NOD32 false alarm! Win32/Kryptik.JX

Berserker

Berserker

Berserker

Man of Honour
Joined
4 Nov 2002
Posts
15,513
Location
West Berkshire
I woke up to an alert from NOD32 this morning, words along the lines of:

C:\Windows\System32\msdtc.exe - a variant of Win32/Kryptik.JX
C:\Windows\System32\dllhost.exe - a variant of Win32/Kryptik.JX

If your system is otherwise clean, these are false positives!

If NOD32 has quarantined the files, you need to restore them. They are critical Windows system files and you might have trouble booting your system if you don't.

Lots of discussion about this over at their forums:

http://www.wilderssecurity.com/showthread.php?t=235509

And lots of people talking of abandoning ship. Can't blame them - this is the second one I've had in as many weeks.

PS - Windows' System File Protection may pop up as well.
 
NOD32 has an influx of false+ every year, it's not even the best detection engine anymore so why pay for it when free ones get better results...

As a second opinion IMO it's fine, along with any others (the more the merrier) but as a resident scanner I'd not use it again.
 
I still have a year or so left on my license, so I may as well stick with it. At the end I'll certainly come back here and ask what is the current 'best in breed' (free or not).
 
out of our 100+ clients, only one appears to have experienced this problem this morning, all AV vendors have their issues, last year there was a big **** up with AVG, so they all have them.

Still not going to change AV providers
 
pretty massive oversight by eset..

it's not as if it's some weird 3rd party app that they're getting false positives for!
 
Berserker said:
Lots of discussion about this over at their forums:

http://www.wilderssecurity.com/showthread.php?t=235509
Click to expand...
Not surprised really. There was a lot of difficulty with the v4 release the other week. I still haven't been able to install it and I've been told to ring Eset UK to help me with that.

Berserker said:
And lots of people talking of abandoning ship. Can't blame them - this is the second one I've had in as many weeks.
Click to expand...
I've only had one or two in the last year, but nothing before that, to their credit they've fixed those pretty quickly. But this one today does sound quite bad with it mis-identifying critical Windows files.

mrk said:
NOD32 has an influx of false+ every year, it's not even the best detection engine anymore so why pay for it when free ones get better results...

As a second opinion IMO it's fine, along with any others (the more the merrier) but as a resident scanner I'd not use it again.
Click to expand...
You and me both. Think my 3 year licence expires in September. Might be tempted to jump ship, perhaps to Avast. :) If Avast free is as good as or nearly as good as NOD32 then I might have trouble justifying forking out cash for a 1 or 3 year licence.

bledd. said:
pretty massive oversight by eset..

it's not as if it's some weird 3rd party app that they're getting false positives for!
Click to expand...
Well yeah but this is a world we live in where I've had Windows tell me its closing explorer.exe down because its a dangerous process. :D Err OK then Mr PC. :)
 
Berserker said:
Didn't even know v4 was out. I'm still running v2 on one PC (the rest are on v3).
Click to expand...
About a week to 10 days. Loads of problems with the release. Eset tried to work on the updates to make them v4 compatible or something. This made the update system crash because v3 couldn't update or something silly. All in all not a good few weeks for Eset at all.
 
It's not just about the detection though - I just love the way NOD is so unobtrusive and light. I barely notice it's there (until I download something from Usenet and it tells me off).
 
willhub said:
So what is currently better than NOD32?

Is Avast AV?
Click to expand...

It’s not as easy as what’s better, some pass different tests better than others etc, but as for alternative’s to Nod I switched to Kaspersky and Avira Premium, but no AV is perfect and they all have there issues, Kaspersky had a dat file last year that crashed Vista x64 and Avira has also had issues with False positives.

If you are happy with Nod stick with it, if not try some trial versions of the above or other alternatives
 
MarcLister said:
About a week to 10 days. Loads of problems with the release. Eset tried to work on the updates to make them v4 compatible or something. This made the update system crash because v3 couldn't update or something silly. All in all not a good few weeks for Eset at all.
Click to expand...
'Loads of problems' for you maybe, I think most people managed to install the new version fine. There was an issue with updating, although I'm not sure if it was just overloaded or something.
 
tonyf1971 said:
It’s not as easy as what’s better, some pass different tests better than others etc, but as for alternative’s to Nod I switched to Kaspersky and Avira Premium, but no AV is perfect and they all have there issues, Kaspersky had a dat file last year that crashed Vista x64 and Avira has also had issues with False positives.

If you are happy with Nod stick with it, if not try some trial versions of the above or other alternatives
Click to expand...

I was using Avast but having just re installed Windows I'm thinking maybe NOD32 will be better? I'm also thinking of resources and hit on peak performance Avast might have compared to NOD32?
 
Just to pipe up in defence of ESET and Nod32...when I first went to Vista on my old rig it kept bluescreening - they sent over a few custom builds for me to try before identifying what the problem was and rolling it into the mainline version.

Don't think I've ever recieved support like that. That said, it's pretty dire what's happened over the last couple of weeks with the upgrade to 4 and now this.
 
Duke said:
'Loads of problems' for you maybe, I think most people managed to install the new version fine. There was an issue with updating, although I'm not sure if it was just overloaded or something.
Click to expand...
I would have said the update servers not working on the release date of v4 counts as a problem. And there were a fair few threads on the Wilder Security forums. ;)
 
You must log in or register to reply here.
Back
Top Bottom