Trojan Horse SHeur

[alanch]

I had a scare yesterday with some downloaded files from the US which AVG Free identified as containing this virus. The name of the virus found suggests that this has been discovered through heuristic techniques, rather than by matching to a specific virus. I suspect this might be a false positive introduced by the latest AVG update, as I check all files when I download them and nothing was found by these earlier checks.

I have run a full check of my computer, including all my stored downloads from this site. AVG identified the following files from here as containing the same Trojan - 18002, 18003, 18004, 18056, 18070, 18140, 18148, 18241, 18405, 18406 and 18407. It would be helpful if someone could check one or more of these with another antivirus package to see if there really is a problem - preferably several of you with different antivirus suites if possible.

[Lad491]

18002 is clean - scanned with Norton AV.
I'll go through the others but i expect they will all be ok

Ive now checked all those files with Norton AV, updated today so bang up to date, and all of them have come back clean. I think you have a false positive

[alanch]

Thanks Laurie - as I said, I suspect AVG is producing heuristic false positives. I wonder if they are all using the same installer.

[jbilton]

Thanks Laurie - as I said, I suspect AVG is producing heuristic false positives. I wonder if they are all using the same installer.

Hopefully AVGs next pattern will fix the 'false positives'........... got me yesterday too.

Cheers
Jon

[jbilton]

Thanks Laurie - as I said, I suspect AVG is producing heuristic false positives. I wonder if they are all using the same installer.

Hopefully AVGs next pattern will fix the 'false positives'........... got me yesterday too.

Cheers
Jon

Update released 17.06 03/03/08
Unfortunately still showing as virus.

Cheers
Jon

[6rdfar90]

AVG does this quite a lot... Kinda annoying really

[alanch]

This is only the second time in over 5 years that I've had this happen with AVG, so I don't think it is that bad.

[6rdfar90]

Ouch. Its like the same number of times for me - but in the space of less than a year

[ashgray]

Just scanned the lot with Norton, Alan - all OK.

Ash

[PrinceGaz]

I'll scan one with McAfee VirusScan later tonight when the download queue is smaller (no Premium Access currently). Alternatively if anyone wants to drop one of those files in my mailbox (I don't care which one so choose the smallest), I'll report back here with the result as soon as I see it. I get over 200 spams per day so I don't worry about posting my address as is any more, it just gives my spam filter more material to learn from- princegaz@lineone.net

Chances are it is just a false positive, as others have mentioned.

[ronald parkin]

Hi Alan, Hit it with the big one and drop it in here.
http://www.virustotal.com/
This was recommended By Uncle Bill's men.
Regards

Ron P

[Lad491]

Alan

Ive scanned them all again tonight on another PC running McAfee Internet Security, and once again all 11 files come back completely clean. Im also using advanced heuristic scanning.

Definitely an AVG false positive

[richard222]

Again if anyone really cares


http://online.drweb.com/?url=1

[alanch]

Thanks all - I think we can put this one to bed. I still wonder if it is just one installed that is affected.

[Easilyconfused]

Thanks to Alan for raising this with us.

At this point I think the thread serves little more purpose and I don't want to get into a debate about the virtues / snags of different security products since that gets very subjective. Therefore I will lock the thread. It will be found by the search tools and the internet search engines so is useful reference material.

I would also urge anyone getting a positive report on any file from our library not only to post a thread but most importantly create a helpdesk ticket at http://support.atomic-systems.com so it comes to our attention quicker. The support team may not spot a thread immediately but the helpdesk tickets do get quick visibility. We do get a few reports of this sort from the helpdesk tickets and they are all investigated promptly