NOD32 product flagging my 'Phant0m``s Look 'n' Stop Ruleset Installer'

Discussion in 'ESET NOD32 Antivirus' started by Phant0m, Apr 17, 2013.

Thread Status:
Not open for further replies.
  1. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    I like to enquire about what channel do I go through to dispute NOD32 product flagging my stuff like 'Phant0m``s Look 'n' Stop Ruleset Installer' ( Phant0m_Looknstop_Ruleset_Deluxe.zip MD5 hash: 4f45d61b4049f34993dbd1c5d8825cbe .) w/Threat: probably a variant of Win32/Agent.KKXQKIY trojan

    ....such severity in threat labelling when we know it's only flagging because of the use of run-time packer.
     
  2. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
  3. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Them channels tends to analyze file and report back about being infected.

    This channel will be different? ... meaning will there be a person that will actually have a discussion with me on this?
     
    Last edited: Apr 17, 2013
  4. Janus

    Janus Registered Member

    Joined:
    Jan 2, 2012
    Posts:
    588
    Location:
    Europe - Denmark .
    Hi

    If you look at Virustotal,using the MD5 hash: 4f45d61b4049f34993dbd1c5d8825cbe
    applied by you, you will find a Detection ratio: 25 / 46. It doesn't look as it is a false positive.

    Regards, Janus
     
  5. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
  6. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    As Swex has already mentioned, the correct method for requesting re-examination of a file that you believe may be generating a false positive alarm is to contact ESET's threat research laboratory.

    Instructions for doing so can be found in ESET Knowledgebase Article 141, "How to submit virus or potential false positive samples to ESET's labs."

    Having said that, you now have received instructions on the best way to contact ESET to discuss the detection, and we shall draw this conversation to a close.

    Regards,

    Aryeh Goretsky
     
Thread Status:
Not open for further replies.