Nod32 false positive

Discussion in 'ESET NOD32 Antivirus' started by jw232, Dec 26, 2008.

Thread Status:
Not open for further replies.
  1. jw232

    jw232 Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    2
    Nod32 gives me a lot of false positives on several applications where I use an "open containing folder" action. For example, in uTorrent, when I right-click a completed torrent and select "open containing folder", Nod32 gives the following alert message:

    Object:
    C:\temp\rdl11B6.tmp
    Threat:
    Win32/AutoRun.FakeAlert.M worm
    Information:
    cleaned by deleting - quarantined

    and instead of the correct folder being opened it goes to My Documents. Other programs that Nod32 does this with have a similar alert message. The object is always of type .tmp in C:\temp and the threat is always Win32/AutoRun.FakeAlert.M worm. When I disable Nod32 the alert messages do not appear but My Documents is still opened instead of the correct folder. How can I fix this? Thanks.
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Considering it's temp, I think you're actually infected with something...
     
  3. jw232

    jw232 Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    2
    I ran Avira and AVG and they didn't say anything. And if it is a real virus, I'm suspicious why it only runs when "open containing folder" is clicked. Nothing showed up when I scanned the temp folder.
     
  4. Mitjko

    Mitjko Registered Member

    Joined:
    Dec 27, 2008
    Posts:
    1
    It doesn't mean it is false positive. I had much trust in ESET NOD32, but now I'm disappointed. My friend call me and told me he found a virus with his Symantec antivirus in one file which I sent him. I upload file here:
    http://virusscan.jotti.org/
    and the results are in the attached file. If there are more than 5 positive, then you're probably infected.
    Cheers

    Snipped: link removed. Posting links to malware is against TOS. Remember that no AV detects 100% of all malware and what one detectes the others can miss and vice-versa. Please send the file in question in a password protected archive to samples[at]eset.com with this thread's url in the subject.
     
    Last edited by a moderator: Dec 27, 2008
Thread Status:
Not open for further replies.