Welcome Guest.   Make a donation to an author on the site September 01, 2014, 01:40:29 PM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Your Support Funds this Site: View the Supporter Yearbook.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: Program executable suspected as virus by NOD32  (Read 3805 times)
amotzg
Participant
*
Posts: 1

View Profile Give some DonationCredits to this forum member
« on: November 18, 2009, 05:24:43 PM »

On the 19/11/09 at 00:22 after a database update NOD32 antivirus from ESET reported the executable file of FARR 2.71.01 (FindAndRunRobot.exe) as a Win32/Genetik trojan virus.
While trying to download a setup of the latest version (2.77.02) NOD32 reported the downloading setup file as the same trojan and prevented the download.

Have any one else have encountered this?
What should I do?

Thanks,
amotzg.
Logged
scancode
Honorary Member
**
Posts: 636



I will eat Cody someday.

see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #1 on: November 18, 2009, 05:31:46 PM »

As usual, antivirus software overreacting.

Has happened a crapload of times around here:
http://www.donationcoder....ch2;search=false+positive
Logged

mouser
First Author
Administrator
*****
Posts: 33,294



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: November 18, 2009, 06:30:48 PM »

It's a false positive.  Very frustrating since Nod32 is usually good about these things.
As discussed on some of the threads that scancode points to, the thing to do in such cases is upload the file in question to a site like virustotal for a second opinion.
Find and Run Robot on virustotal: http://www.virustotal.com...30956bdaea01db-1257321247
Logged
mouser
First Author
Administrator
*****
Posts: 33,294



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: November 18, 2009, 06:31:46 PM »

Since I use Nod32 myself i will email them.. usually they are pretty good about correcting these kinds of mistakes promptly.
Logged
mouser
First Author
Administrator
*****
Posts: 33,294



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #4 on: November 18, 2009, 06:34:00 PM »

I've ranted a lot about the harm these virus companies are doing to developers with their sloppy and irresponsible attitude towards false positives.  Just stumbled on this blog item about it by the folks at nirsoft:
http://blog.nirsoft.net/2...ache-to-small-developers/
Logged
pmcg
Supporting Member
**
Posts: 13


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #5 on: November 18, 2009, 08:13:47 PM »

Happened to me today also. Suddenly your program has been deleted by Eset. Argggghh!
Logged
mouser
First Author
Administrator
*****
Posts: 33,294



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: November 18, 2009, 08:18:34 PM »

Sorry to everyone suffering with this -- it's out of my hands -- nothing more i can do.
This will be a good test of eset, to see how fast they fix this.  mad



Anyone who wants to help speed up the process of them analyzing the file and reporting on it's goodness, see how to do so here:
http://kb.eset.com/esetkb...ge=content&id=SOLN141
Logged
mouser
First Author
Administrator
*****
Posts: 33,294



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #7 on: November 18, 2009, 08:39:37 PM »

Well I must say I'm pretty impressed by eSet.  Here's an email reply I got about 20 minutes after I submitted the false positive:

>Dear Jesse,
>Thank you for bringing this issue to our attention! It was indeed a false positive of our scanner and it should disappear with virus database update 4621, which was released about half an hour ago.
>We are sorry for any inconvenience this misdetection might have caused.
>Regards,
>Peter Kosinar
>Senior Virus Researcher
>ESET spol. s r.o.

Nice -- that's a pretty fast turn-around for pushing out an updated signature set.



NOTE: There is no way to know how many other people complained before me, about not just Find and Run Robot, but on other programs that may have gotten caught in the false positive.  So we don't know the *real* time it took them to respond to the problem.  But still it seems like a pretty quick reaction.



HOWEVER -- this process of adding a brand new signature, and then immediately reporting to users that the antivirus program is completely certain about an infection and deleting files is totally, absolutely, inexcusably, irresponsibly, WRONG BEHAVIOR.  When a new signature is added to an antivirus database, and it is a heuristic like detection of possibly harmless code -- it is imperative that antivirus companies start being honest and straightforward with users.  The user must be told that this is a completely heuristic guess, based not on the detection of harmful code but on the similarity to some random signature.  The user must be told that the signature is brand new to the database and that the likelyhood of a harmless false positive is very high.  When we find a responsible antivirus company that does this, we will have found a new hero in the antivirus wars, one that is desperately needed.
Logged
mouser
First Author
Administrator
*****
Posts: 33,294



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #8 on: November 18, 2009, 08:44:11 PM »

Does anyone here want to create a new web page on this issue of Responsible Handling of Antivirus Positives, and create a little award that could be given out to an antivirus company that handles this kind of thing responsibly?  Maybe that would at least provide a way for us to motivate, encourage, and reward an antivirus program that decides to do the right thing.
Logged
mouser
First Author
Administrator
*****
Posts: 33,294



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #9 on: November 18, 2009, 08:47:11 PM »

Confirmed that the false positive is gone with the latest update  thumbs up
We now return you to your regularly scheduled programming..
Logged
gexecuter
Supporting Member
**
Posts: 252


Move over and give us some room...

see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #10 on: November 18, 2009, 09:59:40 PM »

Does anyone here want to create a new web page on this issue of Responsible Handling of Antivirus Positives, and create a little award that could be given out to an antivirus company that handles this kind of thing responsibly?  Maybe that would at least provide a way for us to motivate, encourage, and reward an antivirus program that decides to do the right thing.

i could create one if you don't mind an extremely ugly and plain web page, okay maybe not that ugly but definitely plain.
Logged

Mouser is made of win and awesome!
J-Mac
Supporting Member
**
Posts: 2,855


see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #11 on: November 18, 2009, 10:47:43 PM »

Wow, you folks are fast - not only reported but fixed!  I saw the same thing earlier today but didn't get a chance to write until now:

11/18/2009 5:08:47 PM   Startup scanner   file   C:\Program Files\FindAndRunRobot\FindAndRunRobot.exe   probably a variant of Win32/Genetik trojan         

Frustrating part is that I already have the "Potentially unwanted" and "Potentially dangerous" programs/files detection deselected. I still have Heuristics enabled though, but it is supposed to be less aggressive this way. Guess not.

Thanks!

Jim
Logged

"I am getting so tired of slitting the throats of people who say that I am a violent psychopath."
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.037s | Server load: 0.12 ]