Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan found by AVG 8.5 red shield


  • Please log in to reply
9 replies to this topic

#1 nizzy

nizzy

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 09 September 2009 - 07:31 AM

I was just going to respond to a post on this forum when resident shield popped up and noted I had a trojan GEN 14.APHU on a art program called "twisted brush" and that it was detected on open, I think the "open" was windows defender "opening" it as it was running at the time.
I got this program on a disc by "vistas official magazine" nearly a year ago now so I would have hoped it was ok to install but now AVG 8.5 has found this I am worried.
I have moved it to the virus vault for the time being (I do not use the program anymore so I will likely delete it later)
Can you help me?

Thanks I have posted a picture of the threat.
Posted Image

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:33 AM

Posted 09 September 2009 - 10:55 AM

rdsok, Moderator at the AVG forum posted these instructions for suspected FP's.

If you suspect a file to be a false positive. Test the file at [virusscan.jotti.org]] and if it is a false positive, archive (zip, arc, tar etc) the file using a password and email a copy to virus@grisoft.com with a brief description as well as the password you used to archive it with.

If it is a false positive, turn off heuristic scanning for the time being. When Grisoft adjusts the virus definitions you can turn it back on. If turning off Heuristics still doesn't allow access to the file while testing and emailing... disable the resident shield temporarily.

AVG Forum: A possible False Positive Detected

In case AVG Free detects some file on your PC as infected, this file was moved to AVG Virus Vault, and you are sure that this file is correct and clean, it is possible that the detected file is a false alarm. If so, we shall prepare the correction as soon as possible. Unfortunately, false alarms do appear from time to time in every Anti-Virus software.

To solve the problem, please send us this file for analysis directly from the AVG Free program...

AVG FAQ 1320: AVG detects infection on file that I suppose to be clean

Please try to update your AVG Free system and run the whole computer scan again. When the file is not detected and you are still in doubt, put the file into password protected archive using WinZip, WinRar, PowerArchiver etc., attach this archive to an e-mail and send it to virus@avg.com. Describe why you are sending the file and write the password for the archive into the e-mail.

AVG FAQ 1318: What to do when I suspect any file it is infected?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 nizzy

nizzy
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 09 September 2009 - 12:35 PM

I emailed the rar file to avg and got this repsonse

Dear Sir/Madam,

thank you for your e-mail.

Unfortunately, the current virus database version may detect the
mentioned virus on some legitimate applications. We can confirm that
it is a false alarm. We would like to inform you that the false
positive will be removed in one of the next Definitions update. Please
update your AVG and if a new Definitions update was downloaded, check
whether the file is still detected.

If you need to restore deleted files from AVG Virus Vault you can do
it this way:
- Open AVG user interface.
- Choose "Virus Vault" option from the "History" menu.
- Locate the file that was incorrectly removed and select it (one
click).
- Click on the "Restore" button.

We are sorry for the inconvenience.

Best regards,

Ondrej Lukasek
AVG Customer Services


One small question, when I upload a file to virus total or jotti does it matter that I have already used winrar to archive it? will this make it difficult to detect?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:33 AM

Posted 09 September 2009 - 12:52 PM

You can upload any file directly to virus total or jotti to get a second opinion.

The zipping of a file is only required when sending samples to AVG.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 nizzy

nizzy
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 09 September 2009 - 03:10 PM

Yes I noticed that before I submitted it to them both, I just wondered if for future reference having it in winrar affected the detection.

EDIT I scanned unzipped with VT and Jotti and they both found something
Posted Image
Posted Image

What should I now do, I am contacting AVG about this incase they missed something as when I sent the file as a attachment it scanned it with norton (yahoo's scanner) and gave me an alert about it and could not complete the scan but I sent it anyway. It might have not sent the full file possibly?

Edited by nizzy, 09 September 2009 - 03:45 PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:33 AM

Posted 09 September 2009 - 08:52 PM

I just wondered if for future reference having it in winrar affected the detection

It is not unusal for an anti-virus or anti-malware scanner to be suspicious of some compressed, archived, .cab and packed files because they have difficulty reading what is inside them. These kind of files often trigger alerts by security software using heuristic detection because they are resistant to scanning (difficult to read). This resistance may also result in some scanners to stall (hang) on these particular types of files.

If you got this program over a year ago and its just now being detected, then I would be suspicious of those results until the anti-virus vendor investigated further.

Another thing I should have mentioned before is that you should also contact and advise the vendor of twisted brush that their program is being detected as a threat. In many cases they will work with the anti-virus folks in an attempt to resolve the detection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 nizzy

nizzy
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 09 September 2009 - 09:07 PM

They only found the "infection" once I unzipped the files so compression hid what ever alerted them to it.

I re emailed AVG about the Jotti and Virus total results and they replied

Dear Sir/Madam,

thank you for your e-mail.

Please note that actually the file was detected by us but we removed
the detection as the file is not harmful. Other software can still
detect the file but AVG will not detect it anymore.

If you have any further questions, feel free to contact us again.

Best regards,

Georgi Papazov
AVG Customer Services


So looks like they have resolved the problem, should I still inform the vendor if it is no longer supposedly going to be detected?

Edited by nizzy, 09 September 2009 - 09:09 PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:33 AM

Posted 09 September 2009 - 09:12 PM

It wouldn't hurt to advise the vendor so they are aware. Although AVG has corrected the detection, your jotti scan showed some other AV software detected it as a threat as well.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 nizzy

nizzy
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 10 September 2009 - 07:43 AM

Right thanks I will inform them that some people might be getting warning on the product.

Thanks.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:33 AM

Posted 10 September 2009 - 07:47 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users