NOD32 Detects new Prevx CSI as a trojan

Hello all... here's a sure FP...
I downloaded the Executable as well as performed an built in update and both detected and killed by NOD32 3.0

A scan at virus total came up clean:
[ file data ]
* name: PREVXCSIFREE.EXE
* size: 621624
* md5.: 5b3f4f9e32eafe0a975bafc596baed9d
* sha1: 48a2770a41849ed7a9a42d0c3d00ef8ed89d293d

 

are you sure it is a FP.

 

I certainly hope so!
Chasing the dog's tale just to be sure...

 

please see i post reply
https://www.wilderssecurity.com/showthread.php?t=199525

 

Someone posted the same FP over on Castlecops. I sent a PM to Eraser to make sure he sees this thread.

 

AVG AV Free also identifies the new Prevx CSI as a threat (Trojan horse Generic9.AXPJ). I'm not sure what to do about this though. Should I report this anywhere?

 

We are aware of this and we're going to fix these false positive detections

Thanks for your reports.

Marco

 

I run NOD32 2.7 (heuristics enabled) and it doesn't report the FP (like v3.0 does). Are there any other people with NOD2.7 who can run the new Prevx CSI without an alert by NOD?

 

The FP doesn't activate until u run the executable....

 

I know, but that's my point...I can run PrevxCSI.exe without any problems.

 

I just tried right now... Made updated DAT's but NOD Still kills it...

 

I see, but you are running v3.0 right? Perhaps there is a difference in detection between 2.7 and 3.0.

 

Yes... 3.0, maybe I should have given a second look @ the pic you put in...

 

fp fix in letest update 2854
please update you eav or ess

 

The new version of PrevxCSI that came out a few days ago was version 1.5.103.193. There was an update yesterday to version 1.5.103.197. It is this update that seems to triggering the fp's. It seems to have embeded itself deeper into the system and is scanning more files in less than half the time on my system!

Ian

 

Eset and AVG should be fixed now

 

AVG Free still detects it as a threat after installing the latest updates.

 

is it? What is it detecting exactly?

 

I downloaded Prevxcsi.exe again and ran it and now it runs fine. No more warnings from AVG Free.

Just to confirm: the latest version is 1.5.103.197, right?

 

Yes it is

 

threatfire gives a yellow alert for a temp file created by prevxcsi. threatfire is at level 3 (standard) and latest prevxcsi version.

 

I never used PrevX CSI before, but reading this thread I decided to give it a try and check out if Kaspersky 7 gives any warning.
Download - OK
Running - OK

No complaints yet.