the 89 line executable that demos a NOD32 bug

Discussion in 'ESET NOD32 Antivirus' started by musikit, Oct 22, 2008.

Thread Status:
Not open for further replies.
  1. musikit

    musikit Registered Member

    Joined:
    Oct 8, 2008
    Posts:
    140
  2. Brambb

    Brambb Registered Member

    Joined:
    Sep 25, 2006
    Posts:
    411
    Location:
    The Netherlands
    I dont get a warning here from NOD32.

    Virustotal results;
    File EsetTester.zip received on 10.22.2008 19:39:39 (CET)
    Current status: finished
    Result: 1/34 (2.95%)

    And the one who flagged it wasnt NOD32.
     
  3. musikit

    musikit Registered Member

    Joined:
    Oct 8, 2008
    Posts:
    140
    Brambb,

    it seems you do not understand nor look at the the post or zip file.

    the zip file contains a Microsoft Visual Studio 2008 project and solution which when compiled will generate a NOD32 virus warning.
     
  4. Brambb

    Brambb Registered Member

    Joined:
    Sep 25, 2006
    Posts:
    411
    Location:
    The Netherlands
    My mistake then
     
  5. musikit

    musikit Registered Member

    Joined:
    Oct 8, 2008
    Posts:
    140
    still no moderator reply
     
  6. musikit

    musikit Registered Member

    Joined:
    Oct 8, 2008
    Posts:
    140
    is any moderator going to admit this as a bug and state when to expect a fix available? or are you all going to continue your irresponsibility by continuing to ignore this issue?
     
  7. musikit

    musikit Registered Member

    Joined:
    Oct 8, 2008
    Posts:
    140
    moderator? anyone? anyone? moderator?
     
  8. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Frankly I'm rather surprised you've not been banned yet from these forums for the retarded bump spam which is the only "contribution" you've presented here so far.

    :rolleyes: :mad: o_O :thumbd:
     
  9. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    Have you contacted anyone directly at Eset like the moderator recommended in the last thread? This is something a developer needs to look at and I doubt a community-based forum for end-user support is going to provide the help you need.
     
  10. zamendo

    zamendo Eset Staff

    Joined:
    Sep 5, 2008
    Posts:
    8
    Musikit,
    Please send the executable file which NOD32 detects to samples@eset.com as different compiler can create a different code, this could help to identify the cause faster, and post here the name of the detection which NOD32 shows you.
     
  11. musikit

    musikit Registered Member

    Joined:
    Oct 8, 2008
    Posts:
    140
    ESET should be thanking me that i am bring to their attention a bug in their virus scanning system. i'm sorry you dont feel that way. banning wont stop me i will continue to post and make new accounts until this issue is resolved.

    sent i also posted it here so you can download it should the email be filtered http://www.fileswap.com/share/?id=f6876a9f998f6472cc26708e27444456
     
  12. musikit

    musikit Registered Member

    Joined:
    Oct 8, 2008
    Posts:
    140
    still no response from ESET on this issue. will they ever answer?
     
  13. GAN

    GAN Registered Member

    Joined:
    Mar 3, 2007
    Posts:
    355
    Instead of posting "still no reply" 5 times a day you should read the responses. Zamendo gave you a response which you obviously ignored. Try to follow the proper procedure to report a false positive.

    The correct way to submit a false positive is to send the sample to samples@eset.com .....which have been told a million times before in this forum. Also i tried to compile your project using VS, but the required file madchook.h is not included so i didn't bother to give it another try.
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Once again and the last time - Madcodehook is very often misused by malware and thus it's not a false positive. Applications based on it will always be caught by heuristics. Amen.
     
  15. musikit

    musikit Registered Member

    Joined:
    Oct 8, 2008
    Posts:
    140
    Marcos,

    1. this application may use madcodehook however does nothing at all. so i'm not sure why it is detected. if it used madcodehook to something virus like. then i could understand this being picked up as a virus. however you have not stated what this application is doing that is considered virus like.

    what you are saying is that ESET doesnt like certain tool. and will flag applications that use certain tools as virus regardless of what they use the tool for

    2. why doesnt your company try actually detecting what this malware that uses madcodehook does instead of marking the tool as a virus or is that too complicated for your staff to figure out?

    3. does your company also mark application that uses MS Detours as a virus since MS Detours "is very often misused by malware"

    continuing the battle to get ESET to become a responsible virus scanner.

    i have done that. several times over the past 2 years. and received no responses. i have called and emailed them so i can get this issue resolved politely with no care or understanding or answering on ESET's part. if continued being of an ass is required to get this ESET NOD32 bug fixed... i will!
     
    Last edited: Oct 24, 2008
  16. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    You've already been told it's not going to change. Even multiple times.

