Archived

This topic is now archived and is closed to further replies.

Nod32 update introduces false positives and delete core system files

Recommended Posts

+warwagon    9,705

Nod32 Win32/Kryptik.JX false positive

This morning a recent definition update to the popular Nod32 Antivirus introduced a false positive causing the Antivirus to prompt users to remove core system files, or in some cases delete the files automatically. The system files in question are msdtc.exe, winlogon.exe and dllhost.exe. Most are located in the System32 folder while other are in the c:\windows folder. They were being detected as Win32/Kryptik.JX. You may want to check your logs to make sure you are not affected. If those system files have been automatically deleted on your system you can follow the instructions in the link below to resolve the problem. 10 mins after the problem was discovered nod32 released an update to the Antivirus definitions which corrected the issue. If you reboot the system with those files deleted windows may no longer boot until the files in question are restored.

http://kb.eset.com/esetkb/index?page=conte...ctp=LIST_RECENT

Share this post


Link to post
Share on other sites
Sethos    270

This is the second time NOD32 is having issues with a botched update triggering false positives, coupled with the fact it's barely in the top 5 any more according to AV-test, I doubt I'll be renewing my sub.

Share this post


Link to post
Share on other sites
AgEnTsMiTh    0

Did not have a problem here.

Share this post


Link to post
Share on other sites
Bhav    14

stopped using NOD32 in favour of comodo's entirely free package that seems just as light on resources :)

Share this post


Link to post
Share on other sites
Tailwind    320

Oops, lucky I changed to Kaspersky after my Nod license expired. :p

Share this post


Link to post
Share on other sites
Scirwode    18
Oops, lucky I changed to Kaspersky after my Nod license expired. :p

Lucky I changed to NIS2009 after my ESS license expired :p .

Scirwode

Share this post


Link to post
Share on other sites
+Mystic    8

Didn't have any issue and NOD32 has been great for me since I got it last October.

Share this post


Link to post
Share on other sites
Reacon    135

And thus we see the downfall of NOD32... And the rising of Kapersky and Norton :D

Share this post


Link to post
Share on other sites
tsupersonic    1,325
stopped using NOD32 in favour of comodo's entirely free package that seems just as light on resources :)
Nod32 is known not just for its light system usage, but its fantastic job in detection rates. I doubt comodo can match nod32 in terms of that.

Share this post


Link to post
Share on other sites
fix-this!    76

im using nod32 version 4 with no issues on vista.

Share this post


Link to post
Share on other sites
+goretsky    683

Hello,

There is a message on ESET's web site here with additional information about what happened and how they responded. Interesting reading.

Regards,

Aryeh Goretsky

Share this post


Link to post
Share on other sites
Srugie    10

I love NOD32 and I've never had any problems with it.

Share this post


Link to post
Share on other sites
+warwagon    9,705

My questing is why don't these antivirus companies have a machine with a clean install of windows that has the latest updates. Then do a full system scan with the current virus database before you push the update. That would eliminate these bad updates which delete core system files.

Share this post


Link to post
Share on other sites
Smigit    7

They probably do test them. Whether they can test over a wide enough range of hardware and whether issues like this are necessarily visible immediately are another thing but. Sure those files are pretty obvious, but in the future it could be one that's more obscure that's only needed during a weekly scheduled event or whatever that gets wiped.

Not that it's right of course...but I highly doubt they throw these out without some testing.

Share this post


Link to post
Share on other sites
Denholm    2

Checked our Media Center PC and Laptop - both unaffected. Thanks for the update anyway.

Share this post


Link to post
Share on other sites
Fubar    103

just checked all my machines and nothing happened here , not according to the logs on all of them anyway , thanks for the heads up though

just noticed this bit on that link that was posted

The update downloads were stopped within ten minutes of the update release, and the update was reverted to its previous version. Due to this immediate response, less than 5% of our users were affected.

caught pretty much straight away , would explain a lot lol

Share this post


Link to post
Share on other sites
jamesVault    0

This is another evidence of how an antivirus is often useless and more dangerous than a virus :crazy:

The facts:

- the antivirus programs always introduce a lot of incompatibilities and problems in Windows and slow down your machine

- the antivirus programs cover only a very small % of malware in the wild

- the users have an antivirus installed (kaspersky, avg, nod32, norton, avira, etc), it doesn't matter what they have, but they still continue to get infected by a virus

- the antivirus vendors still continue to release new virus definitions without even testing them on a Windows machine

===> the antivirus marked has completely failed!

Share this post


Link to post
Share on other sites
+shift.    21
This is another evidence of how an antivirus is often useless and more dangerous than a virus :crazy:

And what are you implying with that? That we shouldn't use anti-virus 'cause it does more bad than good? :rolleyes:

Share this post


Link to post
Share on other sites
Smigit    7
- the users have an antivirus installed (kaspersky, avg, nod32, norton, avira, etc), it doesn't matter what they have, but they still continue to get infected by a virus

Sure, just as people wearing seat belts still die in cars and people wearing condoms still parent kids. Antivirus is not and never should be seen as a means of complete protection. Thats not to say they can't help.

- the antivirus vendors still continue to release new virus definitions without even testing them on a Windows machine

How many definitions do anti virus companies release? Thousands? One causes an issue and within 10 minutes of being discovered it has been corrected. I'm sorry but the ratio of definitions that don't screw the machine over to the ones that do is absolutely immense and would probably imply that they do go through some testing.

Again, it certainly is disconcerting this got through but to make blanket statements like Antivirus is useless and that they don't do any testing is pretty ridiculous.

Share this post


Link to post
Share on other sites
ViperAFK    781

This is the second time nod32 has done this.

Share this post


Link to post
Share on other sites
+Mystic    8

At least 10 computers out of (probably at least a hundred) at part time ITS job were affected, but it wasn't anything too serious.

Share this post


Link to post
Share on other sites
(Spork)    87
And thus we see the downfall of NOD32... And the rising of Kapersky and Norton :D

Bloatware !

ill stick to my Avira .... i was a big time NOD32 fan

Share this post


Link to post
Share on other sites
+goretsky    683

Hello,

My understanding is that all anti-virus companies do this, but from the description of the problem, it sounds like they were doing unit testing of virus signature databases and module updates, and both passed separately. It was some sort of interaction between the two that caused a problem. It looks like they learned from it, though: http://www.eset.com/joomla/index.php?optio...39&Itemid=2

Regards,

Aryeh Goretsky

My questing is why don't these antivirus companies have a machine with a clean install of windows that has the latest updates. Then do a full system scan with the current virus database before you push the update. That would eliminate these bad updates which delete core system files.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.