TCPIP.sys

Discussion in 'NOD32 version 2 Forum' started by Joliet Jake, Oct 3, 2006.

Thread Status:
Not open for further replies.
  1. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    Hi,
    Someone on a forum I use tried to install a patch but NOD32 deleted it. I visited the site he downloaded it from (will post the address if asked to) and IMON popped up a warning message...

    Is this a false positive?

    Thanks...

    JJ:cool:
     

    Attached Files:

  2. ASpace

    ASpace Guest

    Probably it isn't a false positive , it is just a pottentially dangerous tool

    If you want to use it , just disable the detection for Pottentially Dangerous Applications in AMON and IMON . Althought it is a PDA , be careful with it !
     
  3. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    It's not a false postitive:

    It's a tool that is usually used non-maliciously but can be used maliciously by a hacker; so it depends on who uploaded it onto the forum you use whether or not they are doing this maliciously or not.
     

    Attached Files:

  4. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    Thanks guys. It's not for me but I'll let the person know what you guys have said.

    JJ:cool:
     
  5. ASpace

    ASpace Guest

    You are welcome !
     
  6. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    See this post for more information. If you want an example of how this patch can be used maliciously, have a look at the Sober.Y worm (scroll down to the end).
     
  7. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Hey,

    because of this confusion, Eset have to improve their maleware information window/warning in NOD32 Version 3, so that the user can better understand what is actually happen..

    Kaspersky does it better at the moment, they will display/popup different color and information/warning windows/messages on different kinds of maleware or potential unwanted apps! :thumb:

    But with always the same warning in NOD32 and no other and detailed information, it is difficult to distinguish between really a virus, worm, trojan, etc. malware, or "only" software (potentially unwanted software), which can be abused by maleware, etc. :isay: :cautious:

    I hope Eset will improve that in NOD32 v3! :p :shifty:

    best regards,

    iNsuRRecTiON
     
  8. kalpik

    kalpik Registered Member

    Joined:
    May 26, 2005
    Posts:
    369
    Location:
    Delhi, India
    ^^ A very nice suggestion, +1.
     
  9. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Yes a nice suggestion.:thumb:
    At the moment it clearly shows the detected threat is 'Win32/Tool' but for some that is not enough.

    Cheers :)
     
  10. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Hey,

    yes, correct. I speak especially for beginners/novices, etc. and users, which are unsure and want an clear and informative/detailed warning/info..! :D

    best regards,

    iNsuRRecTiON
     
Thread Status:
Not open for further replies.