Nod32 update introduces false positives and delete core system files

By +Warwagon
in Back Page News

 Share

Recommended Posts

Grand Master

+Warwagon MVC

Posted
  • MVC
Posted

Nod32 Win32/Kryptik.JX false positive

This morning a recent definition update to the popular Nod32 Antivirus introduced a false positive causing the Antivirus to prompt users to remove core system files, or in some cases delete the files automatically. The system files in question are msdtc.exe, winlogon.exe and dllhost.exe. Most are located in the System32 folder while other are in the c:\windows folder. They were being detected as Win32/Kryptik.JX. You may want to check your logs to make sure you are not affected. If those system files have been automatically deleted on your system you can follow the instructions in the link below to resolve the problem. 10 mins after the problem was discovered nod32 released an update to the Antivirus definitions which corrected the issue. If you reboot the system with those files deleted windows may no longer boot until the files in question are restored.

http://kb.eset.com/esetkb/index?page=conte...ctp=LIST_RECENT

Grand Master

Scirwode

Posted
Posted
Oops, lucky I changed to Kaspersky after my Nod license expired. :p

Lucky I changed to NIS2009 after my ESS license expired :p .

Scirwode

Grand Master

tsupersonic

Posted
Posted
stopped using NOD32 in favour of comodo's entirely free package that seems just as light on resources :)
Nod32 is known not just for its light system usage, but its fantastic job in detection rates. I doubt comodo can match nod32 in terms of that.
Grand Master

goretsky Supervisor

Posted
  • Supervisor
Posted

Hello,

There is a message on ESET's web site here with additional information about what happened and how they responded. Interesting reading.

Regards,

Aryeh Goretsky

Grand Master

+Warwagon MVC

Posted
  • Author
  • MVC
Posted

My questing is why don't these antivirus companies have a machine with a clean install of windows that has the latest updates. Then do a full system scan with the current virus database before you push the update. That would eliminate these bad updates which delete core system files.

Grand Master

Smigit

Posted
Posted

They probably do test them. Whether they can test over a wide enough range of hardware and whether issues like this are necessarily visible immediately are another thing but. Sure those files are pretty obvious, but in the future it could be one that's more obscure that's only needed during a weekly scheduled event or whatever that gets wiped.

Not that it's right of course...but I highly doubt they throw these out without some testing.

Experienced

Fubar

Posted
Posted

just checked all my machines and nothing happened here , not according to the logs on all of them anyway , thanks for the heads up though

just noticed this bit on that link that was posted

The update downloads were stopped within ten minutes of the update release, and the update was reverted to its previous version. Due to this immediate response, less than 5% of our users were affected.

caught pretty much straight away , would explain a lot lol

Proficient

jamesVault

Posted
Posted (edited)

This is another evidence of how an antivirus is often useless and more dangerous than a virus :crazy:

The facts:

- the antivirus programs always introduce a lot of incompatibilities and problems in Windows and slow down your machine

- the antivirus programs cover only a very small % of malware in the wild

- the users have an antivirus installed (kaspersky, avg, nod32, norton, avira, etc), it doesn't matter what they have, but they still continue to get infected by a virus

- the antivirus vendors still continue to release new virus definitions without even testing them on a Windows machine

===> the antivirus marked has completely failed!

Edited by jamesVault
Grand Master

+shift. MVC

Posted
  • MVC
Posted
This is another evidence of how an antivirus is often useless and more dangerous than a virus :crazy:

And what are you implying with that? That we shouldn't use anti-virus 'cause it does more bad than good? :rolleyes:

Grand Master

Smigit

Posted
Posted
- the users have an antivirus installed (kaspersky, avg, nod32, norton, avira, etc), it doesn't matter what they have, but they still continue to get infected by a virus

Sure, just as people wearing seat belts still die in cars and people wearing condoms still parent kids. Antivirus is not and never should be seen as a means of complete protection. Thats not to say they can't help.

