ESET Anti Virus - false positive?
HeavenCore
Posts: 15
Not sure if ESET have released a bad definition update, but its just nuked half of my SQL Source Control binaries:
I was able to restore them from Quarantine and added them as an excluded folder but just thought id share this with you guys.
Also, when I attempted it install the latest update, it deleted half of the MSI files as the install was in progress:
Edit: I have sent the dll's in question to eset for review - they've replied saying they hope to have a revised definition update soon.
17/04/2014 13:58:42 Startup scanner file Operating memory » C:\Program Files (x86)\Red Gate\SQL Source Control 3\RedGate.SQLSourceControl.Engine.SrcC.Tfs.PolicyChecker.dll a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined 17/04/2014 13:58:41 Startup scanner file Operating memory » C:\Program Files (x86)\Red Gate\SQL Source Control 3\RedGate.SQLSourceControl.Engine.SrcC.TFS2010.dll a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined 17/04/2014 13:58:05 Startup scanner file Operating memory » C:\Program Files (x86)\Red Gate\SQL Source Control 3\RedGate.SQLSourceControl.Engine.SrcC.TFS2008.dll a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting (after the next restart) - quarantined 17/04/2014 13:57:57 Startup scanner file Operating memory » C:\Program Files (x86)\Red Gate\SQL Source Control 3\RedGate.SQLSourceControl.Engine.SrcC.TFS2005.dll a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting (after the next restart) - quarantined 17/04/2014 13:57:54 Startup scanner file Operating memory » C:\Program Files (x86)\Red Gate\SQL Source Control 3\RedGate.SQLSourceControl.Engine.SrcC.TFS2012.dll a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting (after the next restart) - quarantined 17/04/2014 13:57:50 Startup scanner file Operating memory » C:\Program Files (x86)\Red Gate\SQL Source Control 3\RedGate.SQLSourceControl.Engine.SrcC.VaultStandard.dll a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting (after the next restart) - quarantined 17/04/2014 13:57:48 Startup scanner file Operating memory » C:\Program Files (x86)\Red Gate\SQL Source Control 3\RedGate.SQLSourceControl.Engine.SrcC.Svn.dll a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting (after the next restart) - quarantined 17/04/2014 13:57:46 Startup scanner file Operating memory » C:\Program Files (x86)\Red Gate\SQL Source Control 3\RedGate.SQLSourceControl.AtomicIO.dll a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting (after the next restart) - quarantined 17/04/2014 13:57:43 Startup scanner file Operating memory » C:\Program Files (x86)\Red Gate\SQL Source Control 3\RedGate.SQLSourceControl.Engine.Utils.dll a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting (after the next restart) - quarantined 17/04/2014 13:57:06 Startup scanner file Operating memory » C:\Program Files (x86)\Red Gate\SQL Source Control 3\RedGate.SQLSourceControl.Engine.Model.dll a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting (after the next restart) - quarantined 17/04/2014 13:55:05 Startup scanner file Operating memory » C:\Program Files (x86)\Red Gate\SQL Source Control 3\RedGate.SQLSourceControl.Engine.ExtensionMethods.dll a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting (after the next restart) - quarantined 17/04/2014 13:53:05 Startup scanner file Operating memory » C:\Program Files (x86)\Red Gate\SQL Source Control 3\RedGate.SQLSourceControl.Engine.Logging.dll a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting (after the next restart) - quarantined 17/04/2014 13:51:04 Startup scanner file Operating memory » C:\Program Files (x86)\Red Gate\SQL Source Control 3\RedGate.SQLSourceControl.MasterComAddIn4.dll a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting (after the next restart) - quarantined
I was able to restore them from Quarantine and added them as an excluded folder but just thought id share this with you guys.
Also, when I attempted it install the latest update, it deleted half of the MSI files as the install was in progress:
17/04/2014 14:09:43 Real-time file system protection file C:\Config.Msi\92bcb.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:43 Real-time file system protection file C:\Config.Msi\92bc6.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:42 Real-time file system protection file C:\Config.Msi\92bc5.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:42 Real-time file system protection file C:\Config.Msi\92bc4.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:41 Real-time file system protection file C:\Config.Msi\92bc3.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:41 Real-time file system protection file C:\Config.Msi\92bc2.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:41 Real-time file system protection file C:\Config.Msi\92bc1.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:40 Real-time file system protection file C:\Config.Msi\92bc0.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:40 Real-time file system protection file C:\Config.Msi\92bbe.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:39 Real-time file system protection file C:\Config.Msi\92bbd.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:39 Real-time file system protection file C:\Config.Msi\92bbc.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:38 Real-time file system protection file C:\Config.Msi\92bbb.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:38 Real-time file system protection file C:\Config.Msi\92bb9.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:37 Real-time file system protection file C:\Config.Msi\92bb7.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:37 Real-time file system protection file C:\Config.Msi\92bb6.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:37 Real-time file system protection file C:\Config.Msi\92bb5.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:36 Real-time file system protection file C:\Config.Msi\92bb4.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:36 Real-time file system protection file C:\Config.Msi\92bb3.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:35 Real-time file system protection file C:\Config.Msi\92bb2.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:35 Real-time file system protection file C:\Config.Msi\92bb1.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:34 Real-time file system protection file C:\Config.Msi\92bb0.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:34 Real-time file system protection file C:\Config.Msi\92bae.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:34 Real-time file system protection file C:\Config.Msi\92bad.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:33 Real-time file system protection file C:\Config.Msi\92bac.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:33 Real-time file system protection file C:\Config.Msi\92bab.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:32 Real-time file system protection file C:\Config.Msi\92ba9.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:32 Real-time file system protection file C:\Config.Msi\92ba8.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe. 17/04/2014 14:09:31 Real-time file system protection file C:\Config.Msi\92ba7.rbf a variant of MSIL/TrojanDownloader.Agent.RF trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\msiexec.exe.
Edit: I have sent the dll's in question to eset for review - they've replied saying they hope to have a revised definition update soon.
Comments
Apologies for the inconvenience!
Redgate Software