RVM_Integrator_1[1].5.1.exe

EaglePC · Post by **EaglePC** » Sat Mar 08, 2008 2:12 am

Should I ignore this a false/positive ???

3/8/2008 2:07:41 AM Real-time file system protection file C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\IJKLM567\RVM_Integrator_1[1].5.1.exe Win32/Packed.Autoit.Gen application deleted (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Internet Explorer\iexplore.exe.

Siginet · Post by **Siginet** » Sat Mar 08, 2008 4:16 am

Yes definatly a false positive.

What AV is that?

RogueSpear · Post by **RogueSpear** » Sat Mar 08, 2008 11:52 am

There are so many AV products that don't seem to handle AutoIt or UPX well. You'd think they could have figured it out by now. What I usually do, depending on the AV product, is to try and create a permanent exclusion for for those two conditions.

Post by **5eraph** » Sat Mar 08, 2008 12:55 pm

Reminds me of the problems we had with CMDOW not too long ago.

If a legitimate utility can be used in a bad way then the AV companies tag it as badware regardless of how it's used.

pupil · Post by **pupil** » Sat Mar 08, 2008 1:35 pm

Siginet wrote:Yes definatly a false positive.

What AV is that?

It's with NOD32 v 2.70.39, I'm getting it also.

EaglePC · Post by **EaglePC** » Sat Mar 08, 2008 1:56 pm

NOD32 V3 ,thanks guys was just curious if some sneaked that file to me LOL

SelfMan · Post by **SelfMan** » Sat Mar 08, 2008 5:08 pm

It does not happen to NOD usually, but nobody is perfect.
I wrote to ESET for whitelisting... I expect the update on monday.

MrNxDmX · Post by **MrNxDmX** » Sat Mar 08, 2008 7:16 pm

Yep, one of my users reported that too. He's using 2,7 version of nod32. However, i have 3,0 and dont get any errors with it

SelfMan · Post by **SelfMan** » Sun Mar 09, 2008 6:48 pm

MrNxDmX wrote:Yep, one of my users reported that too. He's using 2,7 version of nod32. However, i have 3,0 and dont get any errors with it

Problem is caused by one of the latest updates.
The current update is 2932. My NOD is 3.0.642

Siginet · Post by **Siginet** » Sun Mar 09, 2008 8:37 pm

Please report the issue to nod32. The more of us that report it the quicker this should get resolved.

joll69 · Post by **joll69** » Mon Mar 10, 2008 1:48 pm

i have nod32 2.7 installed, and it didnt flag the integrator at all. One odd thing, tho, is that it did prompt me about submitting it for analysis, but that's all. and the prompt wasn't one of the alerts, just a non-descript window.

first eset makes nod flag peerguardian2 as malware, now the rvm integrator. what next?

SelfMan · Post by **SelfMan** » Mon Mar 10, 2008 8:56 pm

Support guys sent the RVM Integrator to the viruslab...
I believe that soon the problem will be gone.

SelfMan · Post by **SelfMan** » Sat Mar 22, 2008 5:45 pm

Back from vacation...
Looks like its fixed. No more false positive.

Siginet · Post by **Siginet** » Sat Mar 22, 2008 11:03 pm

Good news.

Thx Everybody!

Dragsterp · Post by **Dragsterp** » Sun Mar 30, 2008 4:26 am

Siginet

After avg free updates today it now reports as a trojan I know its fine as previously scanned without any issues it looks like the new updates are causing this problem just thought bring this to your attention.