AVG finding viruses

[Marion Waine]

Hi

This morning two of the PTE exe files from the competition I am running have been picked up by the AVG Resident Shield alert as having the Trojan horse BackDoor.Hupigon5.ARYN virus. I scanned them before I put them on the machine and they were fine, I opened the folder last night and it didn't pick them up then. In the past AVG has removed exe files with 'viruses' which weren't. I am assuming this is the case here?

Marion

[Ken Cox]

MARION

DISABLE THE RESIDENT SHIELD ASAP

PLEASE SUPPLY THE FORUM

ALL INFO ON YOUR VERSION OF AVG

DO YOU KNOW WHAT VERSION OF PTE MADE THE SHOWS

my avg specs are

virus db =271.1/2728

avg ver = 9.0.733

I HAVE ASST EXE'S that i keep for testing and they test ok

also see

http://www.picturestoexe.com/forums/index.php?showtopic=8165&pid=51457&st=0entry51457

ken

[Marion Waine]

Hi Ken

Sorry, I don't know the version they are made on as they are competition entries, I would assume it would be a version of PTE6 as they are from two of Britain's top workers. - I have moved them to the virus vault for now and updated AVG (free version) which is now 9.0.733 the Virus db is 271.1.1/2728 - I then inserted the CD I received with one on and it still finds the virus.

Marion

MARION

DISABLE THE RESIDENT SHIELD ASAP

PLEASE SUPPLY THE FORUM

ALL INFO ON YOUR VERSION OF AVG

DO YOU KNOW WHAT VERSION OF PTE MADE THE SHOWS

my avg specs are

virus db =271.1/2728

avg ver = 9.0.733

I HAVE ASST EXE'S that i keep for testing and they test ok

also see

http://www.picturestoexe.com/forums/index.php?showtopic=8165&pid=51457&st=0entry51457

ken

[Marion Waine]

Hi again

Meant to say that I think the AV's were made last year as one was entered into the Nationals. I did try to contact AVG but couldn't find a direct route as it's the free version I am using!

Marion

[Ken Cox]

^MARION

^{YOU MUST DISABLE THE RESIDENT SHIELD ASAP}

^{DO YOU HAVE ANOTHER COMPUTER YOU CHECK THE CD ON WITH ANOTHER AV PROGRAM}

^{CAN YOU PUT THEM UP TO MEDIAFIRE IN ZIPS AND THEN WE CAN VERIFY THEM}

^{AS LONG AS THE RESIDENT SHIELD IS ACTIVE YOU WILL NOT BE ABLE TO RUN THEM - -YOU MAY NNOT EVEN BE ABLE TO UPLOAD THEM WITH IT ACTIVE}

^{I LOST TOO MANY EXE'S TO COUNT WHEN AVG PUT THEM IN THE VAULT -- THEY WOULD PLAY NO MORE}

^KEN

[Marion Waine]

Hi Ken

Sorry, I don't know the version they are made on as they are competition entries, I would assume it would be a version of PTE6 as they are from two of Britain's top workers. - I have moved them to the virus vault for now and updated AVG (free version) which is now 9.0.733 the Virus db is 271.1.1/2728 - I then inserted the CD I received with one on and it still finds the virus.

Marion

MARION

DISABLE THE RESIDENT SHIELD ASAP

PLEASE SUPPLY THE FORUM

ALL INFO ON YOUR VERSION OF AVG

DO YOU KNOW WHAT VERSION OF PTE MADE THE SHOWS

my avg specs are

virus db =271.1/2728

avg ver = 9.0.733

I HAVE ASST EXE'S that i keep for testing and they test ok

also see

http://www.picturestoexe.com/forums/index.php?showtopic=8165&pid=51457&st=0entry51457

ken

[Ken Cox]

YOU MUST DISABLE THE RESIDENT SHIELD ASAP

can you contact the owners and advise them of the predicament

think you are typing as i am typing as you are not answering all my questions

ken

[Marion Waine]

Hi

Sorry I added the reply twice!

I have spoken to one of the authors and it's version 4.48 if that helps!

Marion

[Ken Cox]

yes we had some false positives with that version as i recall

I have advised Igor and the other moderartors who i have working email addies of the situation - generally Igor can get AVG to rectify their data base within a day

i will check my 4.48 shows and get back to forum

ken

[Ken Cox]

YES MY VER 4.8 IS SHOWING A VIRUS WITH CURRENT AVG DATABASE

I CLICKED IGNORE BUT STILL WOULD NOT PLAY

DISABLED RESIDENT SHIELD AND SAME EXE NOW PLAYS

KEN

[Marion Waine]

Hi Ken

Thanks for your help Ken, I will keep updating the Virus data base and testing a sequence until it is fixed!

