You are here

PortableFileAssociator Alert

6 posts / 0 new
Last post
GusN6603
GusN6603's picture
Offline
Last seen: 12 years 11 months ago
Joined: 2011-12-01 20:50
PortableFileAssociator Alert

PortableFileAssociator: Downloads o.k., but get the following warning/err.
Have removed all trace of this code, until you give it the green light.
ÿþ"Scan ""Shell extension scan"" completed."
Infections;"2";"0";"2"
Folders selected for scanning:;"C:\Documents and Settings\Owner\My Documents\Portable Apps\PortableFileAssociator_2.2.1.8_English_pass=zer0dev\PortableFileAssociator_2.2.1.8_English.exe;"
Scan started:;"Sunday, December 11, 2011, 7:26:51 PM"
Scan finished:;"Sunday, December 11, 2011, 7:26:54 PM (2 second(s))"
Total object scanned:;"30"
User who launched the scan:;"Owner"

Infections
;"File";"Infection";"Result"
;"C:\Documents and Settings\Owner\My Documents\Portable Apps\PortableFileAssociator_2.2.1.8_English_pass=zer0dev\PortableFileAssociator_2.2.1.8_English.exe";"Trojan horse Generic2_c.CCCM";"Infected"
;"C:\Documents and Settings\Owner\My Documents\Portable Apps\PortableFileAssociator_2.2.1.8_English_pass=zer0dev\PortableFileAssociator_2.2.1.8_English.exe:\$JF\PortableFileAssociator.exe";"Trojan horse Generic2_c.CCCM";"Infected"

Pls Advise, if safe to Activate or not. Thank You

vf2nsr
vf2nsr's picture
Offline
Last seen: 8 years 1 month ago
Developer
Joined: 2010-02-13 17:10
???

What software is giving you this error message?

I use Vipre Business and have no issues with the file

“Be who you are and say what you feel because those who mind don't matter and those who matter don't mind.” Dr. Seuss

dboki89
Offline
Last seen: 9 years 10 months ago
Joined: 2009-11-30 20:44
Not A Virus

It is not a virus if you downloaded the file from https://portableapps.com/node/15583. The only way it could be infected is if it got infected by another virus already present on your system, but don't worry, that's probably not the case.

Most likely it is a false positive (https://www.securelist.com/en/glossary?glossid=153654932). Essentially, a mistake of the AV program. PortableFileAssociator is written in AutoIt, and many AV programs flag all AutoIt apps as bad just because it's easy to program in AutoIt. Their reasoning being "it's also easy to create malware with it". Similar to how downloaded .BAT files are often flagged.

The source code of the app is provided with the download. Read a few posts about the issue: https://portableapps.com/node/15583?page=3#comment-170010

Also note: Trojan horse Generic2_c.CCCM. Often, but not always, AV flags such as "generic", "packed", "pac.generic", "PUA", "heuristic" and "Artemis" are in fact not viruses or malware. It means they could be, but are not in most cases. The best approach is what you have done, contact the developers, scan it with something like virustotal.com, and if it's a false positive, report it to your AV program vendor as such.

My posts are old and likely no longer relevant.

jeff93063
Offline
Last seen: 12 years 11 months ago
Joined: 2009-10-06 10:00
My antivirus at work was

My antivirus at work was giving a false positive for this program too. I found that it didn't get blocked if I removed the UPX compression on the main exe file (I had to do this on a different computer). Find upx.exe and run upx.exe -d portablefileassociator.exe. Apparently some antivirus programs think "Gosh, only a virus writer would use UPX to compress an AutoIt executable."

g236007
Offline
Last seen: 10 years 6 months ago
Joined: 2007-01-08 15:51
McAfee and Chrome flag as Trojan

so, if current McAfee (with a 21May DAT) deletes it as soon as it starts downloading and Chrome stops downloading with 'This file is malicious and Chrome has blocked it' perhaps a repackaging to avoid the 'false positive' might be in order? Even if I got this on someone else's machine, my pc's firewall or McAfee would detect and kill file from Email or USB drive.

John T. Haller
John T. Haller's picture
Offline
Last seen: 12 hours 6 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Not The Package, It's AutoIT

It's not the packaging that's the issue. It's because the app inside the package is an AutoIT app. All AutoIT apps are the same AutoIT EXE with the script stuck to the end. So, all AutoIT apps of the same version of AutoIT look the same to antivirus other than the script at the end. Unfortunately, AutoIT is extremely popular with malware folks, so nearly all AutoIT apps will have false positive issues. This is using a very old version of AutoIT and has been whitelisted by many antivirus. If we recompiled with the current version, it would be even worse. This is the reason why we've banned AutoIT apps from official releases in the Portable Apps Directory.

Sometimes, the impossible can become possible, if you're awesome!

Log in or register to post comments