- the antivirus vendors still continue to release new virus definitions without even testing them on a Windows machine

How many definitions do anti virus companies release? Thousands? One causes an issue and within 10 minutes of being discovered it has been corrected. I'm sorry but the ratio of definitions that don't screw the machine over to the ones that do is absolutely immense and would probably imply that they do go through some testing.

Again, it certainly is disconcerting this got through but to make blanket statements like Antivirus is useless and that they don't do any testing is pretty ridiculous.

Grand Master

goretsky Supervisor

Posted
  • Supervisor
Posted

Hello,

My understanding is that all anti-virus companies do this, but from the description of the problem, it sounds like they were doing unit testing of virus signature databases and module updates, and both passed separately. It was some sort of interaction between the two that caused a problem. It looks like they learned from it, though: http://www.eset.com/joomla/index.php?optio...39&Itemid=2

Regards,

Aryeh Goretsky

My questing is why don't these antivirus companies have a machine with a clean install of windows that has the latest updates. Then do a full system scan with the current virus database before you push the update. That would eliminate these bad updates which delete core system files.
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • EA Sports UFC 6 review: Brutal, satisfying, and surprisingly accessible to newcomers

      By Figure 8 Dash · Posted

      Oddly, there was a time that UFC games were culturally relevant, largely because of the graphics and gameplay that was different than the norm. But it seems like as the sport grew in popularity, gaming outlets stopped talking about the games.
    • Microsoft Edge 149.0.4022.69

      By Copernic · Posted

      Microsoft Edge 149.0.4022.69 by Razvan Serea Microsoft Edge is a super fast and secure web browser from Microsoft. It works on almost any device, including PCs, iPhones and Androids. It keeps you safe online, protects your privacy, and lets you browse the web quickly. You can even use it on all your devices and keep your browsing history and favorites synced up. Built on the same technology as Chrome, Microsoft Edge has additional built-in features like Startup boost and Sleeping tabs, which boost your browsing experience with world class performance and speed that are optimized to work best with Windows. Microsoft Edge security and privacy features such as Microsoft Defender SmartScreen, Password Monitor, InPrivate search, and Kids Mode help keep you and your loved ones protected and secure online. Microsoft Edge has features to keep both you and your family protected. Enable content filters and access activity reports with your Microsoft Family Safety account and experience a kid-friendly web with Kids Mode. The new Microsoft Edge is now compatible with your favorite extensions, so it’s easy to personalize your browsing experience. Microsoft Edge 149.0.4022.69 changelog: Fixed an issue that caused the Downloads dialog to continue displaying the "Keep/Delete" prompt for .rdp files after the download completed. Stable channel security updates are listed here. Download: Microsoft Edge (64-bit) | 193.0 MB (Freeware) Download: Microsoft Edge (32-bit) | 170.0 MB Download: Microsoft Edge (ARM64) | 188.0 MB View: Microsoft Edge Website | Release History Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Save 44% on Intuit QuickBooks Desktop Pro Plus 2024 (1 User for 1-Year)

