NOD32 false positive today

On May 22, 2008, in news, by

Nod32 is throwing off a false positive and you may need to hard reboot afterwards.

 acrobatfnp.dll virus – Suprbay Forum:

ESET NOD32 Antivirus Forum – Wilders Security Forums:

5/22/2008 8:42:24 AM    Real-time file system protection    file    C:\PROGRAM FILES\ADOBE\ACROBAT 8.0\ACROBAT\ACROBATFNP.DLL    probably a variant of Unknown virus        NT AUTHORITY\SYSTEM    Event occurred during an attempt to run the file by the application: C:\Windows\System32\svchost.exe.

(There might be those in the audience that consider Adobe a virus and agree with NOD32…but….)


Wilders Security Forums – View Single Post – Today’s blunder – Official fix/apology/reassurances??:


we are very sorry for the problems you have experienced with one of the recent updates. The root of the problem was a problematic section in the code that emerged just recently. It was not a typical false positive, such as a wrong signature or heuristics triggering an alarm on benign files. I can assure you that we do make tests before releasing updates to prevent false positives from occuring. In this case, the alarm was triggered under specific circumstances varying from computer to computer (ie. a specific file flagged on one computer was not flagged on each other). Right now we are preparing a knowledge base article concerning this issue. Those who are experiencing problems should follow these instructions:

– restart the computer in Safe mode (press F8 several times before the Windows logo appears)
– delete the file C:\Program Files\ESET\ESET Smart Security\em002_32.dat
– delete the folder C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Updfiles or If you have Windows Vista delete the folder C:\Users\All Users\ESET\ESET Smart Security\Updfiles
– delete all files in the folder C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Charon\ or
– restart the computer
– start Windows in normal mode and update ESET Smart Security/ESET NOD32 Antivirus by hitting the button „Update virus signature database“

Note: Windows Vista uses the folder “Users” instead of “Documents and Settings”


3 Responses to NOD32 false positive today

  1. Necastivi says:

    Thank you, i was already crazy today, on my laptop everything is ok, but desktop is going nuts.
    Assassin’s Creeddx10 and dx9 (legal copy 🙂 ) Nero and some other appz, all false, and even cant put it on exclude list.
    Ty once again.

  2. John says:

    Here is a KB article discussing what is impacted and how to resolve this issue.


  3. Robert M says:


    Thanks so much for posting this!!!!

    Oddly, I only had 1 workstation that experienced this problem (all of the workstations have the adobe products and the ESET NOD) – This prevented me from suspecting the antivirus.

    I came in yesterday morning and this workstation was frozen. I did a hard reboot and it froze at the “Applying Computer Settings” screen. 🙁

    All day, I was troubleshooting the myriad of issues that can cause the computer to freeze there – DNS, network card drivers, etc.

    I left late last night content on having to reinstall the workstation today.

    Thankfully, I decided to read your site before diving into this.

    Thanks again.