Solved Win32/NetFilter.A found by Eset

September 20, 2015 at 18:45:41
Specs: Window 10, AMD A8
My HP had a clean Malwarebytes report and now ESET has found Win32/NetFilter.A (10 instances so far). ESET is still running. I'll post when it is done.

See More: Win32/NetFilter.A found by Eset

Report •


✔ Best Answer
September 21, 2015 at 15:58:06
"Several antivirus vendors have mis-classified our network adapter as malware and we are working with them to remove this false positive"
Good news.


#1
September 20, 2015 at 19:06:14
Ok, I spotted it.

You need to install Unchecky.

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Unchec...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.


Report •

#2
September 20, 2015 at 20:38:52
I am running eset on both of my laptops. My other laptop is also showing Win64/NetFilter.A and a couple others. The only thing I have done with both computers was to hook up my new "WD My Passport Ultra" and back up the files. I also installed the software that came with the Passport on both computers. I can't think of anything else I've done with both to have the same messages on eset. Eset is still running on both.

Report •

#3
September 20, 2015 at 20:45:11
"Eset is still running on both"
Ok, that should give us the clues needed.

Report •

Related Solutions

#4
September 20, 2015 at 21:54:30
The HP computer finished. I see now that it is determining my Spotflux VPN software to be carrying the infections. After running ESET, I ran spotflux. It immediately came up that I needed to download the newest version.

ESET:

C:\Program Files (x86)\Spotflux\netfilter\driver\amd64\netfilter2.sys a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\Program Files (x86)\Spotflux\netfilter\driver\i386\netfilter2.sys a variant of Win32/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\Program Files (x86)\Spotflux\netfilter\driver-win7\amd64\netfilter2.sys a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\Program Files (x86)\Spotflux\netfilter\driver-win7\i386\netfilter2.sys a variant of Win32/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\Program Files (x86)\Spotflux\netfilter\driver-win8\amd64\netfilter2.sys a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\Program Files (x86)\Spotflux\netfilter\driver-win8\i386\netfilter2.sys a variant of Win32/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\Program Files (x86)\Spotflux\netfilter\release\win32\ProtocolFilters.dll a variant of Win32/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\Program Files (x86)\Spotflux\netfilter\release\x64\nfapi.dll a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\Program Files (x86)\Spotflux\services\nfapi.dll a variant of Win32/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\Program Files (x86)\Spotflux\services\ProtocolFilters.dll a variant of Win32/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\Users\computer\Downloads\ccsetup506.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\computer\Downloads\spotflux-3.1.5-0.exe a variant of Win64/NetFilter.A potentially unsafe application deleted - quarantined
C:\Windows\System32\drivers\netfilter2.sys a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting - quarantined


Report •

#5
September 20, 2015 at 22:07:54
Toshiba laptop eset:

C:\Users\Indy\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Indy\Downloads\Core-Temp-installer.exe Win32/Somoto.Q potentially unwanted application deleted - quarantined
C:\Users\Indy\Downloads\spotflux-3.1.3-0.exe a variant of Win64/NetFilter.A potentially unsafe application deleted - quarantined
C:\Users\Indy\Downloads\spotflux-3.2.0-0.exe a variant of Win64/NetFilter.A potentially unsafe application deleted - quarantined
C:\Windows\System32\drivers\netfilter2.sys a variant of Win32/NetFilter.A potentially unsafe application cleaned by deleting - quarantined


Report •

#6
September 20, 2015 at 22:08:27
It is strange that eset is finding this now. These feel like false positives to me... you?

Report •

#7
September 20, 2015 at 22:44:16
" false positives"
No, Unchecky would have picked on these & switched you over to Custom.
Examples.
"ccsetup415"
It is telling you, that is the version with the toolbar.
CCleaner ( This is a slim version that doesn't install the Yahoo toolbar )
http://www.freewarefiles.com/CClean...
http://www.freewarefiles.com/screen...
http://www.softpedia.com/get/Securi...
http://www.piriform.com/ccleaner/bu...

Core Temp
http://www.softpedia.com/get/Window...
Users are advised to pay attention while installing Core Temp for the following reasons:
Offers to download or install software or components (such as browser toolbars) that the program does not require to fully function

Spotflux
http://www.softpedia.com/get/Intern...
Users are advised to pay attention while installing Spotflux for the following reasons:
Displays ad banners or other types of advertising material during its runtime



Report •

#8
September 20, 2015 at 22:47:21
Wrong post, I deleted.

message edited by Johnw


Report •

#9
September 20, 2015 at 23:25:31
Well, what I do with CCleaner is do the update from the program. I do my best not to allow any "extras". As for coretemp, I dl'd that one a looong time ago and I know I've run ESET since having it on there. Why it is popping up now, I don't understand. And finally Spotflux is my VPN that I pay for a premium service. It has only one download and premium is determined when you log in. They do not have any "extras" during setup that you must unclick. So this must be internal. They advised once before (I had something pop up on a scan) that they had a partner that was part of the install (no boxes to click, it just loaded with it) that they discontinued. I've also run ESET before and nothing has popped up with Spotflux. So, I remain confused as to why now...

Report •

#10
September 20, 2015 at 23:33:19
"So, I remain confused as to why now.."
Maybe, because they are always behind or the vendor has just added the revenue raising bits.

Report •

#11
September 20, 2015 at 23:42:23
I wrote a note to support at Spotflux. I wonder what they'll have to say about this. I see notes about this on google related to the old version I had (3.1.9). Now the newer version is 3.2.0.

Report •

#12
September 21, 2015 at 15:31:09
Spotflux wrote back:

Several antivirus vendors have mis-classified our network adapter as malware and we are working with them to remove this false positive. To get past this message you must either whitelist our installer and program in your antivirus program.


Report •

#13
September 21, 2015 at 15:58:06
✔ Best Answer
"Several antivirus vendors have mis-classified our network adapter as malware and we are working with them to remove this false positive"
Good news.

Report •

#14
September 25, 2015 at 19:12:24
Sorry, it got a little busy around here this week. Thanks for your help. I've used the computer with no issues. I hope they can clear their adapter so I don't get the false positive.

Thanks for all your help on this and the other laptop mess. I appreciate it.


Report •

#15
September 26, 2015 at 01:32:34
"Thanks for all your help on this and the other laptop mess. I appreciate it"
YW.

Report •

#16
September 26, 2015 at 08:38:53
can you send me the file which is infected? m an aspiring programmer and I can detect infected files without any antivirus software. I have experience. if u send me netfilter2.sys along with two another infected files on an archive, I might be able to help you out.

Report •


Ask Question