RVM_Integrator_1[1].5.1.exe

Questions about Update Pack making? Ask here.
Post Reply
EaglePC
Posts: 30
Joined: Sat May 13, 2006 12:28 pm

RVM_Integrator_1[1].5.1.exe

Post by EaglePC » Sat Mar 08, 2008 2:12 am

Should I ignore this a false/positive ???

3/8/2008 2:07:41 AM Real-time file system protection file C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\IJKLM567\RVM_Integrator_1[1].5.1.exe Win32/Packed.Autoit.Gen application deleted (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\Internet Explorer\iexplore.exe.

User avatar
Siginet
Site Admin
Posts: 2894
Joined: Fri May 27, 2005 1:07 pm
Location: Planet Earth
Contact:

Post by Siginet » Sat Mar 08, 2008 4:16 am

Yes definatly a false positive.

What AV is that?
Image
--Siginet--

Techware
Your Virtual Technician
Computer Management Software

User avatar
RogueSpear
Posts: 1155
Joined: Tue Nov 23, 2004 9:50 pm
Location: Buffalo, NY

Post by RogueSpear » Sat Mar 08, 2008 11:52 am

There are so many AV products that don't seem to handle AutoIt or UPX well. You'd think they could have figured it out by now. What I usually do, depending on the AV product, is to try and create a permanent exclusion for for those two conditions.

User avatar
5eraph
Site Admin
Posts: 4619
Joined: Tue Jul 05, 2005 9:38 pm
Location: Riverview, MI USA

Post by 5eraph » Sat Mar 08, 2008 12:55 pm

Reminds me of the problems we had with CMDOW not too long ago. :rolleyes:

If a legitimate utility can be used in a bad way then the AV companies tag it as badware regardless of how it's used. :(

pupil
Posts: 15
Joined: Sun Jul 02, 2006 5:24 pm
Location: Leeds, UK
Contact:

Post by pupil » Sat Mar 08, 2008 1:35 pm

Siginet wrote:Yes definatly a false positive.

What AV is that?
It's with NOD32 v 2.70.39, I'm getting it also.
Bardo Thodol dotnet
www.bardothodol.net

EaglePC
Posts: 30
Joined: Sat May 13, 2006 12:28 pm

Post by EaglePC » Sat Mar 08, 2008 1:56 pm

NOD32 V3 ,thanks guys was just curious if some sneaked that file to me LOL

SelfMan
Posts: 50
Joined: Tue Jan 15, 2008 12:43 pm

Post by SelfMan » Sat Mar 08, 2008 5:08 pm

It does not happen to NOD usually, but nobody is perfect.
I wrote to ESET for whitelisting... I expect the update on monday.

User avatar
MrNxDmX
Moderator
Posts: 3112
Joined: Mon Jan 03, 2005 7:33 am

Post by MrNxDmX » Sat Mar 08, 2008 7:16 pm

Yep, one of my users reported that too. He's using 2,7 version of nod32. However, i have 3,0 and dont get any errors with it :wink:

SelfMan
Posts: 50
Joined: Tue Jan 15, 2008 12:43 pm

Post by SelfMan » Sun Mar 09, 2008 6:48 pm

MrNxDmX wrote:Yep, one of my users reported that too. He's using 2,7 version of nod32. However, i have 3,0 and dont get any errors with it :wink:
Problem is caused by one of the latest updates.
The current update is 2932. My NOD is 3.0.642

User avatar
Siginet
Site Admin
Posts: 2894
Joined: Fri May 27, 2005 1:07 pm
Location: Planet Earth
Contact:

Post by Siginet » Sun Mar 09, 2008 8:37 pm

Please report the issue to nod32. The more of us that report it the quicker this should get resolved.
Image
--Siginet--

Techware
Your Virtual Technician
Computer Management Software

User avatar
joll69
Posts: 28
Joined: Sun Oct 09, 2005 6:59 pm

Post by joll69 » Mon Mar 10, 2008 1:48 pm

i have nod32 2.7 installed, and it didnt flag the integrator at all. One odd thing, tho, is that it did prompt me about submitting it for analysis, but that's all. and the prompt wasn't one of the alerts, just a non-descript window.

first eset makes nod flag peerguardian2 as malware, now the rvm integrator. what next? :rolleyes:
Dok's Law: The simplicity of a solution is directly proportionate to its elusiveness.

SelfMan
Posts: 50
Joined: Tue Jan 15, 2008 12:43 pm

Post by SelfMan » Mon Mar 10, 2008 8:56 pm

Support guys sent the RVM Integrator to the viruslab...
I believe that soon the problem will be gone.

SelfMan
Posts: 50
Joined: Tue Jan 15, 2008 12:43 pm

Post by SelfMan » Sat Mar 22, 2008 5:45 pm

Back from vacation...
Looks like its fixed. No more false positive.
Last edited by SelfMan on Sun Mar 23, 2008 10:13 am, edited 1 time in total.

User avatar
Siginet
Site Admin
Posts: 2894
Joined: Fri May 27, 2005 1:07 pm
Location: Planet Earth
Contact:

Post by Siginet » Sat Mar 22, 2008 11:03 pm

Good news. :D Thx Everybody!
Image
--Siginet--

Techware
Your Virtual Technician
Computer Management Software

Dragsterp
Posts: 5
Joined: Wed Mar 19, 2008 10:55 pm
Location: Australia

Post by Dragsterp » Sun Mar 30, 2008 4:26 am

Siginet

After avg free updates today it now reports as a trojan I know its fine as previously scanned without any issues it looks like the new updates are causing this problem just thought bring this to your attention.

Post Reply