Jump to content

notanotherdisplayname24get

Members
  • Posts

    10
  • Joined

  • Last visited

About notanotherdisplayname24get

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    U.K.
  1. Hi Marcus - just found another copy of my original file and managed to get Eset to ignore the path it was in so I could zip it up. Sent via PM as originally requested. Hopefully you can now tell me for sure it's a false positive!
  2. Marcus - was there any news on whether this was a false positive or not? (Did you even get the file in the end?)
  3. Marcus - Have tried resending from quarantine as can't see any way of getting it to stay outside quarantine long enough to send as a PM before eset puts it back into quarantine. Hopefully will be in your ticketing queue by tomorrow.
  4. Marcus - can't find a way of extracting it from quarantine to send - other than right clicking and send for analysis, which I did, but from your previous msg seems not to have reached your system? Any suggestions on how to send via PM - sorry if I'm being dim here! itman - thanks, but as I said, the file didn't come via email. It was downloaded from a totally legit source (a private forum with only a few members within the board it was posted to) and is an internal PDF document that was created by one of those few forum members. Only they should have access to it, so defo not a phishing email!
  5. Quarantine so well hidden, and the fact that it said deleted rather than quarantined made me think there was nothing left on my computer! But found - and submitted. Thanks - can you let me know if it is a false positive please.
  6. My colleague only has an older version of the file (and originally it was just a word file - sent in error to samples at - sorry - please ignore that one!). I'll see if any of my other colleagues has that particular one now I'm pretty sure it's a false positive and send if I can get them to send it to me (assuming eset will allow it to be forwarded...)
  7. Well that's part of the problem. Eset would only clean by deletion - so I have no copies left on my system. Am asking if a colleague still has a copy left on his system - if so I'll send to samples at eset
  8. Many thanks for the suggestion itman. But I suspect it isn't that. As the PDF was uploaded as a direct attachment to our forum for our members to then download. So no email links involved! Eset was querying the file itself not any link to it. Has anyone got any info on what the PDF/Phishing.A.Gen threat is (particularly when it's not an email link to a file but the file itself)
  9. Errm, except, as I said, the only option it gave me was delete. So as it initially seemed dangerous, that was all I could do. And so did! Which means I don't have a copy of the file... Doh... So I guess there's nothing I can do without that, other than.... ...ask again what the Phishing.Gen.A threat is. (I couldn't find it on the threat list on the Eset site. It doesn't seem high risk to me, but before I demote it to not worth worrying others (on the forum that held the file) about I'd really like to know a bit more about the threat to make a sensible decision on that. And there seems to be very little anywhere online about it.)
  10. Hi, Eset got all excited about about a file on my system when moving some old data around yesterday. Which, if it is a trojan threat, means I need to let a few others who will have downloaded the same file know. But... I rather suspect it's a false positive. Can anyone help please? The file in question is one that I downloaded from a private forum (which I run, although I wasn't the one to create the file or upload it to the forum) and is an PDF document with rules of our organisation. It's been on my system (and the forum - and presumably a sizeable subset of the forum's member's computers) for the last 18 months without any issue until yesterday. Detection only gave me the option of deleting the file, so I cannot submit for analysis, but the malware allegedly found was PDF/Phishing.A.Gen trojan (see screenshot snippet attached below of the error message - this one from checking the forum where the original was held - forum webaddy obfuscated for reasons of confidentiality). Now given the amount of time involved since the file was downloaded, and the fact that neither ESS9 nor malwarebytes finds anything else on my computer - nor has anyone else reported any issues - and the nature of the content of the file, it seems very unlikely that this is a real positive. Before I start to worry all others who may be affected by this into wasting as much time as I have myself on something that I suspect isn't an issue, is there any way of confirming a) what a PDF/Phishing.A.Gen trojan is (it doesn't have a definition in the ESET threat database info - as far as I can see...) and b) if it really is an issue, or as I now suspect, just a false positive. Many thanks in advance for your help.
×
×
  • Create New...