topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 4:15 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Program executable suspected as virus by NOD32  (Read 10893 times)

amotzg

  • Participant
  • Joined in 2008
  • *
  • default avatar
  • Posts: 1
    • View Profile
    • Donate to Member
Program executable suspected as virus by NOD32
« on: November 18, 2009, 05:24 PM »
On the 19/11/09 at 00:22 after a database update NOD32 antivirus from ESET reported the executable file of FARR 2.71.01 (FindAndRunRobot.exe) as a Win32/Genetik trojan virus.
While trying to download a setup of the latest version (2.77.02) NOD32 reported the downloading setup file as the same trojan and prevented the download.

Have any one else have encountered this?
What should I do?

Thanks,
amotzg.

scancode

  • Honorary Member
  • Joined in 2007
  • **
  • Posts: 641
  • I will eat Cody someday.
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Program executable suspected as virus by NOD32
« Reply #1 on: November 18, 2009, 05:31 PM »
As usual, antivirus software overreacting.

Has happened a crapload of times around here:
https://www.donation...earch=false+positive

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Program executable suspected as virus by NOD32
« Reply #2 on: November 18, 2009, 06:30 PM »
It's a false positive.  Very frustrating since Nod32 is usually good about these things.
As discussed on some of the threads that scancode points to, the thing to do in such cases is upload the file in question to a site like virustotal for a second opinion.
Find and Run Robot on virustotal: http://www.virustota...bdaea01db-1257321247

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Program executable suspected as virus by NOD32
« Reply #3 on: November 18, 2009, 06:31 PM »
Since I use Nod32 myself i will email them.. usually they are pretty good about correcting these kinds of mistakes promptly.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Program executable suspected as virus by NOD32
« Reply #4 on: November 18, 2009, 06:34 PM »
I've ranted a lot about the harm these virus companies are doing to developers with their sloppy and irresponsible attitude towards false positives.  Just stumbled on this blog item about it by the folks at nirsoft:
http://blog.nirsoft....to-small-developers/

pmcg

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 13
    • View Profile
    • Donate to Member
Re: Program executable suspected as virus by NOD32
« Reply #5 on: November 18, 2009, 08:13 PM »
Happened to me today also. Suddenly your program has been deleted by Eset. Argggghh!

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Program executable suspected as virus by NOD32
« Reply #6 on: November 18, 2009, 08:18 PM »
Sorry to everyone suffering with this -- it's out of my hands -- nothing more i can do.
This will be a good test of eset, to see how fast they fix this.  :mad:



Anyone who wants to help speed up the process of them analyzing the file and reporting on it's goodness, see how to do so here:
http://kb.eset.com/e...ntent&id=SOLN141

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Program executable suspected as virus by NOD32
« Reply #7 on: November 18, 2009, 08:39 PM »
Well I must say I'm pretty impressed by eSet.  Here's an email reply I got about 20 minutes after I submitted the false positive:

>Dear Jesse,
>Thank you for bringing this issue to our attention! It was indeed a false positive of our scanner and it should disappear with virus database update 4621, which was released about half an hour ago.
>We are sorry for any inconvenience this misdetection might have caused.
>Regards,
>Peter Kosinar
>Senior Virus Researcher
>ESET spol. s r.o.

Nice -- that's a pretty fast turn-around for pushing out an updated signature set.



NOTE: There is no way to know how many other people complained before me, about not just Find and Run Robot, but on other programs that may have gotten caught in the false positive.  So we don't know the *real* time it took them to respond to the problem.  But still it seems like a pretty quick reaction.



HOWEVER -- this process of adding a brand new signature, and then immediately reporting to users that the antivirus program is completely certain about an infection and deleting files is totally, absolutely, inexcusably, irresponsibly, WRONG BEHAVIOR.  When a new signature is added to an antivirus database, and it is a heuristic like detection of possibly harmless code -- it is imperative that antivirus companies start being honest and straightforward with users.  The user must be told that this is a completely heuristic guess, based not on the detection of harmful code but on the similarity to some random signature.  The user must be told that the signature is brand new to the database and that the likelyhood of a harmless false positive is very high.  When we find a responsible antivirus company that does this, we will have found a new hero in the antivirus wars, one that is desperately needed.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Program executable suspected as virus by NOD32
« Reply #8 on: November 18, 2009, 08:44 PM »
Does anyone here want to create a new web page on this issue of Responsible Handling of Antivirus Positives, and create a little award that could be given out to an antivirus company that handles this kind of thing responsibly?  Maybe that would at least provide a way for us to motivate, encourage, and reward an antivirus program that decides to do the right thing.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Program executable suspected as virus by NOD32
« Reply #9 on: November 18, 2009, 08:47 PM »
Confirmed that the false positive is gone with the latest update  :up:
We now return you to your regularly scheduled programming..

gexecuter

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 252
  • Move over and give us some room...
    • View Profile
    • Elite Freeware
    • Donate to Member
Re: Program executable suspected as virus by NOD32
« Reply #10 on: November 18, 2009, 09:59 PM »
Does anyone here want to create a new web page on this issue of Responsible Handling of Antivirus Positives, and create a little award that could be given out to an antivirus company that handles this kind of thing responsibly?  Maybe that would at least provide a way for us to motivate, encourage, and reward an antivirus program that decides to do the right thing.

i could create one if you don't mind an extremely ugly and plain web page, okay maybe not that ugly but definitely plain.
Mouser is made of win and awesome!

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: Program executable suspected as virus by NOD32
« Reply #11 on: November 18, 2009, 10:47 PM »
Wow, you folks are fast - not only reported but fixed!  I saw the same thing earlier today but didn't get a chance to write until now:

11/18/2009 5:08:47 PM   Startup scanner   file   C:\Program Files\FindAndRunRobot\FindAndRunRobot.exe   probably a variant of Win32/Genetik trojan         

Frustrating part is that I already have the "Potentially unwanted" and "Potentially dangerous" programs/files detection deselected. I still have Heuristics enabled though, but it is supposed to be less aggressive this way. Guess not.

Thanks!

Jim