I downloaded a Virus from apr.exe

[kipper]

I just got my new computer, up and running and all the software on it - I came to download PTE version 5.1. and found a virus on it. i am mad. I am also very upset that my new PC has succumbed to a virus after only one day of having it. If I cant trust this site where can I get the PTE software from that I badly need?

[daveharris]

I just got my new computer, up and running and all the software on it - I came to download PTE version 5.1. and found a virus on it. i am mad. I am also very upset that my new PC has succumbed to a virus after only one day of having it. If I cant trust this site where can I get the PTE software from that I badly need?

I have downloaded v5.1 from wnsoft.com about an hour ago with no problems. Kaspersky detected nothing - I've just rescanned it to make sure - nothing detected.

I've downloaded it again now (20:53 GMT) again nothing detected.

What virus is reported? Where did you download from?

As you will see from other threads there is a real problem with this forum and trojans.

Cheers,

Dave

[Igor]

It's just impossible, we use NOD32 antivirus before uploading files to the server. and I check up files with AVG antivirus on a second PC.

[daveharris]

It's just impossible, we use NOD32 antivirus before uploading files to the server. and I check up files with AVG antivirus on a second PC.

Igor

If you go via Beachbrook a trojan is reported as you enter the site.

Dave

[Lin Evans]

Hi Dave,

I just tried that with NOD32, PC Tools PC Doctor, ParetoLogic, Uniblue and Adaware and none are reporting any virus or trojan. I'm begining to think that there is a bug in some virus detection software because I've also run all these on my system to look for trojans, virus, worms and spyware and none are reported.

Best regards,

Lin

Igor

If you go via Beachbrook a trojan is reported as you enter the site.

Dave

[cjdnzl]

I just got my new computer, up and running and all the software on it - I came to download PTE version 5.1. and found a virus on it. i am mad. I am also very upset that my new PC has succumbed to a virus after only one day of having it. If I cant trust this site where can I get the PTE software from that I badly need?

You are rather jumping to conclusions with your post. It's a known fact that one or two anti-virus programs are detecting false positives, and there are a considerable number of posts here about this. Read the forum before getting 'mad'.

Colin

[Peter S]

I can add that I installed 5.1 and scans with Zone Alarm, Xoftspy, Adaware and AVG anti root kit all come up clear.

Kind Regards

Peter

[cjdnzl]

I can add that I installed 5.1 and scans with Zone Alarm, Xoftspy, Adaware and AVG anti root kit all come up clear.

Kind Regards

Peter

I second that. I use Zonealarm Pro, latest version, and ran a full scan of my machine, which takes about 2 hours. I have downloaded 5.1, and several programs from beechbrook, and the scan picked up nothing, except for that pesky 2o7 tracking cookie. For good measure I also ran Search & Destroy and AdAware Personal, both of which came up clean.

Given the number (thousands!) of viruses out there, it's not surprising that the odd false positive crops up. The trick is to determine whether it is really reporting a genuine virus, or whether it's a false positive. AFAIK the best method of doing that is to try three or four virus checkers - not all at once - and get a consensus.

Colin

[kipper]

Thank you for the replies - helpful but im still not sure that I can download 5.1.?

Colin I have read the posts re the trojans before I posted but this was picked up as a "Virus" and it was from apr.exe. i am using AVG which picked it up.

Maybe we are not all so knowledgeable as you are when confronted with this kind of scare!!

[Lin Evans]

Hi Kipper,

AVG is notorious for causing false positives with several types of code and has been problematic with PTE files in the past. There has "never" been a virus attached to a PTE executable yet AVG has reported and even "erased" perfectly good PTE executables. The AVG developers were informed and they "fixed" the false positive but it's apparently back in your case. There is no "virus" with the PicturesToExe code, of that you can rest assured.

Best regards,

Lin

Thank you for the replies - helpful but im still not sure that I can download 5.1.?

Colin I have read the posts re the trojans before I posted but this was picked up as a "Virus" and it was from apr.exe. i am using AVG which picked it up.

Maybe we are not all so knowledgeable as you are when confronted with this kind of scare!!

[wideangle]

Too many people are being complacent here and just dismissing the issue. Just because software doesn't detect anything it doesn't mean that there is nothing amiss. It depends on personal settings, which will vary from person to person.

Clearly there has been some problems from the direct comments in other topics - see for example http://www.picturestoexe.com/forums/index.php?showtopic=7700.

Igor has actually recognised an issue as well now.

