Very SAD - false positive

Discussion in 'NOD32 version 2 Forum' started by fosius, Nov 6, 2004.

Thread Status:
Not open for further replies.
  1. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    It's very sad. I sent 2 files, which nod32 marks as "probably unknown NewHeur_PE virus", FOUR months before - 24.7.2004 and now I tested this files again and NOD32 again marks them as "probably unknown virus...". I have NOT recieved any answer to my mail, - it is very sad. i'll try to send them again...
     
  2. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Me too!
    It happens with me too... :(
     
  3. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    can you say the filename for me? Did you try searching for it on virus encyclopediae (like McAfee/Symantec...)

    BTW: don't worry, encyclopediae = plural of encyclopedia... no, I am not crazy, just a little Unwell.
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    If NOD32 detects a probable NewHeur_PE virus, please quarantine the file and send it from quarantine folder C> Program Files> Nod32> infected as an attachment to samples@nod32.com

    If you do not hear from Eset within 3 days (allows for weekends), please advise us here...

    Let us know how you go…

    Cheers :D
     
  5. jcwy

    jcwy Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    9
    Same here. I sent ESET a quarantined file infected with an "unknown script virus" two weeks ago and no reply yet. Panda, KAV PPro 5, and NAV2004 found the file to be clean ... hmmmm.

    Mod Note - ~Removed off-topic comments. Please see my post below. - snap~
     
    Last edited by a moderator: Nov 7, 2004
  6. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi jcwy,

    I have removed the off-topic comments from your post. Please remember this is the NOD32 support forum and this thread's topic is not about NOD vs KAV.

    If you wish to discuss scan comparisons for different anti-virus software, please start a new thread over in our Other Anti-virus Software Forum.

    Regards,

    snap
     
  7. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    One of the reasons that you don't always get a reply from NOD is the way the submissions system seems to work

    As far as I can see if you submit an unknown file and someone else has already submitted it then the mail server which always has the latest definitions on it would automatically delete the known viruses rather than a heuristically detected one

    It happens to me frequently
    I submit a lot of files to NOD and some get speedy replies some never get replies but of the never replied to ones all of them appear in an update within a few days or so
     
  8. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    I've recieved mail from ESET yesterday... this files were dangerous because they could be used as SPYWARE...
     
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,722
    Location:
    Texas
    fosius

    Can you tell us the names of the files for our information?
     
  10. jcwy

    jcwy Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    9
    Sorry Snapdragin

    My bad. Thanks.
     
  11. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    It's alright, jcwy...it's an easy mistake to make. ;)

    Regards,

    snap
     
  12. Elliot

    Elliot Registered Member

    Joined:
    Nov 5, 2004
    Posts:
    41
    And then? Did ESET add it into their signature, or not? If not, why?
     
  13. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    I try to translate it from slovak mail:
    "The files are suspect - the whole application is suspect because it could be used to record sound from microphone and then to send it to mail or ftp server. It's not a worm, it could be mark as Spyware. We change analyse, nod32 won't detect it." It is all...

    Name of files: FService.EXE,MService.EXE
     
    Last edited: Nov 8, 2004
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,722
    Location:
    Texas
    fosius

    Thanks for the info. The files seem to be malware.
    Can you tell us the application your were using while getting these alerts?
     
  15. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    The name of application: Stealth Pro Recorder
     
  16. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,722
    Location:
    Texas
    fosius

    Thanks for the info. It's in the memory bank! :)
     
Thread Status:
Not open for further replies.