eset.com with the subject "false positive" or use the webformular at www.eset.com or the build in feature in nod.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It looks like you didn't allow the file to be distributed by Virus Total. Please encrypt it with WinRAR/ZIP, protect with the password "infected' and send it to samples[at]eset.com with this thread's url in the subject.
     
  5. spacenoxx

    spacenoxx Registered Member

    Joined:
    Feb 22, 2006
    Posts:
    7
    I dont have to "allow' it as you put it. Its on a public mirror and I gave the URL in the first post. However if it is required that I send it through mail, I will.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Ah, sorry, my Opera showed "illegal-url-5" in the tooltip :) I'll download it right now and give it a check.
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    NOD32 flags the file KillProcDLL.dll as infected which is partially true as the dll serves for killing processes. However, it's used by legit programs so we will consider removing detection.
     
  8. spacenoxx

    spacenoxx Registered Member

    Joined:
    Feb 22, 2006
    Posts:
    7
    Thanks a lot. I placed an order for NOD32 for our entire company yesterday and also evaluating the product on my notebook. I then noticed this false positive right after placing the order.

    Had to convince quite a few poeple in the organisation as to why we are not going for a 'known' brand. I really didnt want false postives, but as long as they are corrected its absolutely fine :D
     
Thread Status:
Not open for further replies.