Threat Alert

Discussion in 'ESET NOD32 Antivirus' started by JVM, Dec 14, 2008.

Thread Status:
Not open for further replies.
  1. JVM

    JVM Registered Member

    Joined:
    Dec 24, 2005
    Posts:
    328
    Can someone explain what I am to do about this threat alert via email Module Real-time file system protection : C:\FRAPS\UNINSTALL.EXE contains Win32/Adware.Cinmus application.

    I have Fraps installed on my computer and have had it for some time. Should I uninstall the program or?
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    63,938
    Location:
    Texas
  3. JVM

    JVM Registered Member

    Joined:
    Dec 24, 2005
    Posts:
    328
    The log file said cleaned by deleting - quarantined. I see it in the quarantine section and does this mean I can't uninstall the program? I also see it in the Detected Threats section where it says cleaned by deleting -quarantined.

    What should I do?
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    63,938
    Location:
    Texas
    ESET will probably have to update the definitions to correct this. I would wait a bit before doing anything.
     
  5. SuicidePunk

    SuicidePunk Registered Member

    Joined:
    Mar 3, 2008
    Posts:
    8
    Yes false positive, same problem with "C:\Program Files\Notepad++\uninstall.exe"
    It seams to be the Nullsoft installer.
     
  6. JVM

    JVM Registered Member

    Joined:
    Dec 24, 2005
    Posts:
    328
    Should I use the Restore function in Quarantine?
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    63,938
    Location:
    Texas
    Sure.
     
  8. es3ttor

    es3ttor Registered Member

    Joined:
    Dec 14, 2008
    Posts:
    3
    I encountered the same false hit while compiling a NSIS exe, the newest update fixes it. Update your definitions and scan it again, if it clears I'd say yes. Thanks Wilders. :>
     
  9. JVM

    JVM Registered Member

    Joined:
    Dec 24, 2005
    Posts:
    328
    I didn't get this alert doing a scan. I got it via email as a Threat Alert: Module Real-time file system protection C:\FRAPS\UNINSTALL.EXE contains Win32/Adware.Cinmus application.
     
  10. JVM

    JVM Registered Member

    Joined:
    Dec 24, 2005
    Posts:
    328
    I just read the information under Detected Threats: Event occurred during an attempt to access the file by the application: C:\Program Files (x86)\SpeedFan\speedfan.exe. This is very confusing since I wasn't using Fraps.
     
  11. JVM

    JVM Registered Member

    Joined:
    Dec 24, 2005
    Posts:
    328
    I restored it from quarantine and did an in-depth scan that revealed no threats. Since this was a real-time system protection thing, I don't know if that scan means anything. If this was a false positive real-time threat, then I hope it was solved with the signature update.
     
  12. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    63,938
    Location:
    Texas
    The definitions were corrected and you should be okay JVM.
     
  13. JVM

    JVM Registered Member

    Joined:
    Dec 24, 2005
    Posts:
    328
    Thanks!
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.