Possible Smitfraud fix False Positive ?

Discussion in 'NOD32 version 2 Forum' started by Rieske, May 23, 2006.

Thread Status:
Not open for further replies.
  1. Rieske

    Rieske Registered Member

    Joined:
    Jun 11, 2003
    Posts:
    68
    Location:
    Olanda
  2. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    Re: Problems with NOD or viruses? Try this first

    Not a virus, but a "potentially dangerous application". Check your NOD32 settings.

    I would say the detection is legit (not a false positive), since it is a potentially dangerous application.
     
  3. Rieske

    Rieske Registered Member

    Joined:
    Jun 11, 2003
    Posts:
    68
    Location:
    Olanda
    Re: Problems with NOD or viruses? Try this first

    Since this tool fixes several Smitfraud infections I would not dare to speak bout a potentially dangerous app. The only thing Nod seems to do is find the term Smitfraud in the zipfile, whereas the tool has proven to do a lot of good things in fixin infections so far. There's absolutely no good reason to detect it as potentially dangerous. FP in my opinion and Eset should do something bout that one.

    Speaking of Smitfraud, Nod nor other specialized anti malware software will fully detect and cure a true Smitfraud infection.

    And don't **** to me bout a definition of a virus, not into wiseguys chitchat.
    Someone who can give me a proper answer round here?
     
    Last edited by a moderator: May 24, 2006
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re: Problems with NOD or viruses? Try this first

    I would suggest asking politely from here on in.

    Blackspear
     
  5. Rieske

    Rieske Registered Member

    Joined:
    Jun 11, 2003
    Posts:
    68
    Location:
    Olanda
    Nevermind, Marcos has explained the prob to me already.

    ~snip....removed uncalled for remark....Bubba~
     
    Last edited by a moderator: May 24, 2006
  6. i_kenefick

    i_kenefick Registered Member

    Joined:
    Nov 29, 2005
    Posts:
    135
    Location:
    Cork, Ireland.
    Re: Problems with NOD or viruses? Try this first

    As you are mentioned this I said I would add in my two cents. ALL antivirus applications without exception are a misnomer ie. they should not have the name Anti-Virus anymore. They are no longer just detecting just viral code. Worm, trojan, other non viral malware etc. is also detected by all to some extent.

    P.S. I know NOD32 call their engine now Antithreat engine but it's still NOD32 antivirus.
     
  7. Rieske

    Rieske Registered Member

    Joined:
    Jun 11, 2003
    Posts:
    68
    Location:
    Olanda
    Since the Smitfraud fix script contains a process.exe which ends the h*****.tmp f.e., Nod therefor detects it as a potentially dangerous app. Unchecking that scan should do the trick for this one.

    Btw, I don't have a heart. ;)
     
  8. Wolfe

    Wolfe Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    160
    Rieske,

    Obvious mistake from the NOD32 user in question here. He just had to follow Blackspear's settings as mentioned - coming with screenshots - mentioned in the sticky post above.

    It's a simple as that: dangerous applications disabled > no detection from this one.

    Bottom line: people should read the very clear instructions as mentioned.

    On a side note: seems like no one ever teached you manners and common decency - at least not while posting on a forum.
     
  9. Rieske

    Rieske Registered Member

    Joined:
    Jun 11, 2003
    Posts:
    68
    Location:
    Olanda
    Well, one cannot blame every single Nod-user for not reading the Blackspear setting advice, though I try to point to them most of the time.

    @sidenote: Yeah, I know... poor me.
     
  10. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    How many Nod users would know about Blackspear's settings? The 'Wilders' Nod users know, but how many outside of that world do you think?
     
  11. Rieske

    Rieske Registered Member

    Joined:
    Jun 11, 2003
    Posts:
    68
    Location:
    Olanda
    Just my two cents... Bonzo. ;)
     
  12. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Alles kits? Kraak je niet meer Anti? Long time no see! ;)
     
  13. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    Re: Problems with NOD or viruses? Try this first

    This is what the detection was:

    "Process.exe

    Win32/PrcView application" (with emphasis on "application" not "virus")

    And McAfee f.ex. detects it as: "potentially unwanted program PrcViewer", or Panda: "Application/Processor", or DrWeb: "Tool.Prockill", or TheHacker: "Aplicacion/Processor.20". So NOD32 isn't alone in labelling it as a potentially dangerous application.

    With your post you could have scared users into thinking there is a virus in the Smitfraud fixer, or that there was something wrong with NOD32's detection when it actually wasn't. I did already explain what the detection was, and how to avoid it (what I wrote about check your NOD32 settings for "potentially dangerous applications"). Perhaps my answer was short, but it was to the point, and yes, I do think it did answer your question. And if you have experience with trojans, you should know that many of these use process viewers/killers to mess with your system. And this means it can easily be used in the wrong way, hence the "potentially dangerous application" detection.

    No need to be attacking like you did in your post.
     
  14. Wolfe

    Wolfe Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    160
    Roughly: over here 351,000+, Add the copied ones on several places on the web and I'd say 1 million+. That's an estimation on the safe side - could well be 2 million+ NOD32 users.
     
  15. Rieske

    Rieske Registered Member

    Joined:
    Jun 11, 2003
    Posts:
    68
    Location:
    Olanda
    TY, great answer, kjempen.

    [ot]
    Everything's fine, Bonzo.
     
  16. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    I am talking about the number of Nod32 users that know about Blackspear's settings!!!!!
     
  17. Wolfe

    Wolfe Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    160
    ...So do I - at least 1 million+ users ;)
     
  18. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    That's quite a number!
     
  19. Rieske

    Rieske Registered Member

    Joined:
    Jun 11, 2003
    Posts:
    68
    Location:
    Olanda
    And that leaves out alotta users who don't even know bout this forum.
     
  20. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Re: Problems with NOD or viruses? Try this first

    So, you are saying not to check the "Potentially dangerous application control"? I feel like I should use this option, knowing that detected applications are being moved to quarantine, as configured!!!! But this is my problem: nothing is done with this....!!!!! Can anybody explain to me why?
    The log does say: placed in quarantine!!!!
     
  21. Wolfe

    Wolfe Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    160
    Could you be specific? Sounds like you do have access to info about the number of NOD32 users as well as statistics about NOD32 users knowing this NOD32 support forum....
     
  22. Rieske

    Rieske Registered Member

    Joined:
    Jun 11, 2003
    Posts:
    68
    Location:
    Olanda
    Guess default settings have this option checked out for some reason.

    Many malware fixes and tools need to kill processes to be succesful. I think logcheckers will have to make a mental note on how specific security suites will react on their fixes. Phew... :doubt:

    @Panther: I'm not into statistics, but my experience shows me alotta (or let's say potential) Nod users don't know bout this support forum. That surprises you?
     
  23. Wolfe

    Wolfe Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    160
    Re: Problems with NOD or viruses? Try this first

    Would you care to post a screenshot from your setup? That may well enlighten the issue at hand ;)
     
  24. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Phew....right, but I always have this option checked myself. In Imon, I have on all actions, "copy to quarantine" checked, so, no matter what.......it should always be copied to quarantine. But it is not!!!!
    Some story with a trojan downloader (see post may 10th).
    I think this is a very large "BUG"
     
  25. Rieske

    Rieske Registered Member

    Joined:
    Jun 11, 2003
    Posts:
    68
    Location:
    Olanda
    I have these settings too, but all tested crap is copied to Quarantaine like it should be. Nod even grabs them in my VMware OS'es.
     
Thread Status:
Not open for further replies.