Win32/Virut.NBP false positive with ReGet

Discussion in 'ESET NOD32 Antivirus' started by miki75, Nov 2, 2009.

Thread Status:
Not open for further replies.
  1. miki75

    miki75 Registered Member

    Joined:
    Oct 12, 2008
    Posts:
    7
    Location:
    Italy
    ESET NOD32 Antivirus 3.0.684.0 with 4566 (20091102) detect as virus ReGet.exe :(

    I have put it on exclusion list, but it's not very good ...

    Regards

    Miki
     
    miki75, Nov 2, 2009
    #1
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    It's unlikely there would be a Virut FP, the file is most likely infected and adding it to the exclusion list might cause other files to get infected as well. What happens if you attempt to clean the file with the on-demand scanner? Do you get an error while cleaning?
     
    Marcos, Nov 2, 2009
    #2
  3. miki75

    miki75 Registered Member

    Joined:
    Oct 12, 2008
    Posts:
    7
    Location:
    Italy
    I'm sure the file is clean and NOT infected: ReGetDx.exe (4.291.072 byte 4 July 200:cool:
    I have submitted to VirusTotal and only NOD32 detect as infected.

    Error on cleaning, and the file is on quarantene but it's not infected.
    I have recovered and excluded from scan.

    NOTE: ReGetDx.exe is the original file, not cracked or something similar because I have a regular license.

    Regards
     
    miki75, Nov 2, 2009
    #3
  4. Stalks

    Stalks Registered Member

    Joined:
    Jan 13, 2008
    Posts:
    28
    I can second this. Sometime today my regular Reget Deluxe has been detcted as Virut.NBP.

    Eset 4.0.437.0 def 4566 is unable to clean the file.

    I redownload the reget installer from http://download.reget.com/regetdx.exe and Eset refuses to let the main program file install.
     
    Stalks, Nov 2, 2009
    #4
  5. Jeroen1000

    Jeroen1000 Registered Member

    Joined:
    Aug 18, 2008
    Posts:
    162
    Jeroen1000, Nov 3, 2009
    #5
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    As for the executable of ReGet Deluxe, we confirm this is a false positive which will be fixed in the upcoming updates. Regarding JV16powertools, I've downloaded it but it was reported clean. Hence I assume yours was actually infected. Do any other av programs detect it at Virus Total?
     
    Marcos, Nov 3, 2009
    #6
  7. Jeroen1000

    Jeroen1000 Registered Member

    Joined:
    Aug 18, 2008
    Posts:
    162
    Hi Marcos,

    Only Esafe rates it as suspicious. Perhaps I can Email you the executable?

    cheers,

    Jeroen
     
    Jeroen1000, Nov 3, 2009
    #7
  8. miki75

    miki75 Registered Member

    Joined:
    Oct 12, 2008
    Posts:
    7
    Location:
    Italy
    Thanks Marcos, I'll wait the updates ...
    now with 4570 detect again as virus.

    Regards

    Miki
     
    miki75, Nov 3, 2009
    #8
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456

    Please submit it in a password protected archive to samples[at]eset.com with something like "Virut - False positive" in the subject and the complete download url enclosed as well.
     
    Marcos, Nov 3, 2009
    #9
  10. Jeroen1000

    Jeroen1000 Registered Member

    Joined:
    Aug 18, 2008
    Posts:
    162
    It seems sending the file is no longer necessary. A virus def. update must have fixed the issue:)
     
    Jeroen1000, Nov 4, 2009
    #10
  11. miki75

    miki75 Registered Member

    Joined:
    Oct 12, 2008
    Posts:
    7
    Location:
    Italy
    My problem with ReGet is fixed, with 4575 now it works fine.

    Thanks and regards
     
    miki75, Nov 5, 2009
    #11
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...