Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avg 8 - Detects Exploit.jpeg Only In The Resized File.


  • Please log in to reply
11 replies to this topic

#1 joe blow

joe blow

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 24 July 2008 - 11:59 PM

Hi,

This is a little strange. A friend downloaded some photos she had taken, from her camera onto my computer. Everything was fine until I tried to resize them, as soon as I did AVG 8 (the full version) said that the photo "may be infected by unknown virus Exploit.JPEG" It has no problem with the origional files just the the resized ones.

I scanned the supposedly infected resized photos with Malwarebytes and with Superantispyware and they both detected nothing.

At the same time I was resizing some other photos that had come from a camera to disk to my computer and AVG had no problems with them, they were also JPEGS.

So I am just wondering if this is a real virus or a false positive?

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:47 AM

Posted 25 July 2008 - 07:28 AM

If you suspect a file to be a false positive. Test the file at [virusscan.jotti.org] and if it is a false positive, archive (zip, arc, tar etc) the file using a password and email a copy to virus@grisoft.com with a brief description as well as the password you used to archive it with.

If it is a false positive, turn off heuristic scanning for the time being. When Grisoft adjusts the virus definitions you can turn it back on. If turning off Heuristics still doesn't allow access to the file while testing and emailing... disable the resident shield temporarily.

AVG forum.grisoft: instructions for suspected FP's
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 joe blow

joe blow
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 26 July 2008 - 02:31 AM

OK, thanks, I will try that.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:47 AM

Posted 26 July 2008 - 07:12 AM

Good luck. Let us know what they have to say.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 joe blow

joe blow
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 28 July 2008 - 02:18 AM

Hi,

Well it looks like it is a virus.

My AVG ran out so I downloaded Antivir free, when I tried to resize the photos the same thing happened. It detected a virus. I can't send it to jotti because to do that I would need to tell the anti virus to ignore it, and I don't want to do that. Also there seems to be little point now as both anti virus programs detect it as a virus. But in both cases they are fine with the original files. It is only the resized file that scans as malware.

They may also be causing other problems as there was a shortcut icon that appeared in my documents for "remote assistance" that I was not aware of. And last nite malwarebytes found and removed this.

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

I would be grateful for any suggestions as to what to do next.

Thanks

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:47 AM

Posted 28 July 2008 - 07:03 AM

I doubt if the file MBAM found/removed is related to this issue. What program are you using to resize the photo's and are you making them smaller (compressing) or larger?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 joe blow

joe blow
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 29 July 2008 - 03:40 AM

I'm using photofiltre, a program that I have used for years, I've never had this problem before. Only the photos from this one specific camera cause the problem.

I have been making the images smaller so I can email them. They are Jpegs, all over three meg.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:47 AM

Posted 29 July 2008 - 08:36 AM

The issue may have something to do with the way the file is being compressed. I suggest you contact "PhotoFiltre Support" and ask them. Chances are the same issue has already been reported, and a solution is available. If not, the vendor needs to know so that they can investigate.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 joe blow

joe blow
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 30 July 2008 - 02:59 AM

OK, thanks.

Just on an unrelated matter. From time to time I do a clean install of windows, but I've heard that in rare cases certain types of malware can survive a reinstall. I was wondering if it was possible for you to leave a link for instructions on how to do a reinstall that is 100% certain of removeing any malware.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:47 AM

Posted 30 July 2008 - 07:32 AM

Some types of malware can result in a system so badly damaged that a Repair Install will NOT help!. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Starting over by wiping your drive, reformatting, and performing a clean install of the OS removes everything and is the safest action.

In case you need help with this, please review "How to partition and format a hard disk in Windows XP".

These links include step by step instructions:
"Clean Install Windows XP".
"Reformat & Clean Install Windows".
"XP Clean Install Interactive Setup".

Reformatting a hard disk deletes all data. You should back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some malware may disguise itself by adding and hiding its extension to the existing extension of other files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive. Don't forget you will have to go to Microsoft Update and apply all Windows security patches.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 joe blow

joe blow
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 31 July 2008 - 02:09 AM

OK, thanks for the help.

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:47 AM

Posted 31 July 2008 - 06:56 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users