    As the above-posted links prove, you've received multiple responses. The fact that you didn't receive a response you'd like to receive is entirely different story. Abusing these forums for your personal agenda with your annoying bump spam and creating of multiple threads on the same issue will not earn you any sympathy, in fact you've already managed to annoy multiple people, myself included.

    And frankly said, you're the type of customer I'd myself happily lose, noone likes customers that are a genuine PITA and refuse to listen. Some people's sole purpose in life is to serve as a warning to others.

    :thumbd:
     
  17. musikit

    musikit Registered Member

    Joined:
    Oct 8, 2008
    Posts:
    140
    1. im not a customer of NOD32. i would never buy this "virus scanner" as it doesnt apparently scan for viruses.

    2. be upset all you want at the end of the day this is a bug in NOD32 that needs be fixed.

    3. im not abusing this forum. i am reporting a bug in the NOD32 software. a bug again which needs to be fixed.

    still waiting for a response from Marcos or another admin to my questions in my previous posting
     
  18. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Wonderful; so what exactly makes you think they are obliged to respond your posts 24/7 and what exactly makes you think you are entitled to demand any changes in the products they produce? o_O :thumbd:
     
  19. musikit

    musikit Registered Member

    Joined:
    Oct 8, 2008
    Posts:
    140
    where have i demanded that the fix this? i'm informing them of the bug and asking when it will be resolved.

    they seem to believe that this tool should be marked as a virus, and i am pointing out to them two things

    1. usage of a tool doesnt make an application a virus. that should be freaking obvious to anyone

    2. other tools which have been "misused by malware" which do the same thing are not flagged as virus.

    so basically what i am pointing out is the ESET is being hypocritical in either they need to stop flagging this tool as a virus or they need to flag all tools which do what this tool does as a virus.
     
  20. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    I'd suggest you read the history of your posts since your memory doesn't seem to serve you well.

    I won't be ever resolved since it's by design. You've been told this multiple times but you refuse to listen and behave like 5 yrs. old spoiled child instead.
     
  21. musikit

    musikit Registered Member

    Joined:
    Oct 8, 2008
    Posts:
    140
    your link didnt work. so i cant refresh my memory.

    so then this isnt a virus scanner then is it? as other libraries that do what madcodehook does which have been "misused by malware" are not detected. such as MS Detours.
     
  22. GAN

    GAN Registered Member

    Joined:
    Mar 3, 2007
    Posts:
    355
    Let's not talk about what you have done for the last 10 years and keep the discussion to this case only. You have been given an answer so case should be closed. I understand that you don't like the answer, but you cannot keep spamming this forum until you are given the answer you want....which will not happen. Well actually you can keep spamming this forum until banned, but i'm sure your behavior have the opposite effect so no one really want to help. At this point i'm pretty sure the eset staff will ignore your comments or repeat the answer already given.

    You don't pay for the product, but still expect to get free support? Since you report a false positive without antually paying for the product i can only assume you use the product without a valid license.

    What exactly are you trying to achieve with this kind of behavior? To me it seems like neither other forum members of the eset staff like the way you behave and unless you have not figured it out already eset does not look at this sample as a false positive and already told you it will not be changed. You can continue to spam this forum, but that doesn't change the fact that nod32 will continue to detect your file as a threat.

    So since you know that your posts will not make a difference (except annoy people) why do you keep posting the same thing over and over again?
     
  23. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    The link works perfectly fine for me. You can try another one if you insist on your trolling.

    Round and round and round we go. So what? They've made a design decision, you dislike it. You didn't pay them a single cent, you are not their customer, yet you keep spamming here and demanding 24/7 attention from their staff and moderators?
     
  24. musikit

    musikit Registered Member

    Joined:
    Oct 8, 2008
    Posts:
    140
    GAN,

    im sorry you dont understand the full issue.

    1. i dont use NOD32. my users do.

    2. them telling me it isnt a false positive does not stop the fact that they are not detecting other tools which do exactly what this tool does as a positive. other tools such as MS Detours are not being flagged. so why arent those flagged? how many viruses use MS Detours and they can correctly see the difference between a virus using MS Detours for a virus and an application using MS Detours to give the user more functionality.

    so.... why only this tool? what did this tool do to ESET that it is flagged as a virus? did they simply not pay ESET their "dont flag me as a virus fee"

    again this either comes down to

    1. either this tool isnt a virus.

    2. all tools which do similiar things as this tool are a virus.

    3. NOD32 isnt a virus scanner.

    im looking for clarification so i can inform my users that they are not protected or protected properly.
     
  25. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The solution is not to use Madcodehook. Anything that is in 99% misused by malware will be subject of detection. We insist on detection regardless of the threating from you. Even Zlob authors were threating us with taking legal actions in the past and now you can see every AV detecting them. That's my last word on this subject, everything has been said and explained.
     
Thread Status:
Not open for further replies.