AVG 2013 virus scanner false positive on SETI@home 7 for Windows


log in

Advanced search

Message boards : News : AVG 2013 virus scanner false positive on SETI@home 7 for Windows

1 · 2 · 3 · 4 . . . 7 · Next
Author Message
Eric KorpelaProject donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar
Send message
Joined: 3 Apr 99
Posts: 1088
Credit: 8,839,649
RAC: 13,022
United States
Message 1373641 - Posted: 30 May 2013, 17:45:58 UTC
Last modified: 31 May 2013, 22:41:09 UTC

The AVG virus scanner heuristic virus detection method reports a false positive for SETI@home version 7.00 on windows. This alert doesn't not indicate an infection with a known virus, but indicates that the application contains code that the virus scanner considers to be suspicious. AVG 2012 apparently does not report any issues.

We believe that this alert is related to the method we used to compress the executable in order to save network bandwidth. We are examining how we can resolve the problem. Until then the best strategy is to click "cancel" or "ignore" to the AVG warnings.
____________

Profile IgogoProject donor
Volunteer tester
Avatar
Send message
Joined: 18 Dec 04
Posts: 100
Credit: 37,741,795
RAC: 31,933
Ukraine
Message 1373649 - Posted: 30 May 2013, 17:50:44 UTC - in response to Message 1373641.

Thank you Eric.

WezH
Volunteer tester
Send message
Joined: 19 Aug 99
Posts: 89
Credit: 3,732,809
RAC: 14,032
Finland
Message 1373678 - Posted: 30 May 2013, 18:23:12 UTC

Same problem with Avira Antivirus Free:

Product version 12.1.9.1236 11.10.2012
Search engine 8.02.12.50 27.5.2013
Virus definition file 7.11.81.128 30.5.2013
Control Center 12.03.00.15 1.5.2012
Config Center 12.03.00.28 9.8.2012
Luke Filewalker 12.03.00.48 15.11.2012
Realtime Protection 12.03.00.15 1.5.2012
Filter 12.00.24.11 24.4.2012
Web Protection 12.03.08.15 1.5.2012
Scheduler 12.03.00.15 1.5.2012
Updater 12.03.14.38 15.11.2012
Rootkits Protection 12.00.50.34 27.4.2012

Eric KorpelaProject donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar
Send message
Joined: 3 Apr 99
Posts: 1088
Credit: 8,839,649
RAC: 13,022
United States
Message 1373693 - Posted: 30 May 2013, 18:46:08 UTC - in response to Message 1373678.
Last modified: 30 May 2013, 19:17:36 UTC

If you're willing, could you please download http://boinc2.ssl.berkeley.edu/beta/download/setiathome_7.00_windows_intelx86_unpacked.exe
and scan it with your virus scanner to see if it reports a problem with the uncompressed file?

And if that checks out, try to scan a recompressed version, just to be sure. http://boinc2.ssl.berkeley.edu/beta/download/setiathome_7.00_windows_intelx86_repacked.exe
____________

Profile Ageless
Avatar
Send message
Joined: 9 Jun 99
Posts: 12300
Credit: 2,594,220
RAC: 926
Netherlands
Message 1373704 - Posted: 30 May 2013, 19:21:56 UTC
Last modified: 30 May 2013, 19:43:05 UTC

Microsoft Security Essentials reports nothing wrong with either the executable or the dynamic linked library.
____________
Jord

Fighting for the correct use of the apostrophe, together with Weird Al Yankovic

enriqueromo
Send message
Joined: 9 Mar 13
Posts: 2
Credit: 150,218
RAC: 0
Mexico
Message 1373712 - Posted: 30 May 2013, 19:27:14 UTC - in response to Message 1373641.
Last modified: 30 May 2013, 19:27:39 UTC

The same with Spyhunter4
____________

Profile mrcmobile
Send message
Joined: 6 Aug 99
Posts: 1
Credit: 615,444
RAC: 49
Italy
Message 1373719 - Posted: 30 May 2013, 19:32:02 UTC

