NOD32 false positive?

Discussion in 'ESET NOD32 Antivirus' started by Di0g0, Aug 8, 2010.

Thread Status:
Not open for further replies.
  1. Di0g0

    Di0g0 Registered Member

    Joined:
    Aug 4, 2008
    Posts:
    13
    False Positive?

    ~Link to possible malware removed.~


    Threat: probably a variant of Win32/Agent Trojan
     
    Last edited by a moderator: Aug 8, 2010
  2. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    Your archive contains two PE files - one EXE and one DLL.

    Norton/Symantec detect the DLL as known Adware program.
    http://www.symantec.com/security_response/writeup.jsp?docid=2006-042612-1829-99
    The EXE file is considered highly untrusted by Norton.

    Additionally , on Virus total a few heuristic engines trigger an alert:

    ~Virus Total links removed~


    Are you sure it is false positive? If 100% , submit it to ESET and beging to hope they fix it
     

    Attached Files:

    • 1.PNG
      1.PNG
      File size:
      53 KB
      Views:
      238
    • 2.PNG
      2.PNG
      File size:
      55.7 KB
      Views:
      236
    Last edited by a moderator: Aug 8, 2010
  3. Di0g0

    Di0g0 Registered Member

    Joined:
    Aug 4, 2008
    Posts:
    13
    I think its a false positive. I tested this file...
     
  4. Malcontent

    Malcontent Registered Member

    Joined:
    Dec 30, 2005
    Posts:
    451
    Location:
    Cleveland, Ohio USA
    I'm trialing Vipre and it nails these files as soon as they are extracted. It detected by generic signature.

    Trojan.Win32.Generic!BT
     
    Last edited: Aug 8, 2010
  5. Di0g0

    Di0g0 Registered Member

    Joined:
    Aug 4, 2008
    Posts:
    13
    and? avast and other companys removed this from the database.
     
  6. Malcontent

    Malcontent Registered Member

    Joined:
    Dec 30, 2005
    Posts:
    451
    Location:
    Cleveland, Ohio USA
    And? What? Just saying that Vipre currently detects this as malware. Just as Nod does.
     
  7. Di0g0

    Di0g0 Registered Member

    Joined:
    Aug 4, 2008
    Posts:
    13
    Microsoft removed from the database!


    The Microsoft Malware Protection Center (MMPC) has investigated the following file(s) which we received on ...


    Submission ID ...

    Submitted Files
    =============================================
    TeknoGods_Beta13.zip [Not Malware]
    +---ConnectionOverrideHamachi.reg [Not Malware]
    +---ConnectionOverrideTunngle.reg [Not Malware]
    +---DLLLoad.exe [Not Malware]
    +---readme.txt [Not Malware]
    +---TeknoGods.dll [Not Malware]
     
  8. Di0g08

    Di0g08 Registered Member

    Joined:
    Sep 5, 2009
    Posts:
    8
    LOl now Eset and Microsoft Removed this from the database, but malwarebytes added this to the database :O
     
Thread Status:
Not open for further replies.