Possible F/P on T.E.P's removelop.exe

Discussion in 'NOD32 version 2 Forum' started by spy1, Dec 14, 2004.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Got this hit after having run Eraser last night (although AMON probably just picked it up on its' own as it wandered along scanning during the Eraser run):

    (From the email sent by NOD) "12/14/2004 0:48:02 AM - AMON - Antivirus monitor Program Virus Alert triggered on NONE-8EE7DS6F1Q: C:\Program Files\Acesoft\Tracks Eraser Pro\Plugins\removelop.exe infected with probably unknown NewHeur_PE virus."

    Everything's wide-open here, settings-wise, in NOD.


    (NOD info)
    NOD32 Antivirus System information
    Virus signature database version: 1.947 (20041214)
    Dated: Tuesday, December 14, 2004
    Virus signature database build: 5062

    Information on other scanner support parts
    Advanced heuristics module version: 1.011 (20041126)
    Advanced heuristics module build: 1067
    Internet filter version: 1.002 (2004070:cool:
    Internet filter build: 1013
    Archive support module version: 1.024 (20041125)
    Archive support module build version: 1104

    Information on installed components
    NOD32 For Windows NT/2000/XP/2003 - Base
    Version: 2.12.2
    NOD32 For Windows NT/2000/XP/2003 - Internet support
    Version: 2.12.2
    NOD32 for Windows NT/2000/XP/2003 - Standard component
    Version: 2.12.2

    Operating system information
    Platform: Windows XP
    Version: 5.1.2600 Service Pack 2
    Version of common control components: 5.82.2900
    RAM: 1024 MB
    Processor: AMD Athlon(tm) Processor (1325 MHz)

    Should I submit it? I'm thinkin' it's probably a F/P. Pete
     

    Attached Files:

  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    65,898
    Location:
    Texas
    Pete,

    I would send it in since it is a heuristically discovered item. They can either remove the false positive or confirm it is malware.
     
  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Okey-dokey. Gotta zip it up - Comporium won't deliver anything with an exe as an attachment. Pete

    *Sent
     
  4. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Okay, it's been six days since I sent it in (four "business" days) and I haven't received confirmation of the file as malware (or even receipt of the file I sent).

    Nor has the F/P (if that's what it is) been removed (I'm still getting hits on it from NOD up to and including a full scan that just finished minutes ago).

    NOD32 Antivirus System information
    Virus signature database version: 1.953 (20041219)
    Dated: Sunday, December 19, 2004
    Virus signature database build: 5080

    Information on other scanner support parts
    Advanced heuristics module version: 1.011 (20041126)
    Advanced heuristics module build: 1067
    Internet filter version: 1.002 (2004070:cool:
    Internet filter build: 1013
    Archive support module version: 1.024 (20041125)
    Archive support module build version: 1104

    Information on installed components
    NOD32 For Windows NT/2000/XP/2003 - Base
    Version: 2.12.2
    NOD32 For Windows NT/2000/XP/2003 - Internet support
    Version: 2.12.2
    NOD32 for Windows NT/2000/XP/2003 - Standard component
    Version: 2.12.2

    Operating system information
    Platform: Windows XP
    Version: 5.1.2600 Service Pack 2
    Version of common control components: 5.82.2900
    RAM: 1024 MB
    Processor: AMD Athlon(tm) Processor (1325 MHz)


    ESET does have some form of technical support, doesn't it? Pete
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    65,898
    Location:
    Texas
    Pete

    No excuse for not replying or fixing the problem in my book. I hope Eset will rachet up their support a notch.

    I understand one of the upcoming versions will have a way to submit samples built in the program.

    Not much anyone can say right now though.
     
  6. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Merry Christmas, everyone!

    Still getting this upon full scans with NOD32:

    C:\Program Files\Acesoft\Tracks Eraser Pro\Plugins\removelop.exe - probably unknown NewHeur_PE virus [7]

    so I'll just keep submitting it (daily) until I get a response.

    HOHOHO! <g> Pete
     
  7. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,661
    Location:
    Throughout the USA and Canada
    Someone at Eset is working - the definitions update today is proof of that... my guess is the same person doesn't update their virus definitions database that drives the web site - no clues yet from the Eset/NOD32.COM/.CH sites as to what the update does, but at least we have it!

    See... http://www.nod32usa.com/nod32-updates/ for at least an interim message concerning the v1.958 Virus Definitions Update....

    Merry Christmas everyone!!
     
  8. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Update or no update - the alert keeps showing up:

    NOD32 Antivirus System information
    Virus signature database version: 1.958 (20041225)
    Dated: Saturday, December 25, 2004
    Virus signature database build: 5105

    Information on other scanner support parts
    Advanced heuristics module version: 1.011 (20041126)
    Advanced heuristics module build: 1067
    Internet filter version: 1.002 (2004070:cool:
    Internet filter build: 1013
    Archive support module version: 1.025 (20041221)
    Archive support module build version: 1106

    Information on installed components
    NOD32 For Windows NT/2000/XP/2003 - Base
    Version: 2.12.2
    NOD32 For Windows NT/2000/XP/2003 - Internet support
    Version: 2.12.2
    NOD32 for Windows NT/2000/XP/2003 - Standard component
    Version: 2.12.2

    Operating system information
    Platform: Windows XP
    Version: 5.1.2600 Service Pack 2
    Version of common control components: 5.82.2900
    RAM: 1024 MB
    Processor: AMD Athlon(tm) Processor (1325 MHz)

    (Does all that program info look like it's the most current available to everyone?). Pete
     

    Attached Files:

  9. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,661
    Location:
    Throughout the USA and Canada
    This might not be as clear-cut as first thought.... a quick google for removelop.exe yields several sites that list the file as one to be removed or deleted. Perhaps your F/P is not F at all... even though it came from something you considered a "reliable" source.

    hth

    GHL
     
  10. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    GHL - Yes, that might conceivably be why I first submitted the file 11 days ago!. Pete
     
  11. rumpstah

    rumpstah Registered Member

    Joined:
    Mar 19, 2003
    Posts:
    486
    Hi Pete:

    Your program components should be similar to the following (the 2.12.3 must be directly downloaded from Eset (or your reseller's site) it is not an automatic update):

    NOD32 Antivirus System information
    Virus signature database version: 1.958 (20041225)
    Dated: Saturday, December 25, 2004
    Virus signature database build: 5105

    Information on other scanner support parts
    Advanced heuristics module version: 1.011 (20041126)
    Advanced heuristics module build: 1067
    Internet filter version: 1.002 (20040708 )
    Internet filter build: 1013
    Archive support module version: 1.025 (20041221)
    Archive support module build version: 1106

    Information on installed components
    NOD32 For Windows NT/2000/XP/2003 - Base
    Version: 2.12.3
    NOD32 For Windows NT/2000/XP/2003 - Internet support
    Version: 2.12.3
    NOD32 for Windows NT/2000/XP/2003 - Standard component
    Version: 2.12.3
     
  12. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    rumpstah - I installed 2.12.3 and scanned. Same alert, but thanks for reminding me about that (these four days off have been a Godsend for catching up with stuff).

    Hope you're having a very Merry Christmas there. Pete
     
  13. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
  14. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Email from NOD's Tech Support received this morning:

    "Hello,

    this was only a false positive and is going to be cured in the next update
    1.959. Thank you for sending us the sample.


    Regards,

    Mark


    ESET Software Technical Support
    www.nod32.com "

    Thank you. That's all I wanted to know. I'll verify after 1.959 comes out. Pete
     
  15. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Full scan came up clean.

    Case closed.

    After all, it only took a couple of weeks to resolve. Pete
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.