I think the word should be caution rather than complacency.

[byuen]

Too many people are being complacent here and just dismissing the issue. Just because software doesn't detect anything it doesn't mean that there is nothing amiss. It depends on personal settings, which will vary from person to person.

Clearly there has been some problems from the direct comments in other topics - see for example http://www.picturestoexe.com/forums/index.php?showtopic=7700.

Igor has actually recognised an issue as well now.

I think the word should be caution rather than complacency.

Yes, I can confirm that there is some sort of VIRUS attached to the link when you try and download the latest PTE file.

See the message and link by Wideangle

I got the same message that the user Auser got " I am prompted to install a "Remote Data Services Control" active-x. I get the little bar at the top of IE." two seconds later my Symantec Anti Virus Auto Protect caught the virus.

Here is the details of the Virus:

Virus Name: Trogan Horse

File Name: .......\LocalSettings\Temporary Internet Files\Content. IE5\3757s705\soveycou[1]

I've since deleted my cache directory but will do a full scan. I believe it may be some sort of GIF file.

Bob

Just to add. I downloaded the PTE from the main page of www.wnsoft.com

I've just installed PTE without any issues. It's probably where the PTE file is being hosted.

[cottage]

Igor

If you go via Beachbrook a trojan is reported as you enter the site.

Dave

Hello Dave, (daveharris),

Sorry for your troubles. Are you referring to the link on my download pages that takes you to the WnSoft forum? If so, I use this link countless times a week to go to the forum with no issues. As a test, I just logged into my site, clicked on the PTE Forum link (from one of my download pages) and downloaded PTE 5.1. Next I scanned it with McAfee Security Center. No virus was detected.

Best of luck in resolving your trouble. Let me know if I can assist you in any way.

Regards,

Bill

[Igor]

I'm sure no virus in downloaded file from WnSoft website because it's located at another server with disabled PHP and disabled other active content technologies.

But there is still temporal problem with the forum. Recent reply from developers of Invision forum where we use their hosting for the forum:

It has come to our attention that a recently discovered weakness in the Linux kernel has allowed dynamic altering of some customer websites, triggering anti-virus software. The issue exists on a Linux/server level. There will be no data loss due to this weakness and your website will remain fully in tact. The actual files of your web site were not altered.

A fix for this issue has been identified and we are working diligently to apply this fix to all servers as quickly as possible.

We apologize for any inconvenience this may cause and appreciate your patience while we work to restore normal service as quickly as possible. We hope to have the fix implemented by the end of the day.

I hope that they will solve it ASAP.

[cjdnzl]

Too many people are being complacent here and just dismissing the issue. Just because software doesn't detect anything it doesn't mean that there is nothing amiss. It depends on personal settings, which will vary from person to person.

Clearly there has been some problems from the direct comments in other topics - see for example http://www.picturestoexe.com/forums/index.php?showtopic=7700.

Igor has actually recognised an issue as well now.

I think the word should be caution rather than complacency.

What Igor found appears to be another false positive, not an actual virus.

Speaking for myself, I am certainly not complacent about viruses, trojans, adware, spyware, rootkits, keyloggers, or or other nasties. My primary protection is ZoneAlarm Pro Security Suite (ZA), for five major reasons. One; it checks all programs while they are being installed, and will flag any suspicious activity. Two; all programs attempting to access the trusted zone or the internet are checked against a list of permitted programs, and I have control over permissions. Even an upgrade to a permitted program, e.g. Firefox, will be caught. ZA puts up an alert that says 'This program has changed since it last ran'. I can then allow it to run once, or allow it to run permanently until I revoke permission. Three; I can put sensitive data like passwords, bank numbers, etc into the 'vault' for safe keeping. If any program tries to send anything that's in the vault, ZA will catch it and ask permission before sending. Four; ZA's anti-virus and anti-spyware module is slow and thorough, and I have it scheduled to run weekly. Five, ZA 'stealths' the computer, rendering the machine invisible to the internet, so that web crawling nasties do not detect its presence. For more on stealthing, see:

https://www.grc.com/x/ne.dll?bh0bkyd2

This is Steve Gibson's 'ShieldsUP' site. If you haven't seen this before, prepare to be astonished.

In addition I regularly run Search&Destroy and Ad-Aware over the entire machine.

