PDA

View Full Version : Nod goofed yesterday



wainuitech
10-03-2009, 09:40 AM
Tisk tisk - if anyone gets a warning from Nod32 that you have infections, esp after updating to virus sig 3918 - ignore it, and put back the fiels that will be in the Quarantine .

They made a bobo.

The sig was pulled from Nods servers within 10 minutes - Actually had 7 people call me late yesterday saying they had an infection and were asked to install the Windows XP CD to repair, if you have the Cd you can run sfc /scannow and replace the files or replace them from quarantine. Then do a full scan any way makin sure your virus sigs are upto date.



Report:
a problem was found in the recent update of the advanced heuristics module which, in combination with the generic signature for Win32/Kryptik.JX caused certain system files to be flagged as infected. The problematic update was withdrawn from the update servers in 10 minutes after the release. Those who have come across this false positive can restore the original files from quarantine. A fix has already been issued - you can verify this by right-clicking the program tray icon and selecting About. The version of the Advanced heuristics module containing the fix is 1092.





Updated:

At least Nod are pro active and tell you how to fix the problem:
A fix has already been issued - you can verify this by right-clicking the program tray icon and selecting About. The version of the Advanced heuristics module containing the fix is 1092 for v3/v4 users and 1091 for v2 users.

Update: a newer update is being released which will restore false positives from quarantine to their original locations without user intervention. V2 users will either need to restore the affected files from quarantine manually or wait for a command tool that can be used in a network environment.

pctek
10-03-2009, 09:48 AM
Not unusual.
I've had NOD whinge about a file I've had for several years - infoviewer.exe, written by a friend of mine. Suddenly NOD complains, and keeps complaining. There is nothing wrong wit the file.

Another program I have from the friend - also for ages and ages - flashpatcher.exe is whinged about by both Counterspy and Malware Bytes.

Again, the file is fine.

False positives aren't uncommon, tricky for the average user to know whether or not to worry. At least they err on the side of caution rather than missing loads of real malware..........

wainuitech
10-03-2009, 09:54 AM
The piece I like is
Update: a newer update is being released which will restore false positives from quarantine to their original locations without user intervention At least they didn't just go - oh well and make people chase help desks to a fix. They goofed - they did an auto fix :thumbs:

CYaBro
10-03-2009, 11:27 AM
Didn't have any problems here or with any of our NOD32 clients :D

bevy121
10-03-2009, 04:47 PM
Not unusual.
I've had NOD whinge about a file I've had for several years - infoviewer.exe, written by a friend of mine. Suddenly NOD complains, and keeps complaining. There is nothing wrong wit the file.



So why wouldn't you just add an exception for the file(s) and never have nod complain about them again?

Neil McC
11-03-2009, 08:48 AM
Thanks wainuitech,have done a restore,but I hadn't missed the files!
Is it worth updating to v4? I had trouble with 3,used to hang a fair bit so went back to 2.

wainuitech
11-03-2009, 09:04 AM
If you run a manual update, it will automatically install the patch to replace the files it put into Quarantine. As of 8.55 am Wednesday the Virus sig data base is 3924

Only just started using Version 4 myself yesterday - I didn't know it had gone past the Beta stage - but now its showing as the full version - installed V4 twice yesterday on Customers PC's I have in the workshop and they both appear to be working fine.