DonationCoder.com Forum
DonationCoder.com Software => Mouser's Zone => Find And Run Robot => Topic started by: amotzg on November 18, 2009, 05:24 PM
-
On the 19/11/09 at 00:22 after a database update NOD32 antivirus from ESET reported the executable file of FARR 2.71.01 (FindAndRunRobot.exe) as a Win32/Genetik trojan virus.
While trying to download a setup of the latest version (2.77.02) NOD32 reported the downloading setup file as the same trojan and prevented the download.
Have any one else have encountered this?
What should I do?
Thanks,
amotzg.
-
As usual, antivirus software overreacting.
Has happened a crapload of times around here:
https://www.donationcoder.com/forum/index.php?action=search2;search=false+positive
-
It's a false positive. Very frustrating since Nod32 is usually good about these things.
As discussed on some of the threads that scancode points to, the thing to do in such cases is upload the file in question to a site like virustotal for a second opinion.
Find and Run Robot on virustotal: http://www.virustotal.com/analisis/a330d0ef55282cd5a6f18a650c049fce818f00722ca9592d2f30956bdaea01db-1257321247
-
Since I use Nod32 myself i will email them.. usually they are pretty good about correcting these kinds of mistakes promptly.
-
I've ranted a lot about the harm these virus companies are doing to developers with their sloppy and irresponsible attitude towards false positives. Just stumbled on this blog item about it by the folks at nirsoft:
http://blog.nirsoft.net/2009/05/17/antivirus-companies-cause-a-big-headache-to-small-developers/
-
Happened to me today also. Suddenly your program has been deleted by Eset. Argggghh!
-
Sorry to everyone suffering with this -- it's out of my hands -- nothing more i can do.
This will be a good test of eset, to see how fast they fix this. :mad:
Anyone who wants to help speed up the process of them analyzing the file and reporting on it's goodness, see how to do so here:
http://kb.eset.com/esetkb/index?page=content&id=SOLN141
-
Well I must say I'm pretty impressed by eSet. Here's an email reply I got about 20 minutes after I submitted the false positive:
>Dear Jesse,
>Thank you for bringing this issue to our attention! It was indeed a false positive of our scanner and it should disappear with virus database update 4621, which was released about half an hour ago.
>We are sorry for any inconvenience this misdetection might have caused.
>Regards,
>Peter Kosinar
>Senior Virus Researcher
>ESET spol. s r.o.
Nice -- that's a pretty fast turn-around for pushing out an updated signature set.
NOTE: There is no way to know how many other people complained before me, about not just Find and Run Robot, but on other programs that may have gotten caught in the false positive. So we don't know the *real* time it took them to respond to the problem. But still it seems like a pretty quick reaction.
HOWEVER -- this process of adding a brand new signature, and then immediately reporting to users that the antivirus program is completely certain about an infection and deleting files is totally, absolutely, inexcusably, irresponsibly, WRONG BEHAVIOR. When a new signature is added to an antivirus database, and it is a heuristic like detection of possibly harmless code -- it is imperative that antivirus companies start being honest and straightforward with users. The user must be told that this is a completely heuristic guess, based not on the detection of harmful code but on the similarity to some random signature. The user must be told that the signature is brand new to the database and that the likelyhood of a harmless false positive is very high. When we find a responsible antivirus company that does this, we will have found a new hero in the antivirus wars, one that is desperately needed.
-
Does anyone here want to create a new web page on this issue of Responsible Handling of Antivirus Positives, and create a little award that could be given out to an antivirus company that handles this kind of thing responsibly? Maybe that would at least provide a way for us to motivate, encourage, and reward an antivirus program that decides to do the right thing.
-
Confirmed that the false positive is gone with the latest update :up:
We now return you to your regularly scheduled programming..
-
Does anyone here want to create a new web page on this issue of Responsible Handling of Antivirus Positives, and create a little award that could be given out to an antivirus company that handles this kind of thing responsibly? Maybe that would at least provide a way for us to motivate, encourage, and reward an antivirus program that decides to do the right thing.
-mouser
i could create one if you don't mind an extremely ugly and plain web page, okay maybe not that ugly but definitely plain.
-
Wow, you folks are fast - not only reported but fixed! I saw the same thing earlier today but didn't get a chance to write until now:
11/18/2009 5:08:47 PM Startup scanner file C:\Program Files\FindAndRunRobot\FindAndRunRobot.exe probably a variant of Win32/Genetik trojan
Frustrating part is that I already have the "Potentially unwanted" and "Potentially dangerous" programs/files detection deselected. I still have Heuristics enabled though, but it is supposed to be less aggressive this way. Guess not.
Thanks!
Jim