      By News Staff · Posted

      Save 44% on Intuit QuickBooks Desktop Pro Plus 2024 (1 User for 1-Year) by Steven Parker Today's highlighted deal comes via our Apps + Software section of the Neowin Deals store, where for only a limited time, you can save 44% on Intuit QuickBooks Desktop Pro Plus 2024 (1 User + 1 Year) for Windows. Take control of your business finances with Intuit® QuickBooks® Desktop Pro Plus 2024 Lifetime Activation for Windows. This powerful accounting software simplifies bookkeeping, expense tracking, invoicing, and financial management—all in one intuitive platform. Designed for small business owners, freelancers, and accountants, QuickBooks® Desktop Pro Plus 2024 ensures accuracy, efficiency, and seamless transaction tracking. Stay organized, save time, and manage your finances with confidence—no subscriptions, just lifetime access! Financial and business management Comprehensive Financial Management: Gain access to a full suite of features designed to handle everything from creating invoices & managing expenses to generating reports and tracking sales. Enhanced Reporting Tools: Generate professional reports & insights to make informed financial decisions and help you stay ahead of your business goals. Job Costing: Track the profitability of specific jobs or projects. Fixed Asset Management: Track the depreciation & value of fixed assets. Customer & Vendor Management: Organize information, streamline communication & enhance customer relations. Sales Order Processing: Create & manage sales orders from start to finish. Purchase Order Processing: Create & manage purchase orders to streamline vendor payments. Improved Inventory Management: Enhanced features for tracking inventory levels & costs. Automation, integration, and support Enhanced Bank Feeds: Web Connect (manual QBO imports), works on all licenses for easier bank reconciliation Time Tracking: Track employee time to accurately calculate payroll and project costs Easy Data Import: Quickly transfer financial data from Excel or older QuickBooks® versions Why choose Intuit® QuickBooks® Desktop Pro Plus 2024? Effortless Installation: Quick and easy setup with step-by-step guidance. No Hidden Costs: One-time payment—no subscriptions or recurring fees. Direct Official Download: Access the software securely from the official QuickBooks® website. Stay Up to Date: Get the latest updates and features for optimal performance. Multilingual Support: Available in multiple languages to suit your needs. Lifetime Access: A one-time purchase means no ongoing costs. IMPORTANT: Cloud integrations (QuickBooks Payments, TurboTax, and Online logins) are NOT included. Good to know: Length of access: lifetime Redemption deadline: redeem your code within 30 days of purchase Access options: Windows Max number of device(s): 2 (for 1 user only and can't be used simultaneously) Version: 2024 (United States) 64-bit Available to both NEW and EXISTING users For US customers only Updates included An Intuit QuickBooks Desktop Pro Plus 2024 (1 User + 1-Year) for Windows: Lifetime License normally costs $536, but it can be yours for just $299.99 for a limited time, a saving of $236. There are also other plans available. For specifications, and license info please click the link below. Get Intuit QuickBooks Desktop Pro Plus 2024 for just $299.99 This is a time limited deal For US customers only. Support queries If you have queries or need support for any of the Neowin Deals, please use the contact form here. Neowin Deals are managed and sold by StackCommerce who represent Neowin on an affiliate basis. Why we post these deals We post these because we earn commission on each sale so as not to rely solely on advertising, which many of our readers block. It all helps toward paying staff reporters, servers and hosting costs. So for those that keep moaning and complaining, be thankful we're still online for you to even do that. Other ways to support Neowin Whitelist Neowin by not blocking our ads Create a free member account to see fewer ads Make a donation to support our day to day running costs Subscribe to Neowin - for $14 a year, or $28 a year for an ad-free experience Disclosure: Neowin benefits from revenue of each sale made through our branded deals site powered by StackCommerce.
    • Can't access the forum on mobile

      By Steven P. · Posted

      AFAIK you shouldn't be getting a consent popup at all from Canada, so I think it is to do with a VPN or private/secure DNS.
    • Microsoft releases major feature updates for stock Windows 11 apps

      By eiffel_g · Posted

      From what I see it's only for Insider - preview builds. Not for everybody. So...

  • Recent Achievements

    • Week One Done
      agatameier earned a badge
      Week One Done
    • One Month Later
      agatameier earned a badge
      One Month Later
    • Week One Done
      ssd21345 earned a badge
      Week One Done
    • Contributor
      MarkHughes4096 went up a rank
      Contributor
    • Dedicated
      jordanspringer earned a badge
      Dedicated

  • Popular Contributors

    1. 1
      +primortal
      507
    2. 2
      +Edouard
      175
    3. 3
      PsYcHoKiLLa
      139
    4. 4
      ATLien_0
      90
    5. 5
      Steven P.
      76
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!