Probable False positive on Still Life 2 game executable

Discussion in 'Other ESET Home Products Beta' started by fduranti, Jan 9, 2010.

Thread Status:
Not open for further replies.
  1. fduranti

    fduranti Registered Member

    Joined:
    Oct 15, 2006
    Posts:
    11
    This evening I've bought a game (in downloadable form) called Still Life 2. I've started the installation and at the end of the installation I got a popup from ESET Smart Security related to a trojan in the tmp file that will be copied to the installation folder of the game as SL2.exe (the executable of the game).

    I've done some tests and NOD32 detect it only with the advanced heuristics settings turned on. Turning off advanced heuristics and leaving only heuristics checks on the file pass the check.

    The file is discovered as a variant of Win2/Kryptik.AUQ trojan.

    Doing a check online on the file on www.virustotal.com it discover a virus only with NOD32 and sophos
    NOD32 4757 2010.01.09 a variant of Win32/Kryptik.AUQ
    Sophos 4.49.0 2010.01.09 Sus/UnkPacker


    Anyone can help? Should I consider the file not infected ?
    What I have to do? Exclude the file from the scan or disable the advanced heuristic check (as it is by default in the real time filesystem scan?

    I've bought the game directly from the developer site and it seems ok.

    Any suggestion? Any way to submit it to eset for the file to be analyzed and reported as false positive or real virus?

    I'm using 4.2.22.0 with those versions of the modules:
    Virus signature database: 4757 (20100109)
    Update module: 1031 (20091029)
    Antivirus and antispyware scanner module: 1256 (2010010:cool:
    Advanced heuristics module: 1099 (20091030)
    Archive support module: 1107 (20100105)
    Cleaner module: 1048 (20091123)
    Anti-Stealth support module: 1014 (2009121:cool:
    Personal firewall module: 1054 (20091015)
    Antispam module: 1013 (20091104)
    SysInspector module: 1213 (20090902)
    Self-defense support module : 1011 (2009121:cool:


    Thanks for any suggestions :)
     
  2. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,979
    Location:
    U.S.A.
  3. fduranti

    fduranti Registered Member

    Joined:
    Oct 15, 2006
    Posts:
    11
    Thanks for the link. I've submitted the file now I'm waiting to have some news on it :)
     
Thread Status:
Not open for further replies.