v4.0.424.0 rootkit FP?

Discussion in 'ESET NOD32 Antivirus' started by CrunchieBite, Apr 21, 2009.

Thread Status:
Not open for further replies.
  1. CrunchieBite

    CrunchieBite Guest

    Just upgraded to EAV v4.0.424 and ran a SysInspector scan and I am now getting a Rootkit detected under running processes....v4.0.417 didn't show this prior to upgrading.

    I am pretty sure it is a FP as SysInspector gives the PID of the rootkit as being 1212 which Vista's task manager shows as being audiodg.exe (a file which shows as being Windows Audio Device Graph Isolation in the Windows\system32 directory).

    I know there was an issue with rootkit FPs in v4.0.315 as I know SysInspector found one on my machine back then (a different one IIRC) but, Eset seemed to have fixed that in v4.0.417 and now appears to have regressed with the latest release!

    ~M
     
  2. DannyT

    DannyT ESET Support

    Joined:
    Apr 9, 2009
    Posts:
    46
    CrunchieBite,

    Would you mind submitting the file to

    http://www.virustotal.com/

    Please Post the link with the results. Also you can submit False Positive submissions to

    sample@eset.com

    Files should be in a password-protected .ZIP or .RAR file
    with the password set to "infected"

    Please PM before you do that way we can track where these submission are coming from.

    Cheers!
     
    Last edited: Apr 28, 2009
  3. CrunchieBite

    CrunchieBite Guest

  4. antek1

    antek1 Registered Member

    Joined:
    May 11, 2009
    Posts:
    1
    Hi CrunchieBite,

    Please provide your XML log as well, it will be easier to analyse this case.
     
  5. CrunchieBite

    CrunchieBite Guest

    All files requested by Eset were submitted via e-mail....if anymore are required, Eset only need ask and I will provide them.

    ~M
     
  6. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,033
    Location:
    California
    Hello CrunchieBite,

    Would you mind sending the ESET SysInspector log directly to me?

    I will send you my email address via private message.

    Regards,

    Aryeh Goretsky
     
  7. CrunchieBite

    CrunchieBite Guest

    Hi Aryeh,

    As per the request in your PM, I have replied with the requested log to the e-mail address you supplied.

    ~M
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.