Mike Chaney's Tech Corner
November 16, 2024, 06:26:37 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Qimage registration expired? New lifetime licenses are only $59.99!
 
   Home   Help Login Register  
Pages: [1]
  Print  
Author Topic: AVG internet secruity (false positive?????)  (Read 14583 times)
mical
Newbie
*
Posts: 41


« on: September 12, 2015, 07:46:51 PM »

Hi all.
I just tried to download QU-2016-121 but my AVG internet security promptly stopped the download, quarantined a threat and gave me this, see screen shot. Any pointers as to how to proceed?                


Logged
Jeff
Hero Member
*****
Posts: 764



WWW Email
« Reply #1 on: September 13, 2015, 07:01:13 AM »

Hi all.
I just tried to download QU-2016-121 but my AVG internet security promptly stopped the download, quarantined a threat and gave me this, see screen shot. Any pointers as to how to proceed?                


Disable AVG for 10mins.  ??

Jeff
Logged

Grumpy
Terry-M
The Honourable Metric Mann
Forum Superhero
*****
Posts: 3251



WWW
« Reply #2 on: September 13, 2015, 08:37:27 AM »

Quote
Disable AVG for 10mins.  ??
Be careful!
That is a Trojan you've picked up shown on that screen shot.
See http://www.im-infected.com/trojan/idp-trojan.html
You need to remove it.
Terry
Logged
admin
Administrator
Forum Superhero
*****
Posts: 4218



Email
« Reply #3 on: September 13, 2015, 02:44:01 PM »

Quote
Disable AVG for 10mins.  ??
Be careful!
That is a Trojan you've picked up shown on that screen shot.
See http://www.im-infected.com/trojan/idp-trojan.html
You need to remove it.
Terry

Yeah, I know Fred uses AVG and he had no problem with 2016.121 so that is coming from somewhere else.  It'd be a good idea to remove/disinfect that one and try again.  AVG probably picked up that previous infection because it rescanned the download folder when you downloaded QU.

Regards,
Mike
Logged
Geraldo Garcia
Newbie
*
Posts: 46


« Reply #4 on: September 16, 2015, 08:41:21 PM »

I just started getting warnings from Avast antivirus about Qimage being infected by "Win32:Banker-MGC[Trj]" out of the blue.
The last software I installed was Qimage 122 earlier today and it was working fine. A few hours later I started getting warnings from Avast and it moves Qimage.exe to quarantine.
Scanning the system no other threat was found. Scanning the installer from Qimage gives no warning either, but when I try to install it Avast warns about the trojan.
Is it a false positive or there is a sneaky trojan on my system? Any other Avast users getting this?
« Last Edit: September 16, 2015, 09:14:09 PM by Geraldo Garcia » Logged
Geraldo Garcia
Newbie
*
Posts: 46


« Reply #5 on: September 16, 2015, 08:51:38 PM »

Some more info:
I exported the file from quarantine and run it through virustotal.com
From 56 antivirus engines only Avast considered it a threat. Looks like a false positive to me!
Logged
Terry-M
The Honourable Metric Mann
Forum Superhero
*****
Posts: 3251



WWW
« Reply #6 on: September 16, 2015, 10:33:36 PM »

Quote
Is it a false positive or there is a sneaky trojan on my system?
No, it's not a false positive. I had the same thing as did Mical with AVG.
I allowed AVG to quarantine the trojan (different from yours) and re-booted. Then I downloaded QU again and all was ok.
It does seem that there is something being picked up by a few of us which is hiding in our download folders.
I use Firefox, maybe there's some vulnerability there.
I did not have a problem with v122.
Terry
Logged
afed4enko
Newbie
*
Posts: 5


Email
« Reply #7 on: September 17, 2015, 12:54:08 AM »

Avast every time I try to install move EXE to quarantine (reason - Win32:Banker trojan). System checked and clean. File downloaded by different ways (browsers and Download Master). Simple question: file on your server can be infected?
Logged
Geraldo Garcia
Newbie
*
Posts: 46


« Reply #8 on: September 17, 2015, 03:00:48 AM »

Well... that makes two.

