Mike Chaney's Tech Corner

Mike's Software => Qimage Ultimate => Topic started by: mical on September 12, 2015, 07:46:51 PM



Title: AVG internet secruity (false positive?????)
Post by: mical on September 12, 2015, 07:46:51 PM
Hi all.
I just tried to download QU-2016-121 but my AVG internet security promptly stopped the download, quarantined a threat and gave me this, see screen shot. Any pointers as to how to proceed?                




Title: Re: AVG internet secruity (false positive?????)
Post by: Jeff on September 13, 2015, 07:01:13 AM
Hi all.
I just tried to download QU-2016-121 but my AVG internet security promptly stopped the download, quarantined a threat and gave me this, see screen shot. Any pointers as to how to proceed?                


Disable AVG for 10mins.  ??

Jeff


Title: Re: AVG internet secruity (false positive?????)
Post by: Terry-M on September 13, 2015, 08:37:27 AM
Quote
Disable AVG for 10mins.  ??
Be careful!
That is a Trojan you've picked up shown on that screen shot.
See http://www.im-infected.com/trojan/idp-trojan.html (http://www.im-infected.com/trojan/idp-trojan.html)
You need to remove it.
Terry


Title: Re: AVG internet secruity (false positive?????)
Post by: admin on September 13, 2015, 02:44:01 PM
Quote
Disable AVG for 10mins.  ??
Be careful!
That is a Trojan you've picked up shown on that screen shot.
See http://www.im-infected.com/trojan/idp-trojan.html (http://www.im-infected.com/trojan/idp-trojan.html)
You need to remove it.
Terry

Yeah, I know Fred uses AVG and he had no problem with 2016.121 so that is coming from somewhere else.  It'd be a good idea to remove/disinfect that one and try again.  AVG probably picked up that previous infection because it rescanned the download folder when you downloaded QU.

Regards,
Mike


Title: Re: AVG internet secruity (false positive?????)
Post by: Geraldo Garcia on September 16, 2015, 08:41:21 PM
I just started getting warnings from Avast antivirus about Qimage being infected by "Win32:Banker-MGC[Trj]" out of the blue.
The last software I installed was Qimage 122 earlier today and it was working fine. A few hours later I started getting warnings from Avast and it moves Qimage.exe to quarantine.
Scanning the system no other threat was found. Scanning the installer from Qimage gives no warning either, but when I try to install it Avast warns about the trojan.
Is it a false positive or there is a sneaky trojan on my system? Any other Avast users getting this?


Title: Re: AVG internet secruity (false positive?????)
Post by: Geraldo Garcia on September 16, 2015, 08:51:38 PM
Some more info:
I exported the file from quarantine and run it through virustotal.com
From 56 antivirus engines only Avast considered it a threat. Looks like a false positive to me!


Title: Re: AVG internet secruity (false positive?????)
Post by: Terry-M on September 16, 2015, 10:33:36 PM
Quote
Is it a false positive or there is a sneaky trojan on my system?
No, it's not a false positive. I had the same thing as did Mical with AVG.
I allowed AVG to quarantine the trojan (different from yours) and re-booted. Then I downloaded QU again and all was ok.
It does seem that there is something being picked up by a few of us which is hiding in our download folders.
I use Firefox, maybe there's some vulnerability there.
I did not have a problem with v122.
Terry


Title: Re: AVG internet secruity (false positive?????)
Post by: afed4enko on September 17, 2015, 12:54:08 AM
Avast every time I try to install move EXE to quarantine (reason - Win32:Banker trojan). System checked and clean. File downloaded by different ways (browsers and Download Master). Simple question: file on your server can be infected?


Title: Re: AVG internet secruity (false positive?????)
Post by: Geraldo Garcia on September 17, 2015, 03:00:48 AM
Well... that makes two.

I downloaded and installed Qimage Ultimate on a new computer, previously scanned and free of virus, and Avast again considered it infected by "win32:Banker".
I again used virustotal.com to scan Qimage.exe and now two scan engines considered it infected (Avast and Qihoo-360).

Terry, Mike, please have a look at it and, if you don't use Avast, try virustotal.com.
I am confident that your files are free of virus, but I just want to be 100% sure that it is a false positive before I mark it as such.

Thanks in advance.


Title: Re: AVG internet secruity (false positive?????)
Post by: Fred A on September 17, 2015, 09:15:05 AM
Quote
I downloaded and installed Qimage Ultimate on a new computer, previously scanned and free of virus, and Avast again considered it infected by "win32:Banker".


A couple of comments from the "Peanut Gallery".
Mical and Terry both use AVG Internet Security. They are getting a Trojan Alert.
As Mike said, I use AVG Antivirus and I do not get an alert.
Can someone with the AVG Internet Security look into the difference and try to determine if there's some additional level of security that may be the cause of the Trojan alerts?

For about a year or so, I keep getting a Trojan alert which AVG says is contained in my Logitech Camera software/driver.
Here's what I did.
I quarantined the Trojan, removed it from the vault, uninstalled Logitech, using a scrubbing tool.
Then reinstalled a fresh download.
On the next scheduled virus scan, here's my trojan back again.
I quarantined him and then ignored the message.
Then I moved the driver install exe file to a different drive; one that is not included in the scheduled virus scan.

No more virus detected. Conclusion (right or wrong) to me is that there was some code string in the driver exe file  that triggered the virus alert. False Positive, if you will.
Anytime a file has an .exe suffix, all these email and internet secutiry people who write this code get a Spastic Colon. They put on Hazmat suits and try to "protect you".

I can be fairly confident that a company like Logitech probably has a clean driver download, and it follows that DDI software does also.
One very important reason to me!!!
Logitech and Mike (Qimage) both have you downloading from their individual server.
I noticed one gentleman mentioned he used "Download master". There are dozens of so called installer and downloader programs that purport to assist you or to speed you up, or to check to see if all your drivers are up to date.
This is usually where the trojans and viruses and Adware lurk.

Do yourself a favor and stay off of those.

Fred



Title: Re: AVG internet secruity (false positive?????)
Post by: admin on September 17, 2015, 11:44:16 AM
It's nothing but a simple false positive.  The file on the server is identical to the one I uploaded.  The MD5 for the registered version (qu16-122.exe) is 6f66680b3ffc91fe82fd0fca040d65b5 if you'd like to check it yourself.

In my experience, Avast is not very good.  I've had to uninstall it from friend's computers and install NOD32 for this same reason: too many false positives.  PC Magazine basically said the same thing and down-rated it for many false positives this year:
http://www.pcmag.com/article2/0,2817,2481367,00.asp

Mike


Title: Re: AVG internet secruity (false positive?????)
Post by: admin on September 17, 2015, 11:59:13 AM
Avast users: here's how to submit a false positive report...

https://www.avast.com/en-us/faq.php?article=AVKB21#idt_07

Mike


Title: Re: AVG internet secruity (false positive?????)
Post by: Geraldo Garcia on September 17, 2015, 04:41:46 PM
Ok! That is what I thought. Thanks for confirming it.
Just sent the false positive notification.

Regards.


Title: Re: AVG internet secruity (false positive?????)
Post by: admin on September 17, 2015, 05:20:20 PM
Looks like Avast fixed it already.  2016.123 was just released and that comes up 100% clean on virustotal.com but even yesterday's 2016.122 is now clean WRT Avast.

Mike