Shoutbox

quote:

---

Originally posted by Kafman
Looks like ESET added the sponsor as a malware to their signatures.

---

Which sponsor though? 3.85 comes with a Conduit toolbar, or in some cases Ask.com... cidhelp refers to the old sponsor which hasn't been used for quite a while.

All Plus! versions dating back to version 4.50 seem to be blocked by NOD32 now (since Update 5306 (20100723). Versions older than that are not labeled with CiDHelp. In the past NOD would only block the old (pre v4.80) sponsor when you actually install the sponsor.

But blocking any Plus! version newer than 4.81 just doesn't make sense at all, the CiD sponsor isn't used in those versions at all. The newer Plus! versions either use Conduit (community toolbar) or As.com (search engine) as a sponsor. Neither are adware, no antivirus inditifies it as being that, even NOD agrees on that...
Conduit: http://www.virustotal.com/analisis/c640cae328d651...92dbbf1-1280051763
Ask.com: http://www.virustotal.com/analisis/d029c34dd469a3...7669945-1280051389

Additionally none of the newer versions are blocked by any other scanner:
4.85: http://www.virustotal.com/analisis/6231b9e65f4ea7...d78f4ee-1280051958
4.84: http://www.virustotal.com/analisis/0792c2a0ac92a4...213b359-1280052125
4.83: http://www.virustotal.com/analisis/c19739b132a269...4c42664-1280052289
4.82: http://www.virustotal.com/analisis/9e22e81f66d4d0...372a78f-1280052360
4.81: http://www.virustotal.com/analisis/ac93e570fed539...d9f5caf-1280052449

Only some of the older versions which actually *did* use a CiD adware sponsor a blocked by other scanners:
4.11: http://www.virustotal.com/analisis/8d8ca2c8b9c19d...da321ab-1280052802


If you use NOD32, download MsgPlusLive-485.exe and submit it to ESET as a false positive.

Seems ESET isn't completely sure yet either: