unknown NewHeur_PE virus

Hi,
I'm getting four flags in Outlook Express [*.dbx] files as
unknown NewHeur_PE virus. I've searched the board and believe that this is a false-positive? Can someone confirm this or should I take further action?
I have NOD set up well, love it but would appreciate some tips as to how to not get these flags, assuming they are F/P's.

Thanks.

Silj

 

First you need to know which files are actually flagged, since .DBX are so called container files which holding other files in the Outlook Format. So basically some attachment in an email would be detected - just take a look which one this is.

 

Hi Siljaline . Leave NOD32 submit these to ESET

 

And this to finish

 

I've snipped and pasted the flags to a separate text file, here is one example.

As the above indicates (I think) NOD is flagging a post that I polled from an NG. Did not open the post as it was posted in MIME format.

Silj

 

It looks really suspicious I doubt it is false positive. Send that file to ESET for further analysis

 

Of course this is malware. Ever seen a "normal" executable (except a real screensaver...) with .SCR extension?! You do not even need a virus scanner to know that this is malware.

 

Remove documents from the exclusion list? Never do that, or confidential documents might be sent to Eset.

 

Тя трябва да знае това (моля,без превод)

 

Confidential or not , they are suspicous or 100% malware , this is my opinion

 

Thank you all for the flood of tips and suggestions, it is appreciated as I have been concerned with this for a week or so.

Do I really need ThreatSense enabled as it "phones home" to NOD, not that I have a problem with that I do have a dislike with apps polling in the background.

Regards,
Silj

 

Make sure that you actually have the latest update 1.1562 installed as it might already be detected by a signature.

 

Hmmm, up to you . Threat Sense helps ESET everyday and this way you help ESET and help us so we have the latest definitions for malware a bad had created . Never forget that NOD32's advanced heuristics are the best protection against unknown threats
http://www.eset.com/products/compare_heuristic_detection.php
http://www.eset.com/threat-center/index.php

 

Latest updates are enabled - thanks. I'll take a look for that dubious *.scr file and post back.

Silj

 

History proves that in news groups mostly IRCBots/SDBots are posted. So my personal guess would be it's an SDBot-type, Hackarmy.

 

It's apparently something malicious, probably a mass-spammed trojan downloader, I assume. Just find and delete those files in your Outlook Express, but this is not necessary as they are benign unless opened and run (at which point they would be detected and blocked by AMON)

 

Agreed - can't argue a solid statement like that.

Silj

 

Appreciated

 

Not a problem I have no qualms plugging a great product like NOD.

Silj

 

Just a few things, *scr files not found, why am I not surprised.
Hidden Files done.
In summary, what would be the collective recommendation here, please.
I can and will manually delete the *.dbx files if necessary.

Silj

 

I personally recommend you make sure your AMON is on and your NOD32 Anti-Threat system fully updated

NOD32 antivirus system information
Virus signature database version: 1.1562 (20060527)
Dated: 27 May 2006
Virus signature database build: 7348

Information on other scanner support parts
Advanced heuristics module version: 1.030 (20060524)
Advanced heuristics module build: 1114
Internet filter version: 1.002 (2004070
Internet filter build: 1013
Archive support module version: 1.044 (20060424)
Archive support module build version: 1155

Information about installed components
NOD32 for Windows NT/2000/XP/2003/x64 - Base
Version: 2.51.26
NOD32 for Windows NT/2000/XP/2003/x64 - Internet support
Version: 2.51.26
NOD32 for Windows NT/2000/XP/2003/x64 - Standard component
Version: 2.51.26

Operating system information
Platform: Windows XP
Version: 5.1.2600 Service Pack 2
Version of common control components: 5.82.2900
RAM: 480 MB
Processor: Transmeta Efficeon(tm) Processor TM8000 (995 MHz)


When this malware tries to be active , AMON will kill it

 

found post - LWM

 

Where have my three posts with screenshots gone?