Nod32 detects all .exe files from any games as a potential viruses

Discussion in 'ESET NOD32 Antivirus' started by Leschy, May 22, 2008.

Thread Status:
Not open for further replies.
  1. Leschy

    Leschy Registered Member

    Joined:
    Sep 23, 2007
    Posts:
    55
    Location:
    Munich
    hi all,

    i ran a full system scan today and yesterday. yesterday, everything worked fine, no detections. today nod32 v3.0.650.0 detects alle .exe files from any games as potential viruses. i.e. .exe files from fear, rainbow six 2, jericho, etc. are there any bugs in the new signatures? signatures are used in version 3118 (20080521)

    potential unsafe applications and potential unwished applications are ticked.

    i will send the files to threatsense. do you have any suggestions for me, what to do else? did anybody else do this experience?

    thx for help, leschy
     
  2. dorgane

    dorgane Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    362
    Yes my nod32 detect Battle Field 2 ( a game) with potential unknow virus...

    I send bf2.exe at sample[at]eset.com and i wait ;)
     
  3. bafranksbro

    bafranksbro Registered Member

    Joined:
    May 22, 2008
    Posts:
    8
    Yes it found BF2142 as an unknown virus on me. The false detection are so problematic it's caused my computer to lockup twice and I had to do hard reboots. I've disabled NOD32 until this is fixed.
     
  4. Leschy

    Leschy Registered Member

    Joined:
    Sep 23, 2007
    Posts:
    55
    Location:
    Munich
    thx for your answers, i think nod detects all .exe files from any games whitch need access to the internet. hope they will fix this bug, cannot work so.
     
  5. bafranksbro

    bafranksbro Registered Member

    Joined:
    May 22, 2008
    Posts:
    8
    Weird thing is that my Vista Laptop that's using the older version of NOD32 is not having this problem but my desktop running XP is unusable with NOD32 enabled.
     
  6. Leschy

    Leschy Registered Member

    Joined:
    Sep 23, 2007
    Posts:
    55
    Location:
    Munich
    here is vista ultimate x64 used, but only if nod32 is disabled at the moment :)
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    We're on the ball, the problem is being investigated and should be resolved shortly with a newer engine update. If some files have been mistakenly quarantined, you can restore them manually.

    We apologize for the inconvenience.
     
  8. bafranksbro

    bafranksbro Registered Member

    Joined:
    May 22, 2008
    Posts:
    8
    Looks like it's only an issue with the newer version of NOD32 because I have version 2.7 still installed on my Vista machine but I have the newer version 3 installed on my XP machine. Maybe I'll go back to 2.7 if that's the case. My laptop running 2.7 is scanning the very same files and not finding anything wrong with them at all.

    EDIT: Ok just saw Marcos's reply. :)
     
  9. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    and if some files are mistakenly deleted?
     
  10. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    Running on Vista Ultimate 32bit, I have most of those games and none of them have ever been detected.. Are you using Original or "patched" exes??
     
  11. heiopai

    heiopai Registered Member

    Joined:
    May 22, 2008
    Posts:
    5
    Thank you that u take time for us and send the boring standard answer. very impressed!
     
  12. Leschy

    Leschy Registered Member

    Joined:
    Sep 23, 2007
    Posts:
    55
    Location:
    Munich
    all .exe files are original files from the original game dvd. nothing cracked or something like this. which version of nod do you use and which version of singatures?
     
  13. Leschy

    Leschy Registered Member

    Joined:
    Sep 23, 2007
    Posts:
    55
    Location:
    Munich
    ok, thank you for information, maybe you can give us short information, if it is fixed, so we can enable nod again.
     
  14. Leschy

    Leschy Registered Member

    Joined:
    Sep 23, 2007
    Posts:
    55
    Location:
    Munich
    ok, now nod is detecting more false positives... two files of nero burning rom are infected according nod32... I will completely disable it for now.
     