Same problem with trendmicro Fake Antivirus (FakeAV) Removal Tool.
http://esupport.trendmicro.com/solution/en-us/1056510.aspx

marco
____________

Sten-Arne
Volunteer tester
Send message
Joined: 1 Nov 08
Posts: 3406
Credit: 20,003,244
RAC: 22,953
Sweden
Message 1373721 - Posted: 30 May 2013, 19:32:53 UTC - in response to Message 1373693.
Last modified: 30 May 2013, 19:36:27 UTC

If you're willing, could you please download http://boinc2.ssl.berkeley.edu/beta/download/setiathome_7.00_windows_intelx86_unpacked.exe
and scan it with your virus scanner to see if it reports a problem with the uncompressed file?

And if that checks out, try to scan a recompressed version, just to be sure. http://boinc2.ssl.berkeley.edu/beta/download/setiathome_7.00_windows_intelx86_repacked.exe


Can't even download them, it's as if they aren't there. And when trying to find them manually at http://boinc2.ssl.berkeley.edu/beta/download/ that gives a 403 forbidden.

I would have tested them with Avast, if I could get my hands on them....
____________

Eric KorpelaProject donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar
Send message
Joined: 3 Apr 99
Posts: 1088
Credit: 8,839,649
RAC: 13,022
United States
Message 1373722 - Posted: 30 May 2013, 19:33:51 UTC - in response to Message 1373704.
Last modified: 30 May 2013, 19:47:07 UTC

Symantec Endpoint Protection 11 and AVG 2012 find no problems, both with heuristics on.
____________

Eric KorpelaProject donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar
Send message
Joined: 3 Apr 99
Posts: 1088
Credit: 8,839,649
RAC: 13,022
United States
Message 1373729 - Posted: 30 May 2013, 19:36:45 UTC - in response to Message 1373721.

That's weird. I'm able to get them both from home. It's probably the coral cache problem. Try http://boinc2.ssl.berkeley.edu.nyud.net/beta/download/setiathome_7.00_windows_intelx86_unpacked.exe directly.
____________

Sten-Arne
Volunteer tester
Send message
Joined: 1 Nov 08
Posts: 3406
Credit: 20,003,244
RAC: 22,953
Sweden
Message 1373731 - Posted: 30 May 2013, 19:37:53 UTC - in response to Message 1373729.

That's weird. I'm able to get them both from home. It's probably the coral cache problem. Try http://boinc2.ssl.berkeley.edu.nyud.net/beta/download/setiathome_7.00_windows_intelx86_unpacked.exe directly.


Nop, the page doesn't exist.
____________

Profile Ageless
Avatar
Send message
Joined: 9 Jun 99
Posts: 12300
Credit: 2,594,220
RAC: 926
Netherlands
Message 1373741 - Posted: 30 May 2013, 19:43:40 UTC

I scanned the repack as well. No problems. (Obviously no problems downloading the files either).

Did additional scans with:
Malwarebytes Anti-Malware 1.75.0.1300, Database version: v2013.05.30.06 -> no problems.

Superantispyware -> no problems.

Plus I did a scan at Virustotal.com, for the repack outcome 0/46 viruses found.
For the unpacked outcome 0/47 viruses found.
____________
Jord

Fighting for the correct use of the apostrophe, together with Weird Al Yankovic

Eric KorpelaProject donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar
Send message
Joined: 3 Apr 99
Posts: 1088
Credit: 8,839,649
RAC: 13,022
United States
Message 1373747 - Posted: 30 May 2013, 19:46:14 UTC - in response to Message 1373731.

How about http://boinc2.ssl.berkeley.edu/beta/download/setiathome_7.00_windows_intelx86_unpacked.exe?coral-no-serve
____________

Sten-Arne
Volunteer tester
Send message
Joined: 1 Nov 08
Posts: 3406
Credit: 20,003,244
RAC: 22,953
Sweden
Message 1373749 - Posted: 30 May 2013, 19:50:10 UTC - in response to Message 1373747.

