NOD32 Detects new Prevx CSI as a trojan

Discussion in 'other anti-malware software' started by Hermescomputers, Feb 5, 2008.

Thread Status:
Not open for further replies.
  1. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Hello all... here's a sure FP...
    I downloaded the Executable as well as performed an built in update and both detected and killed by NOD32 3.0

    A scan at virus total came up clean:
    [ file data ]
    * name: PREVXCSIFREE.EXE
    * size: 621624
    * md5.: 5b3f4f9e32eafe0a975bafc596baed9d
    * sha1: 48a2770a41849ed7a9a42d0c3d00ef8ed89d293d
     

    Attached Files:

    Last edited: Feb 5, 2008
  2. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    are you sure it is a FP.;)
     
  3. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    I certainly hope so! :cautious:
    Chasing the dog's tale just to be sure...
     
  4. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
  5. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    Someone posted the same FP over on Castlecops. I sent a PM to Eraser to make sure he sees this thread.
     
  6. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    AVG AV Free also identifies the new Prevx CSI as a threat (Trojan horse Generic9.AXPJ). I'm not sure what to do about this though. Should I report this anywhere?
     
  7. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    We are aware of this and we're going to fix these false positive detections

    Thanks for your reports.

    Marco
     
  8. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    I run NOD32 2.7 (heuristics enabled) and it doesn't report the FP (like v3.0 does). Are there any other people with NOD2.7 who can run the new Prevx CSI without an alert by NOD?
     
  9. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
  10. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    I know, but that's my point...I can run PrevxCSI.exe without any problems.
     
  11. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    I just tried right now... Made updated DAT's but NOD Still kills it...
     

    Attached Files:

    Last edited: Feb 6, 2008
  12. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    I see, but you are running v3.0 right? Perhaps there is a difference in detection between 2.7 and 3.0.
     
  13. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Yes... 3.0, maybe I should have given a second look @ the pic you put in... :)
     
  14. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    fp fix in letest update 2854
    please update you eav or ess
     
  15. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    The new version of PrevxCSI that came out a few days ago was version 1.5.103.193. There was an update yesterday to version 1.5.103.197. It is this update that seems to triggering the fp's. It seems to have embeded itself deeper into the system and is scanning more files in less than half the time on my system!

    Ian
     
  16. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    Eset and AVG should be fixed now
     
  17. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    AVG Free still detects it as a threat after installing the latest updates.o_O
     
  18. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    is it? What is it detecting exactly?
     
  19. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    I downloaded Prevxcsi.exe again and ran it and now it runs fine. No more warnings from AVG Free. :thumb:

    Just to confirm: the latest version is 1.5.103.197, right?
     
  20. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    Yes it is
     
  21. rolarocka

    rolarocka Guest

    threatfire gives a yellow alert for a temp file created by prevxcsi. threatfire is at level 3 (standard) and latest prevxcsi version.
     
  22. quasim

    quasim Registered Member

    Joined:
    Feb 8, 2008
    Posts:
    3
    I never used PrevX CSI before, but reading this thread I decided to give it a try and check out if Kaspersky 7 gives any warning.
    Download - OK
    Running - OK

    No complaints yet.
     
Loading...
Thread Status:
Not open for further replies.