Why ESET NOD32 Is the Worst Antivirus and Why You Should Never Use It

Dear users of LetsExtract Email Studio,

As many of you know, our product has been around for more than a decade. Over the years, we’ve consistently strived to improve it and make it more valuable for you. However, recently we encountered a glaring issue that we feel compelled to discuss publicly.

You’re of course familiar with antivirus software. The very first antivirus programs appeared in the late 1980s, when the rapid spread of viruses coincided with the explosion of PC usage. Since then, antivirus solutions have become a crucial component in protecting any device.

The core approach of antivirus software is to detect known threats by matching file signatures (such as hashes or byte patterns), while also using heuristic analysis to spot new, previously unseen threats by identifying suspicious behaviors in files or programs.

These programs genuinely serve to keep your computer safe. However, there is a flip side: false positives. As I mentioned above, antivirus software compares files, their hashes, or scans for byte sequences it recognizes as threats within a file. If it finds a match, the antivirus will quarantine or delete the file and notify the user.

False positives

The problem is false positives—cases where an antivirus mistakenly flags a harmless file as malicious, disrupting your ability to use perfectly safe software. To address this, most antivirus companies provide a way to contact them so that legitimate developers can resolve any misunderstandings and get their products whitelisted. Here you can find an example of such contact information: https://gist.github.com/skmedix/6cdce9d6d3b464c1bd719b72d1f6bce4

Part 1

In early April 2025, we discovered that ESET NOD32 and a number of other antiviruses leveraging its detection database began flagging the LetsExtract Email Studio executable as a Trojan. Specifically, ESET NOD32 identified the program as ‘A Variant Of MSIL/Monitor.Sprut.A’, preventing our users from launching the application.

Naturally, we immediately reached out to the antivirus vendors, sending nearly ten emails.

All the companies responded—except for ESET. After waiting a while, we followed up, again and again: in total, we sent seven emails to samples@eset.com and also posted our issue on their forum.

And… we have yet to receive any response whatsoever! Incredible, isn’t it? And this is precisely why you, our paying customers, are unable to use LetsExtract Email Studio—simply because ESET NOD32 seems unwilling to read emails and properly do its job.

And here is ESET NOD32’s “responses” (just auto-replies):

Part 2

At this point, we continued to believe that the ESET team had simply made a mistake or didn’t grasp the situation. I mean, flagging an email marketing tool like LetsExtract Email Studio as a variant of SPRUT? We thought perhaps they just didn’t have the time to carefully investigate, so we decided to give them a concrete demonstration.

We created a ‘Hello World’ application using VB.NET (WinForms) that simply displays a message when Button1 is clicked. Here’s the code:

We then uploaded this to VirusTotal: https://www.virustotal.com/gui/file/3a67a7385820ddb6a92fb0d3031c25e788e86b96286848e693993e466f2559a2

As expected, the program did absolutely nothing except show a message box—there’s no possible way it could be considered harmful. Yet, there were still some detections (obviously false positives), although only from obscure antivirus products which are easy to dismiss:

Next, we signed this simple program with our code signing certificate.

By the way, this is an Extended Validation certificate issued to an actual company—KOLIBRI LLC—by GlobalSign. It isn’t easy to obtain: our company underwent strict vetting and we pay GlobalSign $690/year for this certificate. We do all this to make things easier and safer for our users.

So, after signing, we checked the file on VirusTotal again: https://www.virustotal.com/gui/file/1ef600d07cf823d3c3d30c4b3abb6365d3ee6076e82db1b57f3be7dbc42207ea

Bingo! ESET NOD32 now detected this basic Hello World app as “A Variant Of MSIL/Monitor.Sprut.A”:

So, should you continue to trust the results returned by ESET NOD32? Let us know what you think in the comments below.

Conclusion

If you’re as unlucky as I was, they’ll add your digital signature certificate to their database, and every executable file you sign will automatically get flagged as a trojan. Then, within 12–24 hours, all the other antivirus vendors that share databases will pick up your signature, and your program will get hit by even more false positives. In another 24 hours, browsers like Chrome will start blocking your downloads, and just like that, you’re out of business.

What happens if you write to them and try to point out their mistake? Absolutely nothing. They’ll just ignore you. Your topic on their forum will be closed right away, and if you post on a site like Reddit, the automatic filter will catch it. You have zero chance of actually reaching them, and ultimately you’ll end up endlessly writing to VirusTotal, reaching out to every minor antivirus company to get whitelisted, explaining everything to your users, and wasting hundreds of hours trying to fix a problem that isn’t your fault.

Here’s a direct download link to the file:

https://letsextract.com/LetsExtract7Setup.exe

Hey ESET, maybe you’ll hear me this time?