Unknown virus detected in routine scan.....false alarm?

Discussion in 'NOD32 version 2 Forum' started by diesel, Oct 9, 2004.

Thread Status:
Not open for further replies.
  1. diesel

    diesel Registered Member

    Joined:
    May 25, 2004
    Posts:
    21
    Hi all,

    During a routine scan I had a "unknown" virus detected

    it was located in:

    C:\Documents and Settings\All Users\Application Data\Spybot- Search &
    Destroy\Backups\regLocal.reg

    message was "probably unknown SCRIPT virus [7]

    Can someone please tell me if this really is a virus, and if so, how to
    remove it and to check to see if any damage was done? thanks

    by the way i sent a copy of the file to sample@nod32.com and i have yet to hear from them and it's been over 24 hours. To be honest......that is totally unacceptable!!!! When do you think nod32 will get back to me?
     
  2. sard

    sard Registered Member

    Joined:
    Apr 18, 2004
    Posts:
    175
    Location:
    UK
  3. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    If it's in spybot backups then it is something that spybot has already removed probably some sort of spyware or adware I would assume as it has a .reg suffix I guess it's CWS related

    as spybot encrypts all backups it should be harmless inn there

    to tremove it open spybot/ click on backups and select the item and delete
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    According to Eset, they are currently training up staff so they can begin 24hr, 7 day a week support.

    I expect you would hear from them just after the weekend...

    Hope this helps...

    Cheers :D
     
  5. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    I have managed to confuse myself with email addresses. I now have support@nod32.com and sample@nod32.com Are we supposed to send suspected false positives to sample@nod32.com or could we send them to support@nod32.com
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    LMAO, here we go:

    If the scan finds a “Probable NewHeur_PE virus found”, please do the following:

    1. Place a tick in the Quarantine check-box

    2. Select Delete

    3. Send the Quarantined file to Eset: samples@nod32.com

    This file can be found here:

    C drive

    Program files

    Eset

    Infected


    Cheers :D
     
  7. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    Thank you

    /me sucking even harder on the nicotine lozenge :)
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    ROFLMAO :D

    :D :cool: :D :cool: :D
     
  9. diesel

    diesel Registered Member

    Joined:
    May 25, 2004
    Posts:
    21
    can you believe it? over 72 hours (3 days) and still no response to the sample file i sent to nod32. What is going on over there? How can they let 3 days go by and not tell a customer whether or not a file that nod32 detected as a "virus" really does contain a virus?

    Completely, utterly unacceptable
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,755
    Location:
    Texas
    I agree.
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Like I said above, they are currently training up staff for a 24/7 day help desk, things will improve, it's just growing pains...

    In the mean time I have sent an email asking for someone to take a look at this thread...

    Cheers :D
     
  12. Bandicoot

    Bandicoot Eset Staff

    Joined:
    Mar 23, 2004
    Posts:
    297
    Location:
    California
    Hello Diesel,

    If you are the same person that sent in a possible false alarm a few days ago for analysis, then I have just replied to you by email. Our virus analysers are up to their necks and I only just receieved a reply from them. As Blackspear pointed out, we are taking on more staff here in Bratislava and also in the US. I'm sorry for the delay.

    Bandicoot.
     
  13. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thanks Mr Coot for your assistance...

    Cheers :D
     
  14. diesel

    diesel Registered Member

    Joined:
    May 25, 2004
    Posts:
    21
    hi bandicoot, thanks for the reply, i just zipped the file and resent it to you as per your request

    i may be beating a dead horse here, but i still think that 4 days to get back to me for a potential virus is unacceptable, however getting back late is much better than not getting back to me at all. i hope your staff increase allows you greater response time to customer inquiries

    i would also like to send a shout out to blackspear, thanks for your help in getting this looked at by the crew at nod32, i wonder how much longer they would have taken if you hadn't helped out here

    well bandicoot, i look forward to your analysis of my file, once again thanks for the reply and btw, great product :)
     
  15. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    To get rid of this problem try purging your restore files in Spybot;
    Spwbot-Recovery-Select all-Purge selected items.
     
Thread Status:
Not open for further replies.