Threat Alert

Discussion in 'ESET NOD32 Antivirus' started by JVM, Dec 14, 2008.

Thread Status:
Not open for further replies.
  1. JVM

    JVM Registered Member

    Joined:
    Dec 24, 2005
    Posts:
    328
    Can someone explain what I am to do about this threat alert via email Module Real-time file system protection : C:\FRAPS\UNINSTALL.EXE contains Win32/Adware.Cinmus application.

    I have Fraps installed on my computer and have had it for some time. Should I uninstall the program or?
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
  3. JVM

    JVM Registered Member

    Joined:
    Dec 24, 2005
    Posts:
    328
    The log file said cleaned by deleting - quarantined. I see it in the quarantine section and does this mean I can't uninstall the program? I also see it in the Detected Threats section where it says cleaned by deleting -quarantined.

    What should I do?
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    ESET will probably have to update the definitions to correct this. I would wait a bit before doing anything.
     
  5. SuicidePunk

    SuicidePunk Registered Member

    Joined:
    Mar 3, 2008
    Posts:
    8
    Yes false positive, same problem with "C:\Program Files\Notepad++\uninstall.exe"
    It seams to be the Nullsoft installer.
     
  6. JVM

    JVM Registered Member

    Joined:
    Dec 24, 2005
    Posts:
    328
    Should I use the Restore function in Quarantine?
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    Sure.
     
  8. es3ttor

    es3ttor Registered Member

    Joined:
    Dec 14, 2008
    Posts:
    3
    I encountered the same false hit while compiling a NSIS exe, the newest update fixes it. Update your definitions and scan it again, if it clears I'd say yes. Thanks Wilders. :>
     
  9. JVM

    JVM Registered Member

    Joined:
    Dec 24, 2005
    Posts:
    328
    I didn't get this alert doing a scan. I got it via email as a Threat Alert: Module Real-time file system protection C:\FRAPS\UNINSTALL.EXE contains Win32/Adware.Cinmus application.
     
  10. JVM

    JVM Registered Member

    Joined:
    Dec 24, 2005
    Posts:
    328
    I just read the information under Detected Threats: Event occurred during an attempt to access the file by the application: C:\Program Files (x86)\SpeedFan\speedfan.exe. This is very confusing since I wasn't using Fraps.
     
  11. JVM

    JVM Registered Member

    Joined:
    Dec 24, 2005
    Posts:
    328
    I restored it from quarantine and did an in-depth scan that revealed no threats. Since this was a real-time system protection thing, I don't know if that scan means anything. If this was a false positive real-time threat, then I hope it was solved with the signature update.
     
  12. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    The definitions were corrected and you should be okay JVM.
     
  13. JVM

    JVM Registered Member

    Joined:
    Dec 24, 2005
    Posts:
    328
    Thanks!
     
Thread Status:
Not open for further replies.