safety 2 Posted October 31, 2022 Share Posted October 31, 2022 (edited) Dear colleagues, Today there are multiple detections in different reports about the detection: ie4uinit.exe - A Variant Of Win64/GenKryptik.GBRX. (file added to the application - pass infected). Please clarify - is the detection correct or is it a false positive? https://www.virustotal.com/gui/file/62c6492b6af245ab3dd63413b6587abaf4822beebe0f00e5dba77c1fa750cbdb?nocache=1 ie4uinit.zip Edited October 31, 2022 by safety Link to comment Share on other sites More sharing options...
safety 2 Posted October 31, 2022 Author Share Posted October 31, 2022 Thanks, Tech Support replied - this is a false positive. Fixed in new update. Link to comment Share on other sites More sharing options...
GloopyFlop 0 Posted December 23, 2022 Share Posted December 23, 2022 Has this been resolved? my builds in Visual Studio 2022 has been working fine then suddenly today my exes get flagged by ESET. when I build, the exe file appears to be truncated to 0b and then I get the ESET flag and it deletes the EXE. not sure why it should just suddenly start doing this when I am working same source (versioned) anyone else getting this? Thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 4,707 Posted December 23, 2022 Administrators Share Posted December 23, 2022 5 hours ago, GloopyFlop said: Has this been resolved? The detection was removed on October 31, 2022. Please make sure that you have the modules updated. Link to comment Share on other sites More sharing options...
GloopyFlop 0 Posted January 4 Share Posted January 4 Hi there, this is still a problem; I raised a subsequent issue but havent seen it approved yet. that gave more details. Today I reverted back to some very old code and this compiled ok. then as I started building on the code, I hit the same problem. Here's code snippet that causes the virus detection frm ESET (as it seems random, you dont need to understand the context, more note the next step of commenting out most of it): //------------------------------------------------------------------------------ public static bool readScheduleFile(string profileName, int portnum, ref string profileData) { var fd = FileIO.fullProfileDescriptor(profileName, portnum, FileIO.dontCreate); var sr = new StreamReader(fd); Schedule tmpSched = new Schedule(); reset(0); while (!sr.EndOfStream) { profileData = sr.ReadLine(); if (profileData == null) Console.WriteLine("Exception: Filename"); else { string[] result = profileData.Split('|'); Console.WriteLine(profileData); } } return false; } //-------------------------------------------------------------- and here I comment everything out of body and it builds ok //------------------------------------------------------------------------------ public static bool readScheduleFile(string profileName, int portnum, ref string profileData) { //var fd = FileIO.fullProfileDescriptor(profileName, portnum, FileIO.dontCreate); //var sr = new StreamReader(fd); //Schedule tmpSched = new Schedule(); //reset(0); //while (!sr.EndOfStream) //{ // profileData = sr.ReadLine(); // if (profileData == null) // Console.WriteLine("Exception: Filename"); // else // { // string[] result = profileData.Split('|'); // Console.WriteLine(profileData); // } //} //return false; } What happens is imediately after the build, ESET kicks in and deletes the .EXE before visual studio can run it. It is not only that code, tehre doesnt seem to be any pattern; by selectively commenting out code I get to buikld and run with no issue, then uncomment and I get the issue, any thoughts please? Link to comment Share on other sites More sharing options...
itman 1,541 Posted January 4 Share Posted January 4 13 hours ago, GloopyFlop said: any thoughts please? Do as I posted here: https://forum.eset.com/topic/34984-visual-studio-c-builds-now-consistently-have-exe-intercepted-and-deleted-by-eset/?do=findComment&comment=161201 Link to comment Share on other sites More sharing options...
Recommended Posts