NOD32 false positive?

Discussion in 'ESET NOD32 Antivirus' started by Di0g0, Aug 8, 2010.

Thread Status:
Not open for further replies.
  1. Di0g0

    Di0g0 Registered Member

    Joined:
    Aug 4, 2008
    Posts:
    13
    False Positive?

    ~Link to possible malware removed.~


    Threat: probably a variant of Win32/Agent Trojan
     
    Last edited by a moderator: Aug 8, 2010
  2. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    Your archive contains two PE files - one EXE and one DLL.

    Norton/Symantec detect the DLL as known Adware program.
    http://www.symantec.com/security_response/writeup.jsp?docid=2006-042612-1829-99
    The EXE file is considered highly untrusted by Norton.

    Additionally , on Virus total a few heuristic engines trigger an alert:

    ~Virus Total links removed~


    Are you sure it is false positive? If 100% , submit it to ESET and beging to hope they fix it
     

    Attached Files:

    • 1.PNG
      1.PNG
      File size:
      53 KB
      Views:
      238
    • 2.PNG
      2.PNG
      File size:
      55.7 KB
      Views:
      236
    Last edited by a moderator: Aug 8, 2010
  3. Di0g0

    Di0g0 Registered Member

    Joined:
    Aug 4, 2008
    Posts:
    13
    I think its a false positive. I tested this file...
     
  4. Malcontent

    Malcontent Registered Member

    Joined:
    Dec 30, 2005
    Posts:
    451
    Location:
    Cleveland, Ohio USA
    I'm trialing Vipre and it nails these files as soon as they are extracted. It detected by generic signature.

    Trojan.Win32.Generic!BT
     
    Last edited: Aug 8, 2010
  5. Di0g0

    Di0g0 Registered Member

    Joined:
    Aug 4, 2008
    Posts:
    13
    and? avast and other companys removed this from the database.
     
  6. Malcontent

    Malcontent Registered Member

    Joined:
    Dec 30, 2005
    Posts:
    451
    Location:
    Cleveland, Ohio USA
    And? What? Just saying that Vipre currently detects this as malware. Just as Nod does.
     
  7. Di0g0

    Di0g0 Registered Member

    Joined:
    Aug 4, 2008
    Posts:
    13
    Microsoft removed from the database!


    The Microsoft Malware Protection Center (MMPC) has investigated the following file(s) which we received on ...


    Submission ID ...

    Submitted Files
    =============================================
    TeknoGods_Beta13.zip [Not Malware]
    +---ConnectionOverrideHamachi.reg [Not Malware]
    +---ConnectionOverrideTunngle.reg [Not Malware]
    +---DLLLoad.exe [Not Malware]
    +---readme.txt [Not Malware]
    +---TeknoGods.dll [Not Malware]
     
  8. Di0g08

    Di0g08 Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    8
    LOl now Eset and Microsoft Removed this from the database, but malwarebytes added this to the database :O
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.