Friday, March 11, 2011

ESET Nod32 false positive on Java

Update March 16, 2011.
Argh, once again, they detect java as malware. If you have a large enterprise and every user clicks "Clean", you  have a lot of computers with damaged Java. Annoying.

Anyway, it is fixed in update 5960. It will not fix the broken java or your nerves but will stop the nagging screens.

November 9/ 2010
ESET Signature 5604 Detection of rt.jar
(can be located at C:\program files\Java\jre6\lib - in C:\program files\Java\jre6\lib\rt\javax\management)

variant of Java/Exploit.CVE-2010-0094.E trojan  -- FALSE POSITIVE on signature 5604 (Nov08)

Solution - update your virus definitions: Signature 5605 (Nov09) does not have the same problem
Virustotal for Signature 5604 (old)  
File name: MBeanServer.class
Submission date: 2010-11-09 18:05:16 (UTC)
Current status: finished
Result: 1 /43 (2.3%)
NOD32 5604 2010.11.09 a variant of Java/Exploit.CVE-2010-0094.E
Additional informationShow all 
MD5   : c3691efe701fac891496ff366fd3a65f 

If you deleted the file, you need to reinstall Java
 Signature 5605 (new)

The over-reactive signature  was made to detect the exploit described below
 Metasploit external/source/exploits/CVE-2010-0094/  


  1. hi,
    i couldn't update yet, but, i really think it's a false positive.
    it deleted an archive of a softwtare of mine, and detected the same "virus" in a backup of 8 months later...

    i hope it fixes the problem (detection false positive) in new update... cause it F#@$ed my program...

  2. Java and to some degree .Net are the main choices because they have been consistently pegged as the “safe” choice to go with for mid-level project managers in the corporate world. No one was ever fired for choosing Java or Microsoft.

    However, there are many large distributed applications these days that run primarily with technologies like Python, PHP, et al. Even companies like Google and Yahoo are heavily invested in these technologies. Java may be the main choice for enterprise development now, but it’s days are numbered as the only stalwart option to go with.

    Let’s face it, many of these so called “enterprise applications” could easily have been written much faster and with less overhead using technologies like Python, PHP, et al.

    open source training