AVG reporting a trojan horse and a virus

[potwnc]

I'm using a friend's PC so I came in through the main url - www.picturestoexe.com. AVG reported a trojan horse. I clicked on the link for the forum and AVG reported a virus. I think AVG (free edition) is quite reliable although I don't use it on my PC. Can anyone confirm whether any other anti-virus software reports anything suspicious coming in the way I did?

[Lin Evans]

It's a known problem with AVG - it happened last year and it's know as a "false positive".... AVG will have to fix it once again.

Lin

[Conflow]

GRISOFT AVG - Free Edition

BE AWARE ~ When the 'Trial Period' of this program has expired it appears as if it is 'Updating & Installing'

new Virus Definitions etc. I have mentioned this before on this Forum.

Yes, it is downloading these but it DOES NOT update your (expired) Free-Edition.

Please read their 'Documentation' and this will be confirmed.

Recently two of my Customers have lost:- A brand new XP-Pro (6 months old) and another a 2000 Pro.

Both PCs' fell victim to a 'Coolwebsearch Trojan Bundle' and both PCs' were using an expired Copy of AVG.

The Program also suffers from 'False Positives' alert activations.

To be REALLY SURE that your PC is virus free ~ Download a 'Free-Scan' of the XoftSpy Utility from

www.paretologic.com

Brian.Conflow.

[Ken Cox]

I just tested Lin's latest sno demo exe with my free avg

Grisoft AVG Ver.: 7.5.432/Virus Database: 268. 15.26 598 UPDATED Dec. 22 2006

and it passed with no problems

from my anti virus log when we had the last mix up

Monday, October 10, 2005

AVI: 267.11.14

min. AVI: 267.0.0 Added detection of new variant of I-Worm/Mytob, BackDoor.Hupigon, new variants of trojans PSW.Legendmir,PSW.Banker,PSW.Lineage. October 10, 2005 490.4 kB AVI: 267.11.14

min. AVI: 267.11.0 Added detection of new variant of I-Worm/Mytob, BackDoor.Hupigon, new variants of trojans PSW.Legendmir,PSW.Banker,PSW.Lineage. October 10, 2005 71.4 kB AVI: 267.11.14 Added detection of new variant of I-Worm/Mytob, BackDoor.Hupigon, new variants of trojans PSW.Legendmir,PSW.Banker,PSW.Lineage. October 10, 2005 5.2 MB IAVI: /127 Added detection of new variant of I-Worm/Mytob, BackDoor.Hupigon, new variants of trojans PSW.Legendmir,PSW.Banker,PSW.Lineage. October 10, 2005 716.7 kB

Monday, October 10, 2005

AVI: 267.11.14

min. AVI: 267.0.0 Added detection of new variant of I-Worm/Bagle, I-Worm/Mytob, I-Worm/Zafi. October 10, 2005 490.4 kB AVI: 267.11.14

min. AVI: 267.11.0 Added detection of new variant of I-Worm/Bagle, I-Worm/Mytob, I-Worm/Zafi. October 10, 2005 71.4 kB AVI: 267.11.14 Added detection of new variant of I-Worm/Bagle, I-Worm/Mytob, I-Worm/Zafi. October 10, 2005 5.2 MB IAVI: /128 Added detection of new variant of I-Worm/Bagle, I-Worm/Mytob, I-Worm/Zafi. October 10, 2005 719.4 kB

for the details see

http://www.picturestoexe.com/forums/index.php?showtopic=3681

it was related to a certain version of p2e -- and the exes were cleaned but the pte was left alone

avg straighted things up in a couple days

i will add to this -- after that episode i set up test folders on my drives, so i can test specific things -- by doing a global scan i lost +- 3 gb's of pte exe's - they grey matter was not working too well that day

a good starting point to test your anti virus is to get "eicar" test file

http://en.wikipedia.org/wiki/Eicar

you will do a right mouse and a save as to get the zip file -- you wont be able to mail it to yourself if your isp's anti virus protection is working

or you can make one

ken

[Hemjr]

I am using AVG 7.5.432/Virus Database: 268. 15.29 608 UPDATED Dec. 29 2006.

last week showed no problems. but after downloading the udate today, AVG found 21 PTE shows with the Trojan Horse virus. i beleive it is a false reading, but will leave them in the virus vault until something is resolved. Has anyone else checked lately. Has Grisoft been notified and is something being done by them?

