POLY.MACRO Virus said NOD32

Discussion in 'ESET NOD32 Antivirus' started by Jibse, Mar 30, 2008.

Thread Status:
Not open for further replies.
  1. Jibse

    Jibse Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    54
    I made two applications vba of which I am sure, but NOD32 always indicates me a POLY.MACRO virus and if I accept a clean, he erases simply all the macro. I had taken care of making copies, otherwise! Is there a way to exclude this specific files (excel with macros) ? Thanks.
     
  2. ASpace

    ASpace Guest

  3. Jibse

    Jibse Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    54
    Thanks HiTech,

    I knew that, but we have to indicate a specific folder. It's impossible (or it doesn't work) to tell to Nod32 to not touch myfile.xls everywhere it is.

    I am nearly sure that my files are not infected by this Poly.Macro virus. Nod32 saw this virus in the complex vba applications. Kaspersky, for example, do not saw it.

    I am very annoyed with this problem because if, by mistake, I "clean" the file, Nod32 erase all my macro. So, I am hesitating to keep Nod32.
     
  4. ASpace

    ASpace Guest

    A whole folder is excluded in a format with a single star at the end . Example:

    C:\Programs\Folder\*

    This star will exclude all the folders/subfolders and files that are in "Folder".



    Wilderscards are possible here but I think it is not possible with any antivirus to exclude any files just by their name , no matter the location.

    Please , send a support request to ESET (support@eset.com) or send your samples to ESET Labs so that they can check them and see what can be done
     
  5. Jibse

    Jibse Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    54
    Big disappointment on behalf of ESET. I followed your advice. It is the service of Bratislava which answered me. Roughly speaking, answer is the following one: if you have a file allegedly infected with Polymacrovirus, send it to Nod32, it will exclude it from their base. What means that there is no virus, but that NOD32 cuts the Gordian knot. If you have many files Excel with the code VBA which trigger false alarm, it will be necessary to send them to ESET NOD32. Worse, perhaps hurt by my disappointment, technical service did not even answer my last message of April 27 and I always have a package of infected so-called files. Result is that I can not use any more NOD32 in resident!
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hello,
    there are 2 ways how to deal with these false positives when NOD32 reacts to a suspicious code you used:
    1, submit the files to samples[at]eset.com (I'd suggest putting "False positives" to the subject and protecting the archive with the password "infected")
    2, if the files are located in a specific folder, add it to the exclusion list as suggested by HiTech Boy.

    The third option (not prefered) is disabling heuristics (not advanced heuristics) that checks scripts for unknown suspicious code.
     
  7. Jibse

    Jibse Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    54
    Thank you,

    But is solution 1 better than send files to Bratislava, as I did ?
    Obviously, solution 2 is a good solution for today, but dangerous for the following days.
    I have tried your third solution, disable heuristic and advanced heuristic, but it doesn't change anything.
     
Thread Status:
Not open for further replies.