  15. Giftmacher

    Giftmacher Registered Member

    Joined:
    May 30, 2007
    Posts:
    19
    Add me to the list, I've two identical Vista systems NOD32 flags loads of .exes up as viruses and locks the system up. FYI:

    System: MSI P6N SLI FI @BIOS v2.3, Intel E6600, 320MB EVGA 8800GTS ACS3, Forceware 169.25,
    4Gb Patriot (PDC24G6400ELK) PC2-6400 2x 2Gb 5-5-5-12 rated @ 2.0V
    X-Fi XtremeGamer, 320GB Seagate SATA, NEC 18x DVD-RW RAM SATA,
    Corsair HX620 +3.3V 24A, +5V 30A, +12V1 18A, +12V2 18A, +12V3 18A
    OS: Vista home premium (64)

    The problem is so bad I've had to disable NOD32 in safe mode, I can't even click on the start menu without the system going non-responsive.

    Gift.
     
  16. Leschy

    Leschy Registered Member

    Joined:
    Sep 23, 2007
    Posts:
    55
    Location:
    Munich
    ok, welcome to the table :)
     
  17. rocketreeves

    rocketreeves Registered Member

    Joined:
    May 22, 2008
    Posts:
    1
    This is also happening to any PC that I have Adobe Acrobat 8.0 installed. The only way to regain control of the PC is to force a reboot and disable Nod as soon as it starts. Not a great solution.

    Actually it looks like it's happening on any exe file. I have a warning about AVSVIDEOTOGO.EXE on my laptop as I type this.
     
  18. Giftmacher

    Giftmacher Registered Member

    Joined:
    May 30, 2007
    Posts:
    19
    Misery loves company eh? :D

    Gift.
     
  19. chiefsheep

    chiefsheep Registered Member

    Joined:
    May 22, 2008
    Posts:
    2
    Having same issue with Adobe Acrobat v8 here. System goes non-responsive about 30 secs after boot complete. When I got the alert message the first time I hit "Delete". Will I be able to restore the file or would it be best to reinstall Acrobat?

    I have also (whilst in Safe Mode) remove NOD32 from the startup (egui.exe). However when I boot normally I am still experiencing lockups. Is there something else I need to disable until this is fixed?
     
  20. heiopai

    heiopai Registered Member

    Joined:
    May 22, 2008
    Posts:
    5
    like in an other post, nod32 staff (Marcos) said that we should disable the threadsense feature.

    https://www.wilderssecurity.com/showpost.php?p=1246816&postcount=2
     
  21. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Please use the following work-around:

    Open up the EAV or ESS Control Center by completing the following (do not click on anything else or your system will hang before you can complete this):

    For Windows XP

    1. Click on “Start”.

    2. Click on “All Programs”.

    3. Click on “ESET”.

    4. Click on “ESET NOD32 Antivirus” or “ESET Smart Security”.

    5. Click on “ESET NOD32 Antivirus” or “ESET Smart Security”, this will open up the EAV or ESS Control Center.

    6. Click on “Setup”.

    7. Click on “Enter entire advanced setup tree” or “Toggle advanced mode” and then “Enter entire advanced setup tree”.

    8. Click on “Tools” and make sure this is expanded so you can see the items beneath it.

    9. Click on “ThreatSense.Net”.

    10. In the right hand side, remove the tick from “Enable ThreatSense.Net Early Warning System”.

    11. Click on “OK”.

    12. Close the Control Center.

    13. Reboot your computer.

    Cheers :D
     
  22. Giftmacher

    Giftmacher Registered Member

    Joined:
    May 30, 2007
    Posts:
    19
    Yeah, there are services you need to disable too.

    Use msconfig as a quick and dirty solution, just go to selective start up and click off the ESET HTTP server and ESET service entries under the services tab.

    Gift.
     
  23. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    So, this only happens when running v3? Or is v2.7 also affected (so I can let some friends know about it)?
     
  24. dorgane

    dorgane Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    362
    Make update 3121 ;)
    it good now ;)
     
  25. metalalbert

    metalalbert Registered Member

    Joined:
    May 22, 2008
    Posts:
    46
    I have the same thing right now. After updating to definitions file 3120 with NOD32 V3.0 the game The Movies is considered an unknown virus. I tried sending the file to ESET for analysis but NOD32 tells me it can't send the file.

    Anybody know how to send in this file for analysis? Because I really enjoy playing this game and this is just a false positive.
     
Thread Status:
Not open for further replies.