2008-11-04, 08:25 PM
Pages: 1 2
2008-11-04, 09:06 PM
When I did the install, AVG narrowed the problem down to an example for dvd shrink.
2008-11-04, 09:25 PM
AVG has lots of false positives...so i'm not surprised.. i would try scanning it with another couple of antiviruses to be sure, tho it's most likely a false positive from AVG because of compression methods..[it flags things that look even *close* to viruses without being sure]
2008-11-04, 10:27 PM
Upload the suspect file to http://virusscan.jotti.org/ and see what it reports.
It uses multiple scan engines and I've found it fairly useful and have junked AVG becaus eof all its false positives.
It uses multiple scan engines and I've found it fairly useful and have junked AVG becaus eof all its false positives.
2008-11-05, 12:26 AM
I downloaded BurndDVDX2 and also triggered a virus detection with Avast: Win32:Trojan-gen {Other}.
2008-11-05, 12:43 AM
example for dvd shrink? been a while, i wonder if it's an autoit script? [they often gave same error if certain autoit ver used] tho it's been fixed in newer versions..
what kind of file is it in? [name]
what kind of file is it in? [name]
2008-11-05, 12:48 AM
From Avast Log:
Code:
11/4/2008 1:32:46 PM SYSTEM 1496 Sign of "Win32:Trojan-gen {Other}" has been found in "[URL]http://gbpvr.com/pmwiki/pmwiki.php/Plugin/BurnDVDX2?action=downloadman&upname=BurnDVDX2.zip\BurnDVDX2Install.exe\$INSTDIR\third[/URL] party\burndvd\cmddvdshrink100.exe" file.
2008-11-05, 05:52 AM
JavaWiz Wrote:From Avast Log:
Code:11/4/2008 1:32:46 PM SYSTEM 1496 Sign of "Win32:Trojan-gen {Other}" has been found in "[url=http://gbpvr.com/pmwiki/pmwiki.php/Plugin/BurnDVDX2?action=downloadman&upname=BurnDVDX2.zip%5CBurnDVDX2Install.exe%5C$INSTDIR%5Cthird]http://gbpvr.com/pmwiki/pmwiki.php/Plugin/BurnDVDX2?action=downloadman&upname=BurnDVDX2.zip\BurnDVDX2Install.exe\$INSTDIR\third[/url] party\burndvd\cmddvdshrink100.exe" file.
That's an autohotkey file that get's detected by AVS as a worm. It is a false positive.
2008-11-05, 06:42 AM
pastro Wrote:That's an autohotkey file that get's detected by AVS as a worm. It is a false positive.Good to know. Should that be noted in the Wiki somewhere around the download link?
2008-11-05, 08:58 PM
ahh.those are same as autoit problem..in fact, i think that was made based on autoit..
it's mostly the upx compression, and it actually IS a problem, because the compression in question allows other trojans to be hidden inside as well, so while it may appear to be a false positive, it doesn't mean there isn't any danger in running it...so not truly a false positive...
[false positives have been used to get you to let your guard down, so they can get in]
i would seriously look into replacing/rebuilding that file if possible...if you don't have the source then you really don't know what's in it...so the alerts could be warranted..
all that file really is is a autoit style macro to control the dvdshrink window automatically...
not that hard to reproduce from scratch....probably only needs updating, if it's decompilable..
****is that file even necessary?***
it's mostly the upx compression, and it actually IS a problem, because the compression in question allows other trojans to be hidden inside as well, so while it may appear to be a false positive, it doesn't mean there isn't any danger in running it...so not truly a false positive...
[false positives have been used to get you to let your guard down, so they can get in]
i would seriously look into replacing/rebuilding that file if possible...if you don't have the source then you really don't know what's in it...so the alerts could be warranted..
all that file really is is a autoit style macro to control the dvdshrink window automatically...
not that hard to reproduce from scratch....probably only needs updating, if it's decompilable..
****is that file even necessary?***
Pages: 1 2