View previous topic :: View next topic |
Author |
Message |
jwfv Valued Contributor
Joined: 19 Mar 2002 Posts: 422 Location: Beaufort, SC
|
Posted: Tue Oct 09, 2007 9:01 pm Post subject: Virus scanner problem - false positive? |
|
|
Today, three locations that use our software reported problems with AVG antivirus. It reported that the programs created with VDS had logger.cxh in them and were potentially harmful.
After some testing, I am wondering if it might be a false positive. I created a new executable, tested it with AVG immediately, and it said it had the virus.
Has anyone else come across a false positive from a virus scanner? I seem to remember a thread about this. Does anyone have any experience with logger.cxh?
_________________ Joe Floyd |
|
Back to top |
|
|
DaveR Valued Contributor
Joined: 03 Sep 2005 Posts: 413 Location: Australia
|
Posted: Wed Oct 10, 2007 8:55 am Post subject: |
|
|
I had the exact same false positive from AVG today on 2 of my applications that I use at work. Because I am not the admin I was unable to tell AVG to add them to the ignore list. AVG seems to have 'cleaned' the exes because they no longer had an icon and would no longer run!
These 2 applications are the only VDS applications that I use at work. This could be disasterous for a company if their daily activities depended on any applications written in VDS.
I tried to update AVG hoping that they had fixed the problem, but apparently I already have the latest virus definitions.
_________________ cheers
Dave |
|
Back to top |
|
|
jwfv Valued Contributor
Joined: 19 Mar 2002 Posts: 422 Location: Beaufort, SC
|
Posted: Wed Oct 10, 2007 12:37 pm Post subject: |
|
|
From my testing, it apparently only affects the full version, not the free version.
I am going to try to submit a sample to AVG today so that they can fix it in the virus database. The problem is that most of the time, people are submitting one .exe that they can make an exception for. But this time it must be objecting to some code that is common to all VDS executables. So I don't know what they will do about that. But yes, it is a big problem. I am just waiting for more calls as more users update their AVG.
_________________ Joe Floyd |
|
Back to top |
|
|
jwfv Valued Contributor
Joined: 19 Mar 2002 Posts: 422 Location: Beaufort, SC
|
Posted: Wed Oct 10, 2007 3:45 pm Post subject: |
|
|
Update to this problem:
It has apparently been fixed with the 10/10 update of the virus database. Hopefully it won't show back up!
_________________ Joe Floyd |
|
Back to top |
|
|
DaveR Valued Contributor
Joined: 03 Sep 2005 Posts: 413 Location: Australia
|
Posted: Wed Oct 10, 2007 5:12 pm Post subject: |
|
|
jwfv wrote: | From my testing, it apparently only affects the full version, not the free version. |
I was wondering why AVG Free here at home was ok.
jwfv wrote: | Update to this problem:
It has apparently been fixed with the 10/10 update of the virus database. |
Excellent
_________________ cheers
Dave |
|
Back to top |
|
|
Garrett Moderator Team
Joined: 04 Oct 2001 Posts: 2149 Location: A House
|
Posted: Wed Oct 10, 2007 6:49 pm Post subject: |
|
|
VDS seems to be cursed with this problem. For as far back as I can remember, one AV or another has cropped up and said that our VDS made executables was infected at one time or another.
_________________ 'What you do not want done to yourself, do not do to others.' - Confucius (550 b.c. to 479 b.c.) |
|
Back to top |
|
|
arcray Valued Contributor
Joined: 13 Jul 2001 Posts: 242 Location: Aude, France
|
Posted: Tue Oct 16, 2007 8:50 am Post subject: |
|
|
Sophos is now reporting all the tools as being infected...
_________________ Andrew GRAY
If you don't know I am looking for work, I won't get the job.
andrewrcgray.com |
|
Back to top |
|
|
DaveR Valued Contributor
Joined: 03 Sep 2005 Posts: 413 Location: Australia
|
Posted: Tue Oct 16, 2007 9:34 am Post subject: |
|
|
I wonder if some script kiddie has recently reelased a trojan written in VDS...
_________________ cheers
Dave |
|
Back to top |
|
|
Dave Heck Valued Newbie
Joined: 02 Mar 2002 Posts: 34 Location: Union, CT USA
|
Posted: Thu Nov 29, 2007 11:16 pm Post subject: Sophos "False Positives" |
|
|
Our firm just purchased and installed Sophos Enterprise Console AV - it hit on 6 files in my C:\Program Files\VDS directory as being infected. I sent them samples of the files and they have fixed the issue. The attached JPG lists the files and the mis-identification.
Dave
Description: |
|
Filesize: |
31.47 KB |
Viewed: |
1463 Time(s) |
|
_________________ Dave Heck
dheck1961@cox.net
Union, Connecticut USA |
|
Back to top |
|
|
vtol Valued Contributor
Joined: 05 Feb 2004 Posts: 642 Location: Eastern Indiana
|
Posted: Fri Nov 30, 2007 7:30 am Post subject: |
|
|
I've had 2 or 3 different antivirus hit on the UPX file and the vds Math DLL.
Among other vds related thingys...
|
|
Back to top |
|
|
DavidR Contributor
Joined: 05 Aug 2003 Posts: 83 Location: Bethel Pennsylvania U.S.A.
|
Posted: Fri Dec 07, 2007 11:18 am Post subject: |
|
|
Last evening Symantec deleted all the old dsrun.exe files from my hard drive. It adentified them as "hacker" tools.
I hope it leaves the newer stuff alone or I'm going to be in a heap of trouble.
.............David
|
|
Back to top |
|
|
DavidR Contributor
Joined: 05 Aug 2003 Posts: 83 Location: Bethel Pennsylvania U.S.A.
|
Posted: Mon Jul 16, 2018 12:38 pm Post subject: Symantec at it again |
|
|
Well it's the same problem coming back with a vengeance.
VDS exe's that have been running for years in my workplace have suddenly been identified by Symantec as "infected".
their "heuristic" virus scanner identifies my programs as a threat.
To compound the problem our IT department isolates "infected" PC's from the network and wants them to be re-imaged before being allowed to reconnect.
|
|
Back to top |
|
|
|