Tech Support Forum banner
Status
Not open for further replies.
1 - 14 of 14 Posts

·
TSF Team Emeritus, Microsoft Support
Joined
·
15,478 Posts
Discussion Starter · #1 ·
After installing Spywareblaster 4.1, AVG Free 8.0.100 has been giving me the following alert(s):

Resident Shield:
Torjan horse Dropper.Agent.IPC C:\Program Files\Spywareblaster\sbautoupdate.exe

2 instances, same location

False / positive alert?
 

·
TSF Security Manager, Emeritus
Joined
·
52,196 Posts
Re: AVG Free 8.0.100

Hiya, TJ -

I decided to install the new version on a test box, and scanned the file at VT. Seems 6/32 vendors are seeing it as malicious/suspicious. I've alerted javacool, and uploaded the file where multiple vendors can see it.

I strongly believe this to be a false positive report. javacool is reputable software.
 

·
TSF Team Emeritus, Microsoft Support
Joined
·
15,478 Posts
Discussion Starter · #5 ·
Re: AVG Free 8.0.100

I tried to send to Virus Total....dang Vista wouldnt allow me to do nothing with it. I tried attaching via email and also using the uploader but when I right click and hit Send to, Virus Total was not in the list....grrr

So I moved it to the AVG vault and sent it that way. I didnt want to move to the vault just yet but was forced to. I will need to restore it.

It most likely is a fp because its a new version 4.1
 

·
TSF Security Manager, Emeritus
Joined
·
52,196 Posts
Re: AVG Free 8.0.100

Subject: Re: VVSAMPLE analysis

This email is an auto-response message. Please do not reply.

AVG Anti-virus Research Lab has analyzed the file(s) you have sent from your AVG Virus Vault. Below you can find the results for each file. The final verdict on the file is either a correct detection or a false positive detection.

Further information about the verdicts are available at our website:
http://www.avg.com/faq-1184

"C:\Program Files\SpywareBlaster\sbautoupdate.exe" - detection is correct
:upset:


1. Correct detection

In case the file is detected correctly, it will not be removed from the AVG detection. If you believe that the file should not be detected by AVG, please contact our Technical Support.

If you decide to keep the file and use it with the risk of possible payload it may carry, you can restore it from the AVG Virus Vault, and manually exclude it from the AVG detection:

* If the file is detected as a Potentially Unwanted Program
o Please open AVG - menu "Tools" - "Advanced settings" - "PUP Exceptions".
o Click "Add exception" and browse to the file.
* If the file is detected as a virus
o Please open AVG - menu "Tools" - "Advanced settings" - "Resident Shield" - "Exceptions".
o Enable the option "Use excludes in Resident Shield" and "Add path" to the folder which contains the file.
o Please note that the file will be still detected by AVG test. However, you can disable automatic healing in AVG - "Computer scanner" - double-click on scheduled scan - "How to scan" - disable the option "Automatically heal/remove infections".
 

·
TSF Security Manager, Emeritus
Joined
·
52,196 Posts
Re: AVG Free 8.0.100

I seriously doubt it....it means that real analysts at Grisoft (and the other 5 vendors) will have to look at the file, rather than the automated system.

It's an updater file, so it's understandable that it gets flagged, but they should be able to whitelist the new version so it doesn't.
 

·
TSF Security Manager, Emeritus
Joined
·
52,196 Posts
Re: AVG Free 8.0.100

Javacool is working hard with the vendors trying to get this False Positive rectified.

The legitimate sbautoupdate.exe file is digitally signed by "Javacool Software LLC", and has the following checksums:

MD5: 5D0E5821EB35CDA9C320C1BDF1A4B695
SHA1: 62B09B3503C05A3CC853BB8BDFCC8292FD200E53
 

·
TSF Team Emeritus, Microsoft Support
Joined
·
15,478 Posts
Discussion Starter · #10 ·
Re: AVG Free 8.0.100

I am hope AVG's next update with resolve this issue, otherwise I will need to place it as an exception or whatever the term is they use....:rolleyes:
I tried this already but it wouldnt allow me navigate to the file, only to the spywareblaster folder nothing beyond that ....
 

·
Registered
Joined
·
301 Posts
Re: AVG Free 8.0.100

A service pack is shortly forthcoming for AVG 8.0.
Many concerns are being addressed and will be fixed.

AVG and Javacool work closely together and I'm sure they will work out any problems in short order.

For now, lets just wait it out.
AVG 8.0 FREE is having NO problems with my Spyware Blaster 4.0.

I'd suggest continuing to use that version for now.

Cheers mates!
The Shadow :cool:
 

·
TSF Security Manager, Emeritus
Joined
·
52,196 Posts
Re: AVG Free 8.0.100

An update has been pushed, and AVG Free 8 is no longer detecting this false positive.

Please update your definitions manually now, or wait for the next autoupdate.

Edit for informative link:

http://www.wilderssecurity.com/showthread.php?t=212191
 

·
TSF Team Emeritus, Microsoft Support
Joined
·
15,478 Posts
Discussion Starter · #13 ·
Re: AVG Free 8.0.100

I installed the same 2 programs on a computer today and there was no detection of the trojan. BUT it was XP not Vista like the original pc.

Well, at least they are aware and are fixing the issue

Thanks Bob
 
1 - 14 of 14 Posts
Status
Not open for further replies.
Top