Possible False Positive-SmitFraudFix

Discussion in 'NOD32 version 2 Forum' started by racketeer66, Sep 16, 2006.

Thread Status:
Not open for further replies.
  1. racketeer66

    racketeer66 Registered Member

    Joined:
    Mar 19, 2006
    Posts:
    84
    Location:
    Hungary
    Here we go- got this when tried to open this file. As far as I'm concerned SmitFraudFix is a well-respected removal tool recommended by trustworthy sites like Majorgeek, Bleepingcomputer, Spywareinfo etc.
    It is good against a number of new (or old) spyware - threats, likes of Spywaresheriff, SpyHeal, SpyQuake.


    Time Modul Object Name Virus Action User Information
    2006.09.16. 15:23:10 AMON fájl C:\Documents and Settings\.......\Dokumentumok\Downloads\Compressed\SmitfraudFix\SmitfraudFix\Process.exe Win32/PrcView alkalmazás MATRIX-4QJ01EH2\.........A Application which triggered alert (op: file-access): C:\Program Files\Eset\nod32kui.exe.

    Message sent to ESET labor.
     
  2. covaro

    covaro Registered Member

    Joined:
    Jul 4, 2006
    Posts:
    149
    Location:
    Abingdon, MD, USA

    It is not a false positive. PrcView is a Potentially Dangerous Application and it is detected by a bunch of scanners. This has previously been beat to death.

    -Cov
     
  3. racketeer66

    racketeer66 Registered Member

    Joined:
    Mar 19, 2006
    Posts:
    84
    Location:
    Hungary
    Are we talkin' about the same thing, Mate? U think it's a virus?
     
  4. racketeer66

    racketeer66 Registered Member

    Joined:
    Mar 19, 2006
    Posts:
    84
    Location:
    Hungary
    Description:

    This is a non-malicious tool that can be used for malicious intention.

    This tool is designed to display detailed information about processes that are running under the Windows system.

    Remote malicious users, through third-party applications, can use this utility to kill a running process or activate any application on a Windows system.

    This tool runs on Windows 95, 98, ME, NT, 2000, and XP.
     
  5. covaro

    covaro Registered Member

    Joined:
    Jul 4, 2006
    Posts:
    149
    Location:
    Abingdon, MD, USA
    Yes we are talking about the same thing. The Process.exe found in the SmitFraud removal script is a PDA and is detected as such. Easiest fix is to turn off PDA in AMON.

    Hence the Potential Dangerous Application detection.

    -Cov
     
  6. racketeer66

    racketeer66 Registered Member

    Joined:
    Mar 19, 2006
    Posts:
    84
    Location:
    Hungary
    I've already excluded this process in AMON (interimly). I scanned my sytem but it's clear. I am absolutely well aware of this procedures (AMON, IMON, exlusion etc.), just was surprised to see SmitFraud there...
    Only one thing I forgot: that I set AMON to maximum - protection /ala Blackspears:) So all good if ends good: AMON just has done what it's supposed 2 do.
    Thanx 4 Your comment, anyway!
     
    Last edited: Sep 16, 2006
  7. covaro

    covaro Registered Member

    Joined:
    Jul 4, 2006
    Posts:
    149
    Location:
    Abingdon, MD, USA
    @racketeer66

    No prob... I live with PDA off on everything here myself. Way too many dangerous applications living on my computer and my server. NOD32 would go nuts if I turned it on. :D

    -Cov
     
  8. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
Thread Status:
Not open for further replies.