MysticBlueDragon

New Member
Hello

Anybody experiencing false detection in ESET Smart Secuirty 7 and 8 with the latest update?

Here is a screenshot that every software installer in my External HDD ONLY, with extension of ".exe" has been detected as win32/Sality.NBA virus even though they are not virus.

 

jackuars

Level 23
Verified
I guess that's your flash drive? Think your flash drive as a whole got infected...

Edit: Oh it's your hard drive.....So you plugged it into a system that was infected, and that's how it got all .exe files as malware.
 
Last edited:
  • Like
Reactions: MysticBlueDragon

MysticBlueDragon

New Member
So all my .exe files now are malware even though they have the same name and same icon of the software and its still working even install them???

going to try VT .. brb


Thanx all for the comment.. be back with the result in VT
 

jamescv7

Level 61
Verified
Trusted
Seems it could be not FP if that external HDD was been infected by inserting to the main source that contains autorun and sality.
 
  • Like
Reactions: MysticBlueDragon
M

Manzai

Sality is the classification for a family of malicious software (malware), which infects files on Microsoft Windows systems. Sality was first discovered in 2003 and has advanced over the years to become a dynamic, enduring and full-featured form of malicious code. Systems infected with Sality may communicate over a peer-to-peer (P2P) network for the purpose of relaying spam, proxying of communications, exfiltrating sensitive data, compromising web servers and/or coordinating distributed computing tasks for the purpose of processing intensive tasks (e.g. password cracking). Since 2010, certain variants of Sality have also incorporated the use of rootkit functions as part of an ongoing evolution of the malware family. Because of its continued development and capabilities, Sality is considered to be one of the most complex and formidable forms of malware to date.
Link

It's a virus
 
  • Like
Reactions: MysticBlueDragon

MysticBlueDragon

New Member
I think i have mistaken... it says CLEANED. it means ESET already clean the .exe file and restore the file. is that correct?
ohh I remember inserting my HDD in my friends Laptop.

Sorry for posting here i think everything is clear now. :3 Omg sorry.
 

Cch123

Level 7
Verified
I think you should scan your friend's laptop. If all these detection came up after plugging the HDD into your friend's laptop, it would mean that he has an active Sality infection.
 
M

MalwareT

According to Symantec's information:

W32.Sality is an entry-point obscuring (EPO) polymorphic file infector. It will infect executable files on local, removable and remote shared drives. The virus also creates a peer-to-peer (P2P) botnet and receives URLs of additional files to download. It then attempts to disable security software.
 
  • Like
Reactions: MysticBlueDragon

jamescv7

Level 61
Verified
Trusted
I think i have mistaken... it says CLEANED. it means ESET already clean the .exe file and restore the file. is that correct?
ohh I remember inserting my HDD in my friends Laptop.

Sorry for posting here i think everything is clear now. :3 Omg sorry.
http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm

If you choose "clean" from those detected files then it attempts to remove the virus from a legitimate file code therefore may restore the original but if failed that's the time to use quarantine for safe location, however the main file still considered as infected.

Since sality is a virus then clean option may work.
 
  • Like
Reactions: MysticBlueDragon

MysticBlueDragon

New Member
Sorry for the late reply.. i think i already got the idea and my question in my first post is wrong..

All affected file in my externel is clean when i check it on Virustotal.

In my observation.. i think that eset already cleaned the files with its real time auto detection.
As you can see in the first post in the picture its cleaned-quarantined the Sality not the .exe files.


Sorry all for this wrong questions and thats for all the replys. :3
Cheers.
 
  • Like
Reactions: MalwareT