NIST IT Security: Printer Friendly

LAN_PRINT_135: ESET NOD32 False Positive for Kryptik.JX Causing Problems
(LAN_PRINT_86 Misc)
LAN_PRINT_94 NIST.org
Monday 09 March 2009 - 05:12:29

The ESET antivirus program NOD32 triggered a false alarm on a couple of important Windows files and quarantined them. The fix is pretty easy, simply restore them quarantine. Instructions below.

The two files caught and quarantined by NOD32 (in 2 locations so there will be four quarantined files total) are dllhost.exe and msdtc.exe (in the System32 and System32/DLLCache folders). These files are important for Windows operation and these files should be restored before rebooting if possible. The instructions below are from ESET's Website:

Win32/Kryptik.JX false positive
KB Solutions ID: SOLN2181

ESET Smart Security / ESET NOD32 Antivirus detects some windows files as a virus Win32/Kryptik.JX and moved them to quarantine.

The solution to this problem is to restore the affected files from the quarantine manually

1) Update to the latest version of virus signature database (3919 or higher)

2) Switch the display mode to Advanced - In the main ESET Smart Security / ESET NOD32 Antivirus window click on the Change button on the bottom left corner and confirm displaying Advanced mode.

3) Inside the main window choose Tools > Quarantine.

4) Mark all files detected as Win32/Kryptik.JX and press the Restore button.

The restored files will be moved back to their original location.

{BLOGME}

LAN_PRINT_303NIST IT Security
( http://www.nist.org/comment.php?comment.news.267 )