V2.5 kernel won't ignore file

Discussion in 'NOD32 version 2 Forum' started by johchi, Feb 23, 2006.

Thread Status:
Not open for further replies.
  1. johchi

    johchi Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    17
    Location:
    Farnham, UK
    I've recently installed an anti-spyware program called SpywareDetector. NOD32 v2.5 identifies this program's executable as a probable new virus. It continues to do this even though I've set the relevant file in AMON's exclusion list. How do I fix this?:
    Time Module Object Name Threat Action User Information
    23/02/2006 22:54:06 Kernel file c:\program files\spywaredetector\sdservice.exe probably unknown NewHeur_PE virus
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i think u have to add the file using both the long file name and the 8.3 file name format (short file name). go over this thread for details
     
  3. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Beware! There're a lot of "AntySpyware" applications that request you to pay to clean the system or install adware!.
    Some examples are: SpySheriff, SpyAxe, etc.
    I'm not sure about this application, but beware. Try to Google them.
    Anyway if you think that it's a FP, send the file in question in a RAR or Zip password protected file to samples at eset.com

     
  4. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Take a look at this list
     
  5. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Hey,

    or this
    and that :D

    best regards,

    iNsuRRecTiON
     
  6. johchi

    johchi Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    17
    Location:
    Farnham, UK
    Hi Sir Carew - many thanks for the links - Spyware Warrior's page includes this note:
    Note on Spyware Detector: Spyware Detector was listed on this page because of concerns with false positives. Testing with the latest version of Spyware Detector indicates that the problems with earlier versions have been satisfactorily resolved. Thus, we can no longer consider Spyware Detector to be "rogue/suspect" anti-spyware.
    [A: 7-10-05 / U: 1-10-06]
    I've now added Spyware Detector's containing Program Files folder to the exclusion list as well as the specific trigger file, as per attached screen shot. Detections now seem to have stopped, so maybe only the folder name exclusion is working??
     

    Attached Files:

  7. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Try to delete the folder from exclusion list to see if NOD32 still detect the file in question.
    Anyway I recommend you to compress the file to RAR or ZIP file with infected as password and send it to samples at eset.com
    Thus, Eset guys can have a look at this file and if it's a FP, they can fix this.

     
  8. johchi

    johchi Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    17
    Location:
    Farnham, UK
    Thanks - file submittal already done! (albeit without the password - Oops). Will try your suggestion re exclusion list and let u know what happens...
     
Thread Status:
Not open for further replies.