Marion

[Ken Cox]

4.42 TESTED FINE WITH RESIDENT SHIELD ENABLED [CALENDAR COLLECTION]

4.49 FILE TESTED OK WITH RESIDENT SHIELD ENABLED [FILE NAME 50TH FULL SIZE 4]

KEN

[nobeefstu]

Marion,

Have you Disabled your AVG as Ken suggested ?

I dont have AVG to tell you how to proceed to do so.

Possible Fix:

If it is a Version 6 executable file and you have some safe zone (drive or folders excluded from AVG) ... you could try whats called decompress or unpack of the executable. Unpacking the executable file sometimes resolves false positives due to file compression.

PTE v6 now packs its executables using a UPX packer ... and on occasions many virus protections read this packing as a possible rogue till their definitions are sorted out and updated. Older PTE version executables are compressed or packed using ASPack and not UPX. ASPack is not open source and is not unpacked in the same method.

How to Unpack or Decompress using UPX :

Create a Bat File :

1. Create a Bat file using notepad and name it Upx unpack.bat

2. Enter this text string value using notepad into the Bat file :

upx -d upx.exe "yourname slideshow.exe" **Use your exe filename inside the quotes.

3. Save the file.

Decompress the File :

1. Create a new folder in your PCs safe zone (drive or folders excluded from AVG or protection)

2. Copy the UPX.exe from PTE's All\Components\UPX folder to the new safe zone folder.

3. Copy the PTE show executable to the new safe zone folder.

4. Copy the Upx unpack.bat to the new safe zone folder.

5. Run or double-click the Upx unpack.bat file

6. If the Slideshow.exe is a version 6 file ... it will then be decompressed or unpacked in a matter of seconds depending on its size.

7. Copy the now decompressed or unpacked Slideshow.exe into your Protected Zone or drive and verify its acceptance.

Please Note : Some users may find this procedure too complicated and extensive ... but it has worked for me on many occasions and not just for PTE executables when testing for false positives due to file compression.

** If you already have the right compression/decompression tools ... its real easy and fast and dont have to go thru the above method..

See layout image:

[Ken Cox]

STU

it is a 4.48 show

avg will not allow you to do anything with the file till you disable resident shield

from the avg gui

components

resident shield

bottom of screen

disable

save

there will not likely be a fix for a couple days by avg -- it is the weekend

Igor will have to exercise some muscle:)

[nobeefstu]

Thanks Ken,

Since the file is a version 448 ... it could possibly be fixed by updating it with the v449 patch tool.

It will fix the bug issue associated with v440-448 versions as described below

------

As mentioned by Igor some time ago:

We decided update old version 4.xx of PicturesToExe because it contained unplesant bug. Slideshows with music/sounds can't exit by Esc key or at end of a show under Windows Vista on dual-core CPU based PCs.

Also we prepared special utility which patches EXE file of slideshows created with old versions from 4.40 to 4.48 and it updates slideshow's engine to version 4.49 and solves this bug:

http://www.wnsoft.com/apr/pte449patch.zip (400 KB)

This utility automatically recognizes EXE files and will not modify already patched EXE files or more new 5.00 slideshow where there is no problem.

We apologize for this problem.

-----

Applying the 449 patch tool may resolve the current AVG issue.

[Ken Cox]

Stu

i think she will still need to disable the resident shield to do anything - am surprised she was able to transfer them from the cd

and i believe she has the exe and not the whole package

so she cant run patch - the author has to

ken

[nobeefstu]

Ken,

I believe any user can apply the v449 patch to the v440-448 exe(s). The patch applies to the slideshow exe file and the .pte project file is not required.

Ive never had to use the 449 patch myself .... only sure way to see if the patch resolves the AVG issue is to actually test by applying the patch.

First as you say ...the user has to have AVG disabled or some safe zone to apply it to the slideshow.

[Ken Cox]

Stu et al tried the patch on my test file [D:\P2E SHOWS - d 1pictures WORKING FOLDER\1_TOUR 2003 COPY]

patch came back with message unable to open file

also avg gave warning it was a virus -- disabled avg resident shield

patch reply

Aptching file: D:\P2E SHOWS - d 1pictures WORKING FOLDER\1_TOUR 2003 COPY\TOUR_2003_DVD_rev 448.exe

unsupported file

so

shut patch down and restarted it - same error message

so then i opened the original 4.48 version with 4.49 saveas and created as with new names - enabled the resident shield and tested the 4.49 exe ok

but the patch would not fix the 4.48 ver

this brings up another point re file names -- if i had not named these files as i did it would be a challenge to find out what i made this show with as the original was started with ver 4.2 in nov 2003

ken

ken

[Ken Cox]

further to the above

until this avg database is repaired i suspect if you run a spybot scan or similar, whenever it checks the exe's it will cause AVG to kick in telling you that you have a virus

ken

[Marion Waine]

Hi

I tried the CD again late last night (I am trying to play the sequence directly from the CD so didn't try copying it onto the PC as mentioned by Ken) - it worked - no virus. I then discovered that the sequences I had placed in the virus vault had been returned to their original folder. I haven't played them fully but they start ok. I always have the Resident Shield set to 'Ask me before removing threats' so at least I have control.

Thanks to everyone for all the help getting it sorted.

Marion

[Ken Cox]

Marion

glad you have things under control, and glad to hear you were able to recover from the vault - they must have changed things because years ago when it happened to me I was not able to use the exe's and had to remake them. On other occasions members have suffered the same as me. It is no big deal as long as you have all the components to remake the exe.

ken

[Ken Cox]

update on AVG this morning I updated the database of AVG - regular daily updateGrisoft AVG Ver.9.0 bld. 733/Virus Database: 271.1.1/2732 UPDATED March 9, 2010

I tested my 448 show and it tested ok

so I went further and started my #2 system and updated AVG as above - this system is used to test updates etc. - the ms and anti virus updates are all current - same will not run Ver 6 PTE - not enough horsepower

checked system for a copy of 448 -- not there, so transferred a copy of 448 zip over the network

PicturesToExe v4.48 (March 28, 2006)

there is a working copy of 449 on the system [ no 449 patch on system]but the problem was with 4.48 so stayed with it

installed 448 and opened a 442 show and saved it as a 448 show

ran AVG tested fine

It would be interesting if Marion would update her database - put her security back to normal and see if every thing is ok

also Barry should inform his crew of my findings

ken

[Antbrewer]

Regarding the fact that AVG seems to block everything it can my way around this issue when I had a problem was to reconfigure the Resident Shield using 'Manage exceptions' (on the Resident Shield window) . I instructed it to ignore all Exe files and their paths. This stopped the wretched software from scanning the whole file everytime I opened any new one or the long list of existing exe fles in my folder on my computer.

I have done this on both this laptop using AVG 9 free and on my desktop using AVG 9 licenced. I (dare I say this?) have not had a problem since.

Anthony

[Ken Cox]

Anthony

IMHO

i think that is kind of dangerous -- i would rather know of a possible problem and try and resolve the issue or let others know so they can have a look as well to assist AND PROVIDE FEEDBACK on the issue

this has been going on for a number of years

a bit from my AVG PTE log

BARRY'S LAKESIDE SHOW IS SHOWING A THREAT - SAME AS LAST TIME

that show was from my nov 2005 archive file

Grisoft AVG Ver.: 7.5.485/Virus Database: 269. 13.16 1004 UPDATED Sept. 12 07

also

Grisoft AVG Ver.: 7.5.485/Virus Database: 269. 13.16 1005 UPDATED Sept. 13 07

Showing Barry's show as threat

http://www.picturestoexe.com/forums/index....c=7192&st=0

peru and kula shows test clean

and another slide show from ver 4.30 tests clean

ken

Igor Quote

AVG mistakenly marked EXE files created with old version 4.40 as a virus. Of course, no viruses there.

I'll contact to AVG to ask them fix this problem.

　

　

Thursday, August 16, 2007

Grisoft AVG Ver.: 7.5.476/Virus Database: 268. 0.0 9.53

UPDATED Aug 14 07 showing false on barry beckham’s sept 2005 lakeside – in nov 2005 dl dvD as well as many others on the nov 2005

DVD

Grisoft AVG Ver.: 7.5.484/Virus Database: 269. 12.0 957 UPDATED Aug 16 07 -reinstalled

http://www.picturestoexe.com/forums/index.php?s=&showtopic=7192&view=findpost&p=44878

http://www.picturestoexe.com/forums/index.php?s=&showtopic=5434&view=findpost&p=36212

Ver. 3.60 pte

false virus on p2e AVG.

Grisoft AVG Ver.: 7.0.344/Virus Database:267. 11.13/124 Release Oct 7 /2005 – and unable to restore

　

http://www.picturestoexe.com/forums/index.php?showtopic=3681

so the bottom line is the sooner we are aware of the problem the sooner Igor can get after the supplier --

ken

[Antbrewer]

Hi Ken,

Seemingly nothing dangerous about bypassing AVG scanning items known to be virus free. The software allows for those eclusions and and who wants to wait ages before one can open a safe file. My Resident Shield is operating all the time for everything else thrown at it.

We may be talking at cross purposes here?

However I appreciate your thoughts.

Anthony