Howard

[Nathan]

Opening my folder on shows from Beechbrook today, AVG (7.5) flashed up that the file Kula.exe contained a Trojan Generic2.nxu.

Considering Kula was downloaded some time ago without any alert before now I was inclined to think false positive. Nevertheless, Kula was placed in the virus vault and I went searching for an answer. Entering the trojan details into AVG's Search Virus Encyclopedia result was, 'no record of this virus.'

If AVG has no record then how can it cause the alert? Kula remains in the vault until this is fully resolved.

[Ken Cox]

FROM MY ANTIVIRUS FILE

Fprot 3.16 F for windows installed on 4/12/2006 both 1 and 2 update Dec. 29 2006

Fprot FP 3.15A Sept 24 2004 Sig. def and Sig2.def (last mod/changed on Dec. 29 2006

FMACRO Ver. 1.18A = Macro def. (last modified/changed on: update Dec. 29 2006

Grisoft AVG Ver.: 7.5.432/Virus Database: 268. 16.0 16.09 UPDATED Dec. 29 2006

EZ Antivirus 7.0.6.7 engine version – 30.4.1 Dec 29 2006 3289

avg detected threats

but the others passed the file

Grisoft AVG Ver.: 7.5.432/Virus Database: 268. 15.26 598 UPDATED Dec. 22 2006

passed the file

adda's

Sun and fog

passed

ken

[Lin Evans]

I am using AVG 7.5.432/Virus Database: 268. 15.29 608 UPDATED Dec. 29 2006.

last week showed no problems. but after downloading the udate today, AVG found 21 PTE shows with the Trojan Horse virus. i beleive it is a false reading, but will leave them in the virus vault until something is resolved. Has anyone else checked lately. Has Grisoft been notified and is something being done by them?

Howard

Hi Howard,

AVG has had issues with a number of false positives for quite a while now. Their operating philosophy seems to be that if they don't recognize something it's automatically suspect. Unfortunately that shotgun approach leads to any number of false positives including what you are seeing.

I gave up on AVG a couple years ago and purchased a number of top-rated anti-threat, anti-spyware and anti-trojan/anti-worm programs including Nod32, AdAware, Trend Micro, Spyware Doctor and ParetoLogic.

I run each of my executables as well as my entire system and peripherals with all the above. No singe program yet finds "every" possible variant, but this combination doesn't miss much. I've never experienced a single problem in 5 years with PicturesToExe executable files and I don't think there have been any in the past or any at the present time. Chalk it up to AVG's being overly cautious to the point of interfering with perfectly normal functioning executable files.

Best regards,

Lin

[Hemjr]

Thanks Lin, I have had no problems with the free version of AVG, except for these false positives, for about 4 years now. I do like the efficiency of the AVG free program in stopping problems. I seem to remember that the last time we had this problem with the false positives, Igor contacted them and they correctied the problem. Igor, are we giving up on AVG now? If so I will take Lin's advice and go to another program.

Howard

[Igor]

I'm sorry for this problem!

Kula slide show NOT infected.

This slide show created in old version of PicturesToExe v3.60 and this false detection of AVG already happened two years ago

Now it seems that authors of AVG antivirus forgot about this and again marks slide shows created in PTE v3.60 as virus.

I'll write them again.

If you can please write also to GriSoft it will help to solve this problem more quickly:

Example of slide show created in v3.60:

http://www.kulamaui.com/slideshow/kula.exe (20 MB)

GriSoft, authors of AVG antivirus:

http://grisoft.com

p.s. it seems that we are not able to send a letter to GriSoft because technical support and any contact information only for registered users. We'll try to send the letter to sales department.

[Ken Cox]

AVG NEWS

http://www.grisoft.com/doc/39275/lng/us/tpl/tpl01

they will have to get their house in order pretty quick

ken

[lathompson]

I have AVG Free on my main graphics computer and AVG PRO on 6 other computers. PTE runs fine and I have never had a single virus threat or mention of one from AVG. Isn't that weird how variable these programs can be from one machine to another?

larry

[Igor]

Yesterday I bought NOD32 for my home PC. This antivirus can work in special mode without popuping of splash screen or update windows.

[Ken Cox]

Larry

did you download --

Kula slide show

"This slide show created in old version of PicturesToExe v3.60 and this false detection of AVG already happened two years ago "

it tested a threat with my avg but clean with 2 other scanners

it generally takes avg a couple days to correct the error

way way back there were also 2 shows -- one was called peru -- i forget the other one

and Hawk Bill Hines and my self scanned everything that was on the Cottage - 250 meg i downloaded - that time it was Kapersky or Norton that was at fault

ken

[lathompson]

Larry

did you download --

Kula slide show

"This slide show created in old version of PicturesToExe v3.60 and this false detection of AVG already happened two years ago "

it tested a threat with my avg but clean with 2 other scanners

it generally takes avg a couple days to correct the error

way way back there were also 2 shows -- one was called peru -- i forget the other one

and Hawk Bill Hines and my self scanned everything that was on the Cottage - 250 meg i downloaded - that time it was Kapersky or Norton that was at fault

ken

Guess I didn't Ken. Don't have it in my show archives. It's nice however, that I have not experienced the problem. AVG on the other hand, has caught many gremlins trying to invade my space over the years and I've really been happy with it. It is so seamless and doesn't bother me with popups. Well, at least until recently anyway... They've begun anouncing the end of the current free version and want us to upgrade to the pay version.

larry

oh, and Happy New Year to you.

[Ken Cox]

Larry

Kula is still available on page 9 at the cottage -- as well so is

Trip to Peru

File Size: 21.5M

By: silver@maui.net

Download Count: 2038

they were made with old version and cause a notice to be displayed by my avg -- you should download them for test purposes of your antivirus system.

Avg announced last Nov, ver 7 would be discontinued in eary 2007 and people should urgrade to the free ver 7.5 -- the way they worded it has caused much confusion as to continuing availabilty of the free version

see

http://peach.ease.lsoft.com/scripts/wa.exe...o.ca&P=1681

and follow thread into Nov

ken

[Hemjr]

Ken, your link requests a password, and will not work.

Howard

[Ken Cox]

Howard

you may have to be a registered user

WIN-HOME@PEACH.EASE.LSOFT.COM

WIN-HOME List

the thread for avg starts

October 2006, Week 5

Subject: avg going pro ?

From: Kylde <kylde001@AOL.COM>

Reply-To: Windows Home/SOHO <WIN-HOME@PEACH.EASE.LSOFT.COM>

Date: Wed, 1 Nov 2006 01:01:32 +0000

Content-Type: text/plain

this isnt good news for a lot of us...

http://www.grisoft.com/doc/special-upgrade...vg-75-free75cnv

--

Subject: Re: avg going pro ?

From: Kylde <kylde001@AOL.COM>

Reply-To: Windows Home/SOHO <WIN-HOME@PEACH.EASE.LSOFT.COM>

Date: Wed, 1 Nov 2006 01:03:55 +0000

Content-Type: text/plain

please ignore this, I should have read further before posting

kylde001@AOL.COM wrote:

> this isnt good news for a lot of us...

>

> http://www.grisoft.com/doc/special-upgrade...vg-75-free75cnv

>

> --

--

Regards,

Kylde

Subject: Re: avg going pro ?

From: Tony Lowe <hapster@INSIGHTBB.COM>

Reply-To: Windows Home/SOHO <WIN-HOME@PEACH.EASE.LSOFT.COM>

Date: Wed, 1 Nov 2006 07:33:32 -0500

Content-Type: text/plain

At 10/31/2006, Kylde wrote:

>please ignore this, I should have read further before posting

You weren't the only one. I made the same mistake when I first

received the alert from AVG a few days ago.

--

Tony Lowe, The HapMaster

What if the hokey-pokey really is what it's all about?

--

----------------------------------------

The WIN-HOME mailing list is powered by L-Soft's renowned

LISTSERV® list management software. For more information, go to:

http://www.lsoft.com/LISTSERV-powered.html

end quote

this thread carried on for some time then because somebdy had not been following it it resurfaced again

start quote

a quote from my log follows

From: Ken Cox [pbyk@sympatico.ca]

Sent: December 14, 2006 7:01 AM

To: 'Windows Home/SOHO'

Subject: Re: AVG vs Kapersky and The Free Competition

http://peach.ease.lsoft.com/scripts/wa.exe...o.ca&P=1681

Date: Wed, 13 Dec 2006 17:16:20 -0500

From: "David G. Pile" <dgpile@SBCGLOBAL.NET>

Subject: Re: AVG vs Kapersky and The Free Competition

If anyone got "all worried" by this "ploy" they are simply not paying

attention and need to learn how to read, comprehend and perceive.

------------------------------

i offer a quote from earlier times --

Date: Wed, 1 Nov 2006 01:01:32 +0000

From: Kylde <kylde001@AOL.COM>

Subject: avg going pro ?

this isnt good news for a lot of us...

http://www.grisoft.com/doc/special-upgrade...vg-75-free75cnv

--

----------------------------------------

WIN-HOME Archives: http://PEACH.EASE.LSOFT.COM/archives/WIN-HOME.html

Contact the List Owner about anything: WIN-HOME-request@PEACH.EASE.LSOFT.COM

Official Win-Home List Members Profiles Page

http://www.besteffort.com/winhome/Profiles.html

------------------------------

Date: Wed, 1 Nov 2006 01:03:55 +0000

From: Kylde <kylde001@AOL.COM>

Subject: Re: avg going pro ?

please ignore this, I should have read further before posting

kylde001@AOL.COM wrote:

> this isnt good news for a lot of us...

>

> http://www.grisoft.com/doc/special-upgrade...vg-75-free75cnv

>

> --

--

Regards,

Kylde

+++++++++++++

myself i updated to 7.5 Nov 2 after Kylde brought to our attention

ken

--

end quote

AVG in its present state will not even allow the KULA OR THE TRIP TO PERU - to be downloaded - and i just updated my avg to see if the problem was resolved - so the Kula file i had for testing has gone bye bye -- not even in the vault

from avg

http://www.grisoft.com/doc/products/lng/us/tpl/tpl01

http://www.grisoft.com/doc/products-avg-an...ng/us/tpl/tpl01

hope this clears things up for now.

ken

[Ken Cox]

a google search

avg going pro ?

turned up these

http://www.google.ca/search?hl=en&q=av...earch&meta=

http://forums.whirlpool.net.au/forum-repli...cfm/647653.html

etc

ken

[lathompson]

Larry

Kula is still available on page 9 at the cottage -- as well so is

Trip to Peru

Yes, I tried it. The download was interrupted by AVG announcing the threat. My version of AVG is the PRO version 7.5.433 and it's up to date.

Avg announced last Nov, ver 7 would be discontinued in eary 2007 and people should urgrade to the free ver 7.5 -- the way they worded it has caused much confusion as to continuing availabilty of the free version

see

ken

I'm getting that pop up on my free version with the announcement daily. It's interesting that by following the links of the popup, there really isn't any way to get to the free version download. It is available and they say it will continue, however it is becoming increasingly difficult to find the download for the free version. I have many friends and from time to time give them a heads up on this great AVG program. The last 4 people I sent to grisoft couldn't find it.

larry

[Nathan]

[i'm getting that pop up on my free version with the announcement daily. It's interesting that by following the links of the popup, there really isn't any way to get to the free version download. It is available and they say it will continue, however it is becoming increasingly difficult to find the download for the free version. I have many friends and from time to time give them a heads up on this great AVG program. The last 4 people I sent to grisoft couldn't find it.

For the free AVG version 7.5 try this link:

http://free.grisoft.com/doc/5390/lng/us/tp...anti-virus-free

[Igor]

Please help us to solve this problem.

We've sent a request to AVG developers 18 days ago and still not response and Kula slide show created in PicturesToExe v3.60 mistakenly detected as a virus, yet.

"Kula". an example of slide show created in v3.60:

http://www.kulamaui.com/slideshow/kula.exe (20 MB)

GriSoft, authors of AVG antivirus:

http://grisoft.com

[Igor]

Thank you all who helped us!

Answer from GriSoft:

-------------------------

Dear Sir/Madam,

Thank you for your email.

Unfortunatelly the file is falsely detected as infected by AVG

program. The false detection will be repaired in next virus database.

We apologize for any inconvenience.

---------------------------------------

[Ken Cox]

Grisoft AVG Ver.: 7.5.432/Virus Database: 268. 16.12 631 UPDATED Jan 16 2007

tests kula and peru shows -- fine this morning after the update this morning by AVG

ken