Virut.NBP False positive?

Discussion in 'ESET NOD32 Antivirus' started by notuo, Apr 24, 2009.

Thread Status:
Not open for further replies.
  1. notuo

    notuo Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    14
    Hi all.

    I woke up this morning with this issue: NOD32 3.0.672.0 updated found this virus in my objectdock shortcut. I been using this portable program from almost a year now and today, zaz! a virus?

    I started to look at this and found the eset definition here http://www.eset.eu/encyclopaedia/virut_nbk_virus_virut_ce__virut_cf_virut_n?lng=en

    I review and nothing is infected as per that page defines. Did a Full scan and also I tried some of online virus scanners and no found anything in the file. Also the eset online found nothing.

    Today the 4033 update http://www.eset.eu/podpora/aktualizacia-4033?lng=en mentions this virus.

    What do you think? Is a false positive?
    What do you recommend to do

    Best regards,
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    It is highly unlikely to be FP. Try submitting the file to www.virustotal.com to see how many AVs detect it. I'd suggest that you boot from a clean media and clean out the infection.
     
  3. notuo

    notuo Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    14
    Hi Marcus, Thanks for your answer. I have 2 Questions/Issues:

    1) I cannot send the file to virustotal because the file is 40MB (limit 20). Any suggestion here?
    2) How to clean? I see no traces (as I mentioned) and I have the file now in quarantine.

    Is there a way to know if this NBP variant is new?. As I mentioned I have this file from more than a year, used it and no traces of infection.

    Thanks again and best regards

    EDIT >>>> Just to mark a point... ESET online scanner didn't find anything in this file.
     
    Last edited: Apr 25, 2009
  4. kbales

    kbales Registered Member

    Joined:
    Jun 19, 2009
    Posts:
    1
    I have had a similar experience with this virus. ESET quarantined two files:

    1. PnkbstrB.exe located in my Far Cry 2 folder
    2. A system restore file

    ESET claimed that both were infected with the Virut.NBP virus and that they were both quarantined.

    I can't find any traces of this virus anywhere on my system. I have tried various scanners (ESET, Malwarebytes, Dr.Web, trend secure online scan) and nothing regarding virut.nbp has been found.

    Has anyone else had a similar problem with the PnkBstrB.exe file? Is this a false positive? Or, was I lucky enough that ESET found and eliminated the virus before it could do any damage?

    I even tried restoring the file to my desktop, and submitted it to virustotal. No detections were made. I then scanned the files with ESET and Malwarebytes again...again, no detections. I am really confused.

    I have no idea how I would have gotten the virus. I have not played Far Cry 2 in months, and have not updated PunkBuster...any thoughts?
     
    Last edited: Jun 19, 2009
  5. notuo

    notuo Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    14
    In my case, I read here for the same issue with another guy in the same situation. He send the file to analysis and sometime later (3 weeks or so) I tried again and voila!, no more virus in the file. This confirmed the false positive.

    I suggest you to send the file and wait for an answer.

    Regards
     
Thread Status:
Not open for further replies.