Questions about Update Pack making? Ask here.
-
EaglePC
- Posts: 30
- Joined: Sat May 13, 2006 12:28 pm
Post
by EaglePC » Sat Mar 08, 2008 2:12 am
Should I ignore this a false/positive ???
3/8/2008 2:07:41 AM Real-time file system protection file C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\IJKLM567\RVM_Integrator_1[1].5.1.exe Win32/Packed.Autoit.Gen application deleted (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Internet Explorer\iexplore.exe.
-
Siginet
- Site Admin
- Posts: 2898
- Joined: Fri May 27, 2005 1:07 pm
- Location: Planet Earth
-
Contact:
Post
by Siginet » Sat Mar 08, 2008 4:16 am
Yes definatly a false positive.
What AV is that?

--Siginet--
Techware
Your Virtual Technician
Computer Management Software
-
RogueSpear
- Posts: 1155
- Joined: Tue Nov 23, 2004 9:50 pm
- Location: Buffalo, NY
Post
by RogueSpear » Sat Mar 08, 2008 11:52 am
There are so many AV products that don't seem to handle AutoIt or UPX well. You'd think they could have figured it out by now. What I usually do, depending on the AV product, is to try and create a permanent exclusion for for those two conditions.
-
5eraph
- Site Admin
- Posts: 4621
- Joined: Tue Jul 05, 2005 9:38 pm
- Location: Riverview, MI USA
Post
by 5eraph » Sat Mar 08, 2008 12:55 pm
Reminds me of the problems we had with CMDOW not too long ago.
If a legitimate utility can be used in a bad way then the
AV companies tag it as badware regardless of how it's used.

-
pupil
- Posts: 15
- Joined: Sun Jul 02, 2006 5:24 pm
- Location: Leeds, UK
-
Contact:
Post
by pupil » Sat Mar 08, 2008 1:35 pm
Siginet wrote:Yes definatly a false positive.
What AV is that?
It's with NOD32 v 2.70.39, I'm getting it also.
-
EaglePC
- Posts: 30
- Joined: Sat May 13, 2006 12:28 pm
Post
by EaglePC » Sat Mar 08, 2008 1:56 pm
NOD32 V3 ,thanks guys was just curious if some sneaked that file to me LOL
-
SelfMan
- Posts: 50
- Joined: Tue Jan 15, 2008 12:43 pm
Post
by SelfMan » Sat Mar 08, 2008 5:08 pm
It does not happen to NOD usually, but nobody is perfect.
I wrote to ESET for whitelisting... I expect the update on monday.
-
MrNxDmX
- Moderator
- Posts: 3112
- Joined: Mon Jan 03, 2005 7:33 am
Post
by MrNxDmX » Sat Mar 08, 2008 7:16 pm
Yep, one of my users reported that too. He's using 2,7 version of nod32. However, i have 3,0 and dont get any errors with it

-
SelfMan
- Posts: 50
- Joined: Tue Jan 15, 2008 12:43 pm
Post
by SelfMan » Sun Mar 09, 2008 6:48 pm
MrNxDmX wrote:Yep, one of my users reported that too. He's using 2,7 version of nod32. However, i have 3,0 and dont get any errors with it

Problem is caused by one of the latest updates.
The current update is 2932. My NOD is 3.0.642
-
Siginet
- Site Admin
- Posts: 2898
- Joined: Fri May 27, 2005 1:07 pm
- Location: Planet Earth
-
Contact:
Post
by Siginet » Sun Mar 09, 2008 8:37 pm
Please report the issue to nod32. The more of us that report it the quicker this should get resolved.

--Siginet--
Techware
Your Virtual Technician
Computer Management Software
-
joll69
- Posts: 28
- Joined: Sun Oct 09, 2005 6:59 pm
Post
by joll69 » Mon Mar 10, 2008 1:48 pm
i have nod32 2.7 installed, and it didnt flag the integrator at all. One odd thing, tho, is that it did prompt me about submitting it for analysis, but that's all. and the prompt wasn't one of the alerts, just a non-descript window.
first eset makes nod flag peerguardian2 as malware, now the rvm integrator. what next?

Dok's Law: The simplicity of a solution is directly proportionate to its elusiveness.
-
SelfMan
- Posts: 50
- Joined: Tue Jan 15, 2008 12:43 pm
Post
by SelfMan » Mon Mar 10, 2008 8:56 pm
Support guys sent the RVM Integrator to the viruslab...
I believe that soon the problem will be gone.
-
SelfMan
- Posts: 50
- Joined: Tue Jan 15, 2008 12:43 pm
Post
by SelfMan » Sat Mar 22, 2008 5:45 pm
Back from vacation...
Looks like its fixed. No more false positive.
Last edited by
SelfMan on Sun Mar 23, 2008 10:13 am, edited 1 time in total.
-
Siginet
- Site Admin
- Posts: 2898
- Joined: Fri May 27, 2005 1:07 pm
- Location: Planet Earth
-
Contact:
Post
by Siginet » Sat Mar 22, 2008 11:03 pm
Good news.

Thx Everybody!

--Siginet--
Techware
Your Virtual Technician
Computer Management Software
-
Dragsterp
- Posts: 5
- Joined: Wed Mar 19, 2008 10:55 pm
- Location: Australia
Post
by Dragsterp » Sun Mar 30, 2008 4:26 am
Siginet
After avg free updates today it now reports as a trojan I know its fine as previously scanned without any issues it looks like the new updates are causing this problem just thought bring this to your attention.