ESET Anti Virus - false positive?

A SQL Server Management Studio add-in to source control your database in Subversion or Team Foundation Server.

ESET Anti Virus - false positive?

Postby HeavenCore » Thu Apr 17, 2014 2:20 pm

Not sure if ESET have released a bad definition update, but its just nuked half of my SQL Source Control binaries:

Code: Select all
17/04/2014 13:58:42   Startup scanner   file   Operating memory » C:\\Program Files (x86)\\Red Gate\\SQL Source Control 3\\RedGate.SQLSourceControl.Engine.SrcC.Tfs.PolicyChecker.dll   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined      
17/04/2014 13:58:41   Startup scanner   file   Operating memory » C:\\Program Files (x86)\\Red Gate\\SQL Source Control 3\\RedGate.SQLSourceControl.Engine.SrcC.TFS2010.dll   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined      
17/04/2014 13:58:05   Startup scanner   file   Operating memory » C:\\Program Files (x86)\\Red Gate\\SQL Source Control 3\\RedGate.SQLSourceControl.Engine.SrcC.TFS2008.dll   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting (after the next restart) - quarantined      
17/04/2014 13:57:57   Startup scanner   file   Operating memory » C:\\Program Files (x86)\\Red Gate\\SQL Source Control 3\\RedGate.SQLSourceControl.Engine.SrcC.TFS2005.dll   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting (after the next restart) - quarantined      
17/04/2014 13:57:54   Startup scanner   file   Operating memory » C:\\Program Files (x86)\\Red Gate\\SQL Source Control 3\\RedGate.SQLSourceControl.Engine.SrcC.TFS2012.dll   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting (after the next restart) - quarantined      
17/04/2014 13:57:50   Startup scanner   file   Operating memory » C:\\Program Files (x86)\\Red Gate\\SQL Source Control 3\\RedGate.SQLSourceControl.Engine.SrcC.VaultStandard.dll   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting (after the next restart) - quarantined      
17/04/2014 13:57:48   Startup scanner   file   Operating memory » C:\\Program Files (x86)\\Red Gate\\SQL Source Control 3\\RedGate.SQLSourceControl.Engine.SrcC.Svn.dll   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting (after the next restart) - quarantined      
17/04/2014 13:57:46   Startup scanner   file   Operating memory » C:\\Program Files (x86)\\Red Gate\\SQL Source Control 3\\RedGate.SQLSourceControl.AtomicIO.dll   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting (after the next restart) - quarantined      
17/04/2014 13:57:43   Startup scanner   file   Operating memory » C:\\Program Files (x86)\\Red Gate\\SQL Source Control 3\\RedGate.SQLSourceControl.Engine.Utils.dll   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting (after the next restart) - quarantined      
17/04/2014 13:57:06   Startup scanner   file   Operating memory » C:\\Program Files (x86)\\Red Gate\\SQL Source Control 3\\RedGate.SQLSourceControl.Engine.Model.dll   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting (after the next restart) - quarantined      
17/04/2014 13:55:05   Startup scanner   file   Operating memory » C:\\Program Files (x86)\\Red Gate\\SQL Source Control 3\\RedGate.SQLSourceControl.Engine.ExtensionMethods.dll   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting (after the next restart) - quarantined      
17/04/2014 13:53:05   Startup scanner   file   Operating memory » C:\\Program Files (x86)\\Red Gate\\SQL Source Control 3\\RedGate.SQLSourceControl.Engine.Logging.dll   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting (after the next restart) - quarantined      
17/04/2014 13:51:04   Startup scanner   file   Operating memory » C:\\Program Files (x86)\\Red Gate\\SQL Source Control 3\\RedGate.SQLSourceControl.MasterComAddIn4.dll   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting (after the next restart) - quarantined      


I was able to restore them from Quarantine and added them as an excluded folder but just thought id share this with you guys.

Also, when I attempted it install the latest update, it deleted half of the MSI files as the install was in progress:

Code: Select all
17/04/2014 14:09:43   Real-time file system protection   file   C:\\Config.Msi\\92bcb.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:43   Real-time file system protection   file   C:\\Config.Msi\\92bc6.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:42   Real-time file system protection   file   C:\\Config.Msi\\92bc5.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:42   Real-time file system protection   file   C:\\Config.Msi\\92bc4.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:41   Real-time file system protection   file   C:\\Config.Msi\\92bc3.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:41   Real-time file system protection   file   C:\\Config.Msi\\92bc2.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:41   Real-time file system protection   file   C:\\Config.Msi\\92bc1.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:40   Real-time file system protection   file   C:\\Config.Msi\\92bc0.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:40   Real-time file system protection   file   C:\\Config.Msi\\92bbe.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:39   Real-time file system protection   file   C:\\Config.Msi\\92bbd.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:39   Real-time file system protection   file   C:\\Config.Msi\\92bbc.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:38   Real-time file system protection   file   C:\\Config.Msi\\92bbb.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:38   Real-time file system protection   file   C:\\Config.Msi\\92bb9.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:37   Real-time file system protection   file   C:\\Config.Msi\\92bb7.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:37   Real-time file system protection   file   C:\\Config.Msi\\92bb6.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:37   Real-time file system protection   file   C:\\Config.Msi\\92bb5.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:36   Real-time file system protection   file   C:\\Config.Msi\\92bb4.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:36   Real-time file system protection   file   C:\\Config.Msi\\92bb3.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:35   Real-time file system protection   file   C:\\Config.Msi\\92bb2.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:35   Real-time file system protection   file   C:\\Config.Msi\\92bb1.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:34   Real-time file system protection   file   C:\\Config.Msi\\92bb0.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:34   Real-time file system protection   file   C:\\Config.Msi\\92bae.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:34   Real-time file system protection   file   C:\\Config.Msi\\92bad.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:33   Real-time file system protection   file   C:\\Config.Msi\\92bac.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:33   Real-time file system protection   file   C:\\Config.Msi\\92bab.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:32   Real-time file system protection   file   C:\\Config.Msi\\92ba9.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:32   Real-time file system protection   file   C:\\Config.Msi\\92ba8.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.
17/04/2014 14:09:31   Real-time file system protection   file   C:\\Config.Msi\\92ba7.rbf   a variant of MSIL/TrojanDownloader.Agent.RF trojan   cleaned by deleting - quarantined   NT AUTHORITY\\SYSTEM   Event occurred on a file modified by the application: C:\\Windows\\System32\\msiexec.exe.


Edit: I have sent the dll's in question to eset for review - they've replied saying they hope to have a revised definition update soon.
HeavenCore
 
Posts: 10
Joined: Fri Jul 08, 2011 11:13 am

Postby james.billings » Mon Apr 21, 2014 10:09 am

Yep, we spotted this late last week and also followed up with ESET- you should be able to update your virus signatures and then re-install.

Apologies for the inconvenience!
james.billings
 
Posts: 1120
Joined: Wed Jun 16, 2010 11:10 am
Location: Red Gate


Return to SQL Source Control 3

Who is online

Users browsing this forum: Google [Bot] and 0 guests