I do not use Norton, McAfee, or other 'real-time' AV programs. Most of those cause an unacceptable slowing of the computer while they do their checking. A seldom-realized problem with this type of program is the conflicting requirements of adequate checking for literally thousands of nasties without slowing the computer's response to unacceptable levels. The short-cuts and compromises required to do this guarantees false positives from time to time, when legitimate files contain byte strings that look like a virus, but which aren't. This accounts for why one AV program will flag a file as a virus while others do not. The somewhat sinister corollary to false positives is that less than thorough checking might let through an unrecognized virus or trojan, particularly with the newer mutating virii.

It is also worth mentioning that the earlier 'payload' carried by virii was simply malicious destruction of files or corruption of programs on the infected machine, done for laughs, basically. The goalposts have shifted, and now the aim is to steal your personal details, keylogging your ID and passwords, or setting up your computer as a zombie to be used in DDOS attacks or other heinous activities that the average computer user never suspects. This is why ZA style monitoring of what's going out is essential.

Apologies for the off-topic post.

Colin

[Lin Evans]

You are confusing issues. The issue under discussion is whether or not there is a virus in the downloaded code and most assuredly there is not. No one is being complacent, just discussing oranges and apples. The "trojan" people are detecting when opening the site is not a "virus" - they are different animals and different subjects. The OP said, and I quote "I downloaded a Virus from Apr.exe". This is a known false positive from AVG which has been repeatedly proven false, fixed by AVG then "unfixed" apparently.

Best regards,

Lin

Too many people are being complacent here and just dismissing the issue. Just because software doesn't detect anything it doesn't mean that there is nothing amiss. It depends on personal settings, which will vary from person to person.

Clearly there has been some problems from the direct comments in other topics - see for example http://www.picturestoexe.com/forums/index.php?showtopic=7700.

Igor has actually recognised an issue as well now.

I think the word should be caution rather than complacency.

[kipper]

Thank you all for your comments.

THe matter is now resolved -

quote:

It seems that AVG antivirus developers forgot to add updated information about our program, because we released new version recently. We will contact AVG company and discuss this issue with them. Thank you to inform us.

unquote

Kipper

[dabbler]

thanks for the link; i've never been to that site but it gave me an opportunity to check my computer's vulnerability and i was very pleased with the results. i guess my comodo program and avg are doing their jobs; no exposed ports, etc.

you guys definitely provide a wealth of information.

thank you very much!

quick edit: my ip address showed up (i'm not surprised) but is that something i should try to hide? if so, what program would you recommend? thank you.

For more on stealthing, see:

https://www.grc.com/x/ne.dll?bh0bkyd2

This is Steve Gibson's 'ShieldsUP' site. If you haven't seen this before, prepare to be astonished.

Colin

[daveharris]

my ip address showed up (i'm not surprised) but is that something i should try to hide? if so, what program would you recommend? thank you.

You cannot hide your IP address as this is the backbone of Internet communication. However, if you use a router to connect to the internet the address shown is that of the router, not the computer.

For example, my broadband connection is to a wireless router, so the address you see is my router, not the laptop or server I use. In addition the router provides a basic firewall. Note that none of this is a subsitute for a quality firewall and AV software on all connected computers!

Seasons greetings to all on the forum,

Dave

[dabbler]

got it; thank you!

You cannot hide your IP address as this is the backbone of Internet communication. However, if you use a router to connect to the internet the address shown is that of the router, not the computer.

For example, my broadband connection is to a wireless router, so the address you see is my router, not the laptop or server I use. In addition the router provides a basic firewall. Note that none of this is a subsitute for a quality firewall and AV software on all connected computers!

Seasons greetings to all on the forum,

Dave

[dabbler]

dave, sorry to trouble once again but would you recommend a program like this one?

http://www.hide-ip-soft.com/

or do you think it's unnecessary? or perhaps you'd recommend another program? thanks!

You cannot hide your IP address as this is the backbone of Internet communication. However, if you use a router to connect to the internet the address shown is that of the router, not the computer.

For example, my broadband connection is to a wireless router, so the address you see is my router, not the laptop or server I use. In addition the router provides a basic firewall. Note that none of this is a subsitute for a quality firewall and AV software on all connected computers!

Seasons greetings to all on the forum,

Dave

[daveharris]

dave, sorry to trouble once again but would you recommend a program like this one?

http://www.hide-ip-soft.com/

or do you think it's unnecessary? or perhaps you'd recommend another program? thanks!

I have no experience of programs such as the one linked in the URL, so I cannot really offer any advice. I have never felt the need to obscure my IP address, I power my router down overnight so I probably get a different IP address each time I power it on.

Regards,

Dave