Possible F/P on T.E.P's removelop.exe

Discussion in 'NOD32 version 2 Forum' started by spy1, Dec 14, 2004.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Got this hit after having run Eraser last night (although AMON probably just picked it up on its' own as it wandered along scanning during the Eraser run):

    (From the email sent by NOD) "12/14/2004 0:48:02 AM - AMON - Antivirus monitor Program Virus Alert triggered on NONE-8EE7DS6F1Q: C:\Program Files\Acesoft\Tracks Eraser Pro\Plugins\removelop.exe infected with probably unknown NewHeur_PE virus."

    Everything's wide-open here, settings-wise, in NOD.


    (NOD info)
    NOD32 Antivirus System information
    Virus signature database version: 1.947 (20041214)
    Dated: Tuesday, December 14, 2004
    Virus signature database build: 5062

    Information on other scanner support parts
    Advanced heuristics module version: 1.011 (20041126)
    Advanced heuristics module build: 1067
    Internet filter version: 1.002 (2004070:cool:
    Internet filter build: 1013
    Archive support module version: 1.024 (20041125)
    Archive support module build version: 1104

    Information on installed components
    NOD32 For Windows NT/2000/XP/2003 - Base
    Version: 2.12.2
    NOD32 For Windows NT/2000/XP/2003 - Internet support
    Version: 2.12.2
    NOD32 for Windows NT/2000/XP/2003 - Standard component
    Version: 2.12.2

    Operating system information
    Platform: Windows XP
    Version: 5.1.2600 Service Pack 2
    Version of common control components: 5.82.2900
    RAM: 1024 MB
    Processor: AMD Athlon(tm) Processor (1325 MHz)

    Should I submit it? I'm thinkin' it's probably a F/P. Pete
     

    Attached Files:

  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
    Pete,

    I would send it in since it is a heuristically discovered item. They can either remove the false positive or confirm it is malware.
     
  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Okey-dokey. Gotta zip it up - Comporium won't deliver anything with an exe as an attachment. Pete

    *Sent
     
  4. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Okay, it's been six days since I sent it in (four "business" days) and I haven't received confirmation of the file as malware (or even receipt of the file I sent).

    Nor has the F/P (if that's what it is) been removed (I'm still getting hits on it from NOD up to and including a full scan that just finished minutes ago).

    NOD32 Antivirus System information
    Virus signature database version: 1.953 (20041219)
    Dated: Sunday, December 19, 2004
    Virus signature database build: 5080

    Information on other scanner support parts
    Advanced heuristics module version: 1.011 (20041126)
    Advanced heuristics module build: 1067
    Internet filter version: 1.002 (2004070:cool:
    Internet filter build: 1013
    Archive support module version: 1.024 (20041125)
    Archive support module build version: 1104

    Information on installed components
    NOD32 For Windows NT/2000/XP/2003 - Base
    Version: 2.12.2
    NOD32 For Windows NT/2000/XP/2003 - Internet support
    Version: 2.12.2
    NOD32 for Windows NT/2000/XP/2003 - Standard component
    Version: 2.12.2

    Operating system information
    Platform: Windows XP
    Version: 5.1.2600 Service Pack 2
    Version of common control components: 5.82.2900
    RAM: 1024 MB
    Processor: AMD Athlon(tm) Processor (1325 MHz)


    ESET does have some form of technical support, doesn't it? Pete
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
    Pete

    No excuse for not replying or fixing the problem in my book. I hope Eset will rachet up their support a notch.

    I understand one of the upcoming versions will have a way to submit samples built in the program.

    Not much anyone can say right now though.
     
  6. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Merry Christmas, everyone!

    Still getting this upon full scans with NOD32:

    C:\Program Files\Acesoft\Tracks Eraser Pro\Plugins\removelop.exe - probably unknown NewHeur_PE virus [7]

    so I'll just keep submitting it (daily) until I get a response.

    HOHOHO! <g> Pete
     
  7. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    Someone at Eset is working - the definitions update today is proof of that... my guess is the same person doesn't update their virus definitions database that drives the web site - no clues yet from the Eset/NOD32.COM/.CH sites as to what the update does, but at least we have it!

    See... http://www.nod32usa.com/nod32-updates/ for at least an interim message concerning the v1.958 Virus Definitions Update....

    Merry Christmas everyone!!
     
  8. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Update or no update - the alert keeps showing up:

    NOD32 Antivirus System information
    Virus signature database version: 1.958 (20041225)
    Dated: Saturday, December 25, 2004
    Virus signature database build: 5105

    Information on other scanner support parts
    Advanced heuristics module version: 1.011 (20041126)
    Advanced heuristics module build: 1067
    Internet filter version: 1.002 (2004070:cool:
    Internet filter build: 1013
    Archive support module version: 1.025 (20041221)
    Archive support module build version: 1106

    Information on installed components
    NOD32 For Windows NT/2000/XP/2003 - Base
    Version: 2.12.2
    NOD32 For Windows NT/2000/XP/2003 - Internet support
    Version: 2.12.2
    NOD32 for Windows NT/2000/XP/2003 - Standard component
    Version: 2.12.2

    Operating system information
    Platform: Windows XP
    Version: 5.1.2600 Service Pack 2
    Version of common control components: 5.82.2900
    RAM: 1024 MB
    Processor: AMD Athlon(tm) Processor (1325 MHz)

    (Does all that program info look like it's the most current available to everyone?). Pete
     

    Attached Files:

  9. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    This might not be as clear-cut as first thought.... a quick google for removelop.exe yields several sites that list the file as one to be removed or deleted. Perhaps your F/P is not F at all... even though it came from something you considered a "reliable" source.

    hth

    GHL
     
  10. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    GHL - Yes, that might conceivably be why I first submitted the file 11 days ago!. Pete
     
  11. rumpstah

    rumpstah Registered Member

    Joined:
    Mar 19, 2003
    Posts:
    486
    Hi Pete:

    Your program components should be similar to the following (the 2.12.3 must be directly downloaded from Eset (or your reseller's site) it is not an automatic update):

    NOD32 Antivirus System information
    Virus signature database version: 1.958 (20041225)
    Dated: Saturday, December 25, 2004
    Virus signature database build: 5105

    Information on other scanner support parts
    Advanced heuristics module version: 1.011 (20041126)
    Advanced heuristics module build: 1067
    Internet filter version: 1.002 (20040708 )
    Internet filter build: 1013
    Archive support module version: 1.025 (20041221)
    Archive support module build version: 1106

    Information on installed components
    NOD32 For Windows NT/2000/XP/2003 - Base
    Version: 2.12.3
    NOD32 For Windows NT/2000/XP/2003 - Internet support
    Version: 2.12.3
    NOD32 for Windows NT/2000/XP/2003 - Standard component
    Version: 2.12.3
     
  12. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    rumpstah - I installed 2.12.3 and scanned. Same alert, but thanks for reminding me about that (these four days off have been a Godsend for catching up with stuff).

    Hope you're having a very Merry Christmas there. Pete
     
  13. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
  14. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Email from NOD's Tech Support received this morning:

    "Hello,

    this was only a false positive and is going to be cured in the next update
    1.959. Thank you for sending us the sample.


    Regards,

    Mark


    ESET Software Technical Support
    www.nod32.com "

    Thank you. That's all I wanted to know. I'll verify after 1.959 comes out. Pete
     
  15. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Full scan came up clean.

    Case closed.

    After all, it only took a couple of weeks to resolve. Pete
     
Thread Status:
Not open for further replies.