Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

anti-virus software incompatible with Strawberry perl ??


  • Please log in to reply
18 replies to this topic

#1 seraphin

seraphin

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 06 June 2015 - 09:56 PM

Was wondering if anyone else on this forum has a similar experience.

I installed Strawberry Perl today and started to learn the language. It went well until I noticed that my Panda Free antivirus showed a message that it was disabled. Not knowing why, I re-enabled it and continued with writing Perl scripts. It seems that right after I enabled the antivirus (and ran a full scan), I could not run any Perl script (while scanning is ongoing) - error message "perl is not recognized as an internal or external command".

 

Two questions -

1. Would "Strawberry Perl" package be bundled with malware ????

2. Are there intrinsic issues between antivirus programs and language programs ??

 

 

My system: Windows 7 (64bit)

Antivirus/anti-malware: MS security suite, Panda Free antivirus, Malwarebyte anti-malware

 

Will re-run full scan with all softwares again but am hoping to solicit some input from this forum. Great many thanks.

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 AM

Posted 06 June 2015 - 10:02 PM

Hi seraphin :)

Are you referring to "Microsoft Security Essentials" as the "MS security suite"? If so, that's most likely your issue. You should never have more than one Antivirus installed at once on a system, since it can cause system instability and conflict. Right now, MSE is probably disabled Panda Antivirus as it ones to be the "main" Antivirus running and so it sees Panda as a threat so it disable it. I suggest you to uninstall either MSE or Panda and keep the other.

For more information, see the "IMPORTANT NOTE" at the end of quietman's article below.

Choosing an Antivirus program

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 seraphin

seraphin
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 06 June 2015 - 10:20 PM

yes, MS secruity suite is Microsoft security essential, but truth be told, they had been living together peacefully (I know it's NOT good to have two anti-virus co-existing) until today. I am not saying it's not that one disables the other, but I have been writing and running a few simple Perl scripts earlier today with NO problem but then I noticed Panda antivirus being disabled and after I re-enabled it, I could NOT run Perl scripts anymore. Thus, I doubt if it's Microsoft security essential doing anything (if at all, it'd be doing something against Strawberry Perl program ??)



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:22 AM

Posted 06 June 2015 - 10:25 PM

Where did you download Strawberry Perl from? If not a trustworthy site, you could have picked up malware from there.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 AM

Posted 06 June 2015 - 10:26 PM

What you can try to do is to put all your scripts in one folder and scan that folder with Panda and see if they are being detected or not. Depending of the scripts you created, they can be blocked by Panda because they have malware-like strings of code or behavior.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:22 AM

Posted 06 June 2015 - 10:37 PM

...Are there intrinsic issues between antivirus programs and language programs ??

AutoIt is a scripting language known to be used by malware developers and sometimes detected by anti-virus software. See here. And there are script viruses written in programming languages such as JavaScript and Visual Basic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 seraphin

seraphin
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 06 June 2015 - 10:42 PM

To quietman -

the website seems legit

http://strawberryperl.com/

 

To Aura -

I doubt that any of my scripts would cause the issue. First, they are all "Perl beginner" level scripts. Second, I cannot help but notice the timing between re-enabling Panda and the appearance of error message "perl is not a recognized internal or external command". Unless Panda shuts off the "Perl environment" (rather than individual script), I wonder why suddenly "perl" is not a recognized command.



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 AM

Posted 06 June 2015 - 10:44 PM

If Panda is disabled, I doubt it's the guilty programs here. Usually, enabled Antivirus are responsible of that message. In that case, it would be Microsoft Security Essentials.

Edited by Aura., 06 June 2015 - 10:44 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 seraphin

seraphin
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 06 June 2015 - 10:50 PM

Panda is still running the scan (it did pick up "stuff" - history shows it deleted and removed13 cookies, although on the scanning window, it says it detected "2" (probably 2 unknown cookies, as indicated in the event report as "unkown name", while the other 9 cookies have names). Will report back once the run finishes.



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:22 AM

Posted 06 June 2015 - 10:56 PM

Cookies are NOT a "threat". See my explanation about cookies.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 seraphin

seraphin
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 07 June 2015 - 12:05 AM

I guess I could have waited. It turns out Panda did remove

Strawberry\perl\bin\perl.exe

as it thought it was a virus, although I still could not find the "second hit" (since the report said two detections, but in the full report, only one file is reported as virus and quarantined). So just a false alarm ??



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 AM

Posted 07 June 2015 - 12:06 AM

Yes, it's a false alarm. You can submit the file as a false positive to Panda to get it removed, and also whitelist it in Panda for the time being. More importantly, if you keep Panda, are you going to uninstall Microsoft Security Essentials?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 seraphin

seraphin
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:01:22 AM

Posted 07 June 2015 - 12:12 AM

:grinner: :nono:



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 AM

Posted 07 June 2015 - 12:13 AM

I have no idea of what you're implying by that reply sadly.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:22 AM

Posted 07 June 2015 - 06:08 AM

perl.exe detected as malware by 47 anti-virus scanners

file is infected by a polymorphic file infector virus.


perl.exe detected as malware by 43 anti-virus scanners

stops various security software and prevents some core Windows utilities from running. It also tries to download other files from a remote server, including other malware


perl.exe detected as malware by 11 anti-virus scanners

According to AVG, this software downloads additional adware offers during setup.


perl.exe detected as malware by Virus.Chir

Infected by a mass-mailing worm and virus that sends itself to email addresses gathered from the compromised computer and exploits remote vulnerabilities and attempts to infect files


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users