Trojan Hunter/NOD32

Discussion in 'NOD32 version 2 Forum' started by David S, Feb 6, 2005.

Thread Status:
Not open for further replies.
  1. David S

    David S Registered Member

    Joined:
    Feb 17, 2004
    Posts:
    32
    I'm using the trial version of Trojan HUnter and everytime I run it I get an alert from NOD32. I'm pretty sure it's a false positive but it's sort of annoying. Any ideas or explanations out there?
    Thanks
     

    Attached Files:

  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Yeah, most likely it's a false positive. Tick the Quarantine checkbox, then click the Close button. Next, send the content of the Program files\eset\infected folder to sample@eset.com. If there are more files in that folder, first open the NOD32 Control Center - NOD32 System tools - Quarantine and make sure only probable unknown viruses are listed there.
     
  3. David S

    David S Registered Member

    Joined:
    Feb 17, 2004
    Posts:
    32
    Thanks, I should have been a little more specific when I said I get an alert, it's always a different .exe but the same message, here's a couple more:

    C:\DOCUME~1\David\LOCALS~1\Temp\RPEA5.exe
    probably unknown STEALTH.POLY.CRYPT.TSR.DRIVER virus error quarantining the object

    C:\DOCUME~1\David\LOCALS~1\Temp\DarxSz.exe
    probably unknown STEALTH.POLY.CRYPT.TSR.DRIVER virus

    As you can see I tried quarantining but there was an error.
    I'm sure they're false positives as it happened in the past and I recently reformatted and got them right away but only when I run Trojan Hunter. And I've gotten many but only when I run Trojan Hunter.

    Maybe my heuristic setting is too high.
    Thanks again
     
    Last edited: Feb 6, 2005
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    So try disabling the use of heuristics in AMON's setup and leave only Addvanced heuristics enabled. After you submit those files to Eset, you can re-enable the standard heuristics as well.

    Edit:
    I just realized you may not be able to find those files since they appear only when running Trojan Hunter. If that's the case, then try setting heuristics to the standard level.
     
  5. David S

    David S Registered Member

    Joined:
    Feb 17, 2004
    Posts:
    32
    I disabled the use of heuristics in AMON's setup and left only the advanced heuristics enabled and I received no alert. Then I ran it again and re-enabled the heuristics on standard (previously they were on deep) and did receive an alert:
    C:\DOCUME~1\David\LOCALS~1\Temp\uP9Q6P.exe
    probably unknown STEALTH.POLY.CRYPT.TSR.DRIVER virus error quarantining the object

    Can't seem to quarantine, I'm 99% sure they're just false positives.

    Thanks for the help though
     
  6. DanL

    DanL Registered Member

    Joined:
    Nov 25, 2004
    Posts:
    159
    David,

    I run both TH and NOD32 also, this has happened to a few members who have both programs.
    They are false positives.

    The solution seems to be disable NOD32 while running a scan with TH.

    I use Blackspear's extra settings for NOD32 and leave those settings as is. I temporarily close NOD32 for a TH scan.

    Dan
     
  7. David S

    David S Registered Member

    Joined:
    Feb 17, 2004
    Posts:
    32
    Thanks, while common sense told me they were fp's I appreciate you confirming it so I don't have to worry about it.
     
  8. DanL

    DanL Registered Member

    Joined:
    Nov 25, 2004
    Posts:
    159
    I should say in all the instances I had the were FPs.
    I was also never able to quarantine or clean any of those alerts.

    Dan
     
Thread Status:
Not open for further replies.