NOD32 falsely accuses winRAR

Discussion in 'NOD32 version 2 Forum' started by Access Denied, Oct 20, 2003.

Thread Status:
Not open for further replies.
  1. Access Denied

    Access Denied Registered Member

    Aug 8, 2003
    Computer Chair
    I have tried with many combinations of compressing two files into a self extractor(exe) with WinRAR. Every attempt is blocked by NOD32 saying its a Trojan which is wrong because TDS-3 is running with exec prot active. o_O o_O o_O
  2. radicalb21

    radicalb21 Registered Member

    Jun 6, 2003
    Hey Eliot,
    Its radicalb21. I have just tested and gotten the same result as you. First what version of WinRAR are you running? I am running WinRAR 3.20. Also could you please post a copy of your Virus Log as well as post a copy of your system information as screenshots. Second could you please send a copy of the quarantine files to Also if you are running Windows XP or ME you will want to delete your restore points and then restart your computer. Right click my computer choose prorperties select the system restore tab and put a check mark in turn off system restore click apply then ok you will also get another box come up telling you are disabling system restore just click ok. Next restart your system. When you get back to your desktop right click on my computer and choose properties then select the system restore tab and take the check mark out of turn off system restore then click apply then ok. Next go to Start then all programs then accessories then system tools then system restore. Then click on system restore select create a restore point and name it whatever you want then click ok.

    Time   Module   Object   Name   Virus   Action   User   Info
    10/20/2003 23:08:52 PM   AMON   file   C:\Documents and Settings\v1ru5\My Documents\teamshadow_ecqttc.sfx.exe   Win32/IRC.SdBot.EC trojan   error occured while quarantining the object - - error while deleting - error while deleting - error while deleting - error while renaming      
    10/20/2003 23:08:00 PM   AMON   file   C:\Documents and Settings\v1ru5\My Documents\teamshadow_ecqttc.sfx.exe   Win32/IRC.SdBot.EC trojan   quarantined - deleted   V1RU5-RUI01HDAI\v1ru5   

    NOD32 Antivirus System information
    Virus signature database version:   1.537 (20031020)
    Dated:   Monday, October 20, 2003
    Virus signature database build:   3989

    Information on other scanner support parts
    Advanced heuristics module version:   1.003 (20030805)
    Advanced heuristics module build:   1032
    Archive support module version:   1.005 (20030924)
    Archive support module build version:   1061

    Information on installed components
    NOD32 For Windows NT/2000/XP - Base
    Version:   2.000.6
    NOD32 For Windows NT/2000/XP - Internet support
    Version:   2.000.6
    NOD32 for Windows NT/2000/XP - Standard component
    Version:   2.000.6

    Operating system information
    Platform:   Windows XP
    Version:   5.1.2600 Service Pack 1
    Version of common control components:   5.82.2800
    RAM:   512 MB
    Processor:   Intel(R) Pentium(R) 4 Mobile CPU 1.50GHz (1495 MHz)

    I would appreciate a response from an ESET Moderator, Forum Moderator or member as well as an Administrator. I believe this to be a false positive. I scanned this file before trying to do a self extracting exe file. I tried this both in a .rar and .zip format and both times AMON popped up numerous times about this. Any and all help would be appreciated. I also scanned the file in question numerous times with online scanners looking at that specific file. These online services didn't detect the trojan it said I have. I will be forwarding the quarantined file to ESET samples email address.
  3. LowWaterMark

    LowWaterMark Administrator

    Aug 10, 2002
    New England
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.