How about http://boinc2.ssl.berkeley.edu/beta/download/setiathome_7.00_windows_intelx86_unpacked.exe?coral-no-serve


Yup, that works. Your first links worked when I tried them on my old W2000 server with the old old IE6 browser.
____________

ClaggyProject donor
Volunteer tester
Send message
Joined: 5 Jul 99
Posts: 4089
Credit: 33,021,007
RAC: 6,845
United Kingdom
Message 1373750 - Posted: 30 May 2013, 19:52:01 UTC - in response to Message 1373731.

That's weird. I'm able to get them both from home. It's probably the coral cache problem. Try http://boinc2.ssl.berkeley.edu.nyud.net/beta/download/setiathome_7.00_windows_intelx86_unpacked.exe directly.


Nop, the page doesn't exist.


I used Getright to try out that link, for the first three attempts it came up 'no connection', on the 4th it got a connection and showed the file as 1.59Mb

Claggy

Eric KorpelaProject donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar
Send message
Joined: 3 Apr 99
Posts: 1088
Credit: 8,839,649
RAC: 13,022
United States
Message 1373753 - Posted: 30 May 2013, 19:52:48 UTC - in response to Message 1373749.

We'll be turning off coral caching in a day or two, so that problem will go away in a short time.
____________

Sten-Arne
Volunteer tester
Send message
Joined: 1 Nov 08
Posts: 3406
Credit: 20,003,244
RAC: 22,953
Sweden
Message 1373757 - Posted: 30 May 2013, 19:56:12 UTC - in response to Message 1373753.

We'll be turning off coral caching in a day or two, so that problem will go away in a short time.


Got both down now with "?coral-no-serve"

Tested both with Avast, and it didn't find any harmful code.
____________

Eric KorpelaProject donor
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar
Send message
Joined: 3 Apr 99
Posts: 1088
Credit: 8,839,649
RAC: 13,022
United States
Message 1373803 - Posted: 30 May 2013, 20:58:40 UTC - in response to Message 1373719.

Same problem with trendmicro Fake Antivirus (FakeAV) Removal Tool.


Trend FakeAV reports about valid 20 programs on my system as "RogueAV" including BOINC, the NVIDIA tray utility, the UPS monitor, the Trend FakeAV Removal Tool, and the drivers for my camera. It seems that just about anything that runs as a console program in the background or has a tray icon gets reported. And it always hangs hard before completing its scans. After attemting to run it a few times, I decided I can safely ignore its detections as entirely false positives. I'm surprised there hasn't been a class action suit by software publishers against Trendmicro.
____________

Profile Raistmer
Volunteer developer
Volunteer tester
Avatar
Send message
Joined: 16 Jun 01
Posts: 3419
Credit: 46,518,646
RAC: 10,203
Russia
Message 1373807 - Posted: 30 May 2013, 21:03:42 UTC
Last modified: 30 May 2013, 21:04:29 UTC

As I said in original thread already, AVG produces too many false positives to be useful. All my friends denied from use it already...
(if someone shout "fire" too often he risks to burn w/o any help...)
____________

Profile Floyd
Avatar
Send message
Joined: 19 May 11
Posts: 524
Credit: 1,870,625
RAC: 0
United States
Message 1373814 - Posted: 30 May 2013, 21:09:18 UTC - in response to Message 1373693.
Last modified: 30 May 2013, 21:13:31 UTC

If you're willing, could you please download http://boinc2.ssl.berkeley.edu/beta/download/setiathome_7.00_windows_intelx86_unpacked.exe
and scan it with your virus scanner to see if it reports a problem with the uncompressed file?

And if that checks out, try to scan a recompressed version, just to be sure. http://boinc2.ssl.berkeley.edu/beta/download/setiathome_7.00_windows_intelx86_repacked.exe


Sir:
I downloaded both and AVG 2013 scanned them in the download folder and found nothing.

EDIT:
That was after it found them and I told it to allow , so it was added to the exception list in avg , Just remembered that.

1 · 2 · 3 · 4 . . . 7 · Next

Message boards : News : AVG 2013 virus scanner false positive on SETI@home 7 for Windows

Copyright © 2014 University of California