TCPIP.sys

Hi,
Someone on a forum I use tried to install a patch but NOD32 deleted it. I visited the site he downloaded it from (will post the address if asked to) and IMON popped up a warning message...

Is this a false positive?

Thanks...

JJ

 

Probably it isn't a false positive , it is just a pottentially dangerous tool

If you want to use it , just disable the detection for Pottentially Dangerous Applications in AMON and IMON . Althought it is a PDA , be careful with it !

 

It's not a false postitive:

It's a tool that is usually used non-maliciously but can be used maliciously by a hacker; so it depends on who uploaded it onto the forum you use whether or not they are doing this maliciously or not.

 

Thanks guys. It's not for me but I'll let the person know what you guys have said.

JJ

 

You are welcome !

 

See this post for more information. If you want an example of how this patch can be used maliciously, have a look at the Sober.Y worm (scroll down to the end).

 

Hey,

because of this confusion, Eset have to improve their maleware information window/warning in NOD32 Version 3, so that the user can better understand what is actually happen..

Kaspersky does it better at the moment, they will display/popup different color and information/warning windows/messages on different kinds of maleware or potential unwanted apps!

But with always the same warning in NOD32 and no other and detailed information, it is difficult to distinguish between really a virus, worm, trojan, etc. malware, or "only" software (potentially unwanted software), which can be abused by maleware, etc.

I hope Eset will improve that in NOD32 v3!

best regards,

iNsuRRecTiON

 

^^ A very nice suggestion, +1.

 

Yes a nice suggestion.
At the moment it clearly shows the detected threat is 'Win32/Tool' but for some that is not enough.

Cheers

 

Hey,

yes, correct. I speak especially for beginners/novices, etc. and users, which are unsure and want an clear and informative/detailed warning/info..!

best regards,

iNsuRRecTiON