I downloaded and installed Qimage Ultimate on a new computer, previously scanned and free of virus, and Avast again considered it infected by "win32:Banker".
I again used virustotal.com to scan Qimage.exe and now two scan engines considered it infected (Avast and Qihoo-360).

Terry, Mike, please have a look at it and, if you don't use Avast, try virustotal.com.
I am confident that your files are free of virus, but I just want to be 100% sure that it is a false positive before I mark it as such.

Thanks in advance.
Logged
Fred A
Forum Superhero
*****
Posts: 5644



WWW Email
« Reply #9 on: September 17, 2015, 09:15:05 AM »

Quote
I downloaded and installed Qimage Ultimate on a new computer, previously scanned and free of virus, and Avast again considered it infected by "win32:Banker".


A couple of comments from the "Peanut Gallery".
Mical and Terry both use AVG Internet Security. They are getting a Trojan Alert.
As Mike said, I use AVG Antivirus and I do not get an alert.
Can someone with the AVG Internet Security look into the difference and try to determine if there's some additional level of security that may be the cause of the Trojan alerts?

For about a year or so, I keep getting a Trojan alert which AVG says is contained in my Logitech Camera software/driver.
Here's what I did.
I quarantined the Trojan, removed it from the vault, uninstalled Logitech, using a scrubbing tool.
Then reinstalled a fresh download.
On the next scheduled virus scan, here's my trojan back again.
I quarantined him and then ignored the message.
Then I moved the driver install exe file to a different drive; one that is not included in the scheduled virus scan.

No more virus detected. Conclusion (right or wrong) to me is that there was some code string in the driver exe file  that triggered the virus alert. False Positive, if you will.
Anytime a file has an .exe suffix, all these email and internet secutiry people who write this code get a Spastic Colon. They put on Hazmat suits and try to "protect you".

I can be fairly confident that a company like Logitech probably has a clean driver download, and it follows that DDI software does also.
One very important reason to me!!!
Logitech and Mike (Qimage) both have you downloading from their individual server.
I noticed one gentleman mentioned he used "Download master". There are dozens of so called installer and downloader programs that purport to assist you or to speed you up, or to check to see if all your drivers are up to date.
This is usually where the trojans and viruses and Adware lurk.

Do yourself a favor and stay off of those.

Fred

Logged
admin
Administrator
Forum Superhero
*****
Posts: 4218



Email
« Reply #10 on: September 17, 2015, 11:44:16 AM »

It's nothing but a simple false positive.  The file on the server is identical to the one I uploaded.  The MD5 for the registered version (qu16-122.exe) is 6f66680b3ffc91fe82fd0fca040d65b5 if you'd like to check it yourself.

In my experience, Avast is not very good.  I've had to uninstall it from friend's computers and install NOD32 for this same reason: too many false positives.  PC Magazine basically said the same thing and down-rated it for many false positives this year:
http://www.pcmag.com/article2/0,2817,2481367,00.asp

Mike
Logged
admin
Administrator
Forum Superhero
*****
Posts: 4218



Email
« Reply #11 on: September 17, 2015, 11:59:13 AM »

Avast users: here's how to submit a false positive report...

https://www.avast.com/en-us/faq.php?article=AVKB21#idt_07

Mike
Logged
Geraldo Garcia
Newbie
*
Posts: 46


« Reply #12 on: September 17, 2015, 04:41:46 PM »

Ok! That is what I thought. Thanks for confirming it.
Just sent the false positive notification.

Regards.
Logged
admin
Administrator
Forum Superhero
*****
Posts: 4218



Email
« Reply #13 on: September 17, 2015, 05:20:20 PM »

Looks like Avast fixed it already.  2016.123 was just released and that comes up 100% clean on virustotal.com but even yesterday's 2016.122 is now clean WRT Avast.

Mike
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Security updates 2022 by ddisoftware, Inc.