forum.vdsworld.com Forum Index forum.vdsworld.com
Visit VDSWORLD.com
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Virus scanner problem - false positive?

 
Post new topic   Reply to topic    forum.vdsworld.com Forum Index -> General Help
View previous topic :: View next topic  
Author Message
jwfv
Valued Contributor
Valued Contributor


Joined: 19 Mar 2002
Posts: 422
Location: Beaufort, SC

PostPosted: Tue Oct 09, 2007 9:01 pm    Post subject: Virus scanner problem - false positive? Reply with quote

Today, three locations that use our software reported problems with AVG antivirus. It reported that the programs created with VDS had logger.cxh in them and were potentially harmful.

After some testing, I am wondering if it might be a false positive. I created a new executable, tested it with AVG immediately, and it said it had the virus.

Has anyone else come across a false positive from a virus scanner? I seem to remember a thread about this. Does anyone have any experience with logger.cxh?

_________________
Joe Floyd
Back to top
View user's profile Send private message
DaveR
Valued Contributor
Valued Contributor


Joined: 03 Sep 2005
Posts: 413
Location: Australia

PostPosted: Wed Oct 10, 2007 8:55 am    Post subject: Reply with quote

I had the exact same false positive from AVG today on 2 of my applications that I use at work. Because I am not the admin I was unable to tell AVG to add them to the ignore list. AVG seems to have 'cleaned' the exes because they no longer had an icon and would no longer run!

These 2 applications are the only VDS applications that I use at work. This could be disasterous for a company if their daily activities depended on any applications written in VDS.

I tried to update AVG hoping that they had fixed the problem, but apparently I already have the latest virus definitions.

_________________
cheers

Dave
Back to top
View user's profile Send private message
jwfv
Valued Contributor
Valued Contributor


Joined: 19 Mar 2002
Posts: 422
Location: Beaufort, SC

PostPosted: Wed Oct 10, 2007 12:37 pm    Post subject: Reply with quote

From my testing, it apparently only affects the full version, not the free version.

I am going to try to submit a sample to AVG today so that they can fix it in the virus database. The problem is that most of the time, people are submitting one .exe that they can make an exception for. But this time it must be objecting to some code that is common to all VDS executables. So I don't know what they will do about that. But yes, it is a big problem. I am just waiting for more calls as more users update their AVG.

_________________
Joe Floyd
Back to top
View user's profile Send private message
jwfv
Valued Contributor
Valued Contributor


Joined: 19 Mar 2002
Posts: 422
Location: Beaufort, SC

PostPosted: Wed Oct 10, 2007 3:45 pm    Post subject: Reply with quote

Update to this problem:

It has apparently been fixed with the 10/10 update of the virus database. Hopefully it won't show back up!

_________________
Joe Floyd
Back to top
View user's profile Send private message
DaveR
Valued Contributor
Valued Contributor


Joined: 03 Sep 2005
Posts: 413
Location: Australia

PostPosted: Wed Oct 10, 2007 5:12 pm    Post subject: Reply with quote

jwfv wrote:
From my testing, it apparently only affects the full version, not the free version.

I was wondering why AVG Free here at home was ok.

jwfv wrote:
Update to this problem:

It has apparently been fixed with the 10/10 update of the virus database.

Excellent Smile

_________________
cheers

Dave
Back to top
View user's profile Send private message
Garrett
Moderator Team


Joined: 04 Oct 2001
Posts: 2149
Location: A House

PostPosted: Wed Oct 10, 2007 6:49 pm    Post subject: Reply with quote

VDS seems to be cursed with this problem. For as far back as I can remember, one AV or another has cropped up and said that our VDS made executables was infected at one time or another.
_________________
'What you do not want done to yourself, do not do to others.' - Confucius (550 b.c. to 479 b.c.)
Back to top
View user's profile Send private message
arcray
Valued Contributor
Valued Contributor


Joined: 13 Jul 2001
Posts: 242
Location: Aude, France

PostPosted: Tue Oct 16, 2007 8:50 am    Post subject: Reply with quote

Sophos is now reporting all the tools as being infected...
_________________
Andrew GRAY
If you don't know I am looking for work, I won't get the job.

andrewrcgray.com
Back to top
View user's profile Send private message Send e-mail
DaveR
Valued Contributor
Valued Contributor


Joined: 03 Sep 2005
Posts: 413
Location: Australia

PostPosted: Tue Oct 16, 2007 9:34 am    Post subject: Reply with quote

I wonder if some script kiddie has recently reelased a trojan written in VDS...
_________________
cheers

Dave
Back to top
View user's profile Send private message
Dave Heck
Valued Newbie


Joined: 02 Mar 2002
Posts: 34
Location: Union, CT USA

PostPosted: Thu Nov 29, 2007 11:16 pm    Post subject: Sophos "False Positives" Reply with quote

Our firm just purchased and installed Sophos Enterprise Console AV - it hit on 6 files in my C:\Program Files\VDS directory as being infected. I sent them samples of the files and they have fixed the issue. The attached JPG lists the files and the mis-identification.

Dave



Sophs - VDS False Positives.jpg
 Description:
 Filesize:  31.47 KB
 Viewed:  1463 Time(s)

Sophs - VDS False Positives.jpg



_________________
Dave Heck
dheck1961@cox.net
Union, Connecticut USA
Back to top
View user's profile Send private message Send e-mail
vtol
Valued Contributor
Valued Contributor


Joined: 05 Feb 2004
Posts: 642
Location: Eastern Indiana

PostPosted: Fri Nov 30, 2007 7:30 am    Post subject: Reply with quote

I've had 2 or 3 different antivirus hit on the UPX file and the vds Math DLL.
Among other vds related thingys... Rolleyes
Back to top
View user's profile Send private message Visit poster's website
DavidR
Contributor
Contributor


Joined: 05 Aug 2003
Posts: 83
Location: Bethel Pennsylvania U.S.A.

PostPosted: Fri Dec 07, 2007 11:18 am    Post subject: Reply with quote

Last evening Symantec deleted all the old dsrun.exe files from my hard drive. It adentified them as "hacker" tools.
I hope it leaves the newer stuff alone or I'm going to be in a heap of trouble.
.............David
Back to top
View user's profile Send private message
DavidR
Contributor
Contributor


Joined: 05 Aug 2003
Posts: 83
Location: Bethel Pennsylvania U.S.A.

PostPosted: Mon Jul 16, 2018 12:38 pm    Post subject: Symantec at it again Reply with quote

Well it's the same problem coming back with a vengeance.
VDS exe's that have been running for years in my workplace have suddenly been identified by Symantec as "infected".
their "heuristic" virus scanner identifies my programs as a threat.
To compound the problem our IT department isolates "infected" PC's from the network and wants them to be re-imaged before being allowed to reconnect.
Mad
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    forum.vdsworld.com Forum Index -> General Help All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

Twitter@vdsworld       RSS

Powered by phpBB © 2001, 2005 phpBB Group