PortableFileAssociator: Downloads o.k., but get the following warning/err.
Have removed all trace of this code, until you give it the green light.
ÿþ"Scan ""Shell extension scan"" completed."
Infections;"2";"0";"2"
Folders selected for scanning:;"C:\Documents and Settings\Owner\My Documents\Portable Apps\PortableFileAssociator_2.2.1.8_English_pass=zer0dev\PortableFileAssociator_2.2.1.8_English.exe;"
Scan started:;"Sunday, December 11, 2011, 7:26:51 PM"
Scan finished:;"Sunday, December 11, 2011, 7:26:54 PM (2 second(s))"
Total object scanned:;"30"
User who launched the scan:;"Owner"
Infections
;"File";"Infection";"Result"
;"C:\Documents and Settings\Owner\My Documents\Portable Apps\PortableFileAssociator_2.2.1.8_English_pass=zer0dev\PortableFileAssociator_2.2.1.8_English.exe";"Trojan horse Generic2_c.CCCM";"Infected"
;"C:\Documents and Settings\Owner\My Documents\Portable Apps\PortableFileAssociator_2.2.1.8_English_pass=zer0dev\PortableFileAssociator_2.2.1.8_English.exe:\$JF\PortableFileAssociator.exe";"Trojan horse Generic2_c.CCCM";"Infected"
Pls Advise, if safe to Activate or not. Thank You
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
What software is giving you this error message?
I use Vipre Business and have no issues with the file
“Be who you are and say what you feel because those who mind don't matter and those who matter don't mind.” Dr. Seuss
It is not a virus if you downloaded the file from https://portableapps.com/node/15583. The only way it could be infected is if it got infected by another virus already present on your system, but don't worry, that's probably not the case.
Most likely it is a false positive (https://www.securelist.com/en/glossary?glossid=153654932). Essentially, a mistake of the AV program. PortableFileAssociator is written in AutoIt, and many AV programs flag all AutoIt apps as bad just because it's easy to program in AutoIt. Their reasoning being "it's also easy to create malware with it". Similar to how downloaded .BAT files are often flagged.
The source code of the app is provided with the download. Read a few posts about the issue: https://portableapps.com/node/15583?page=3#comment-170010
Also note: Trojan horse Generic2_c.CCCM. Often, but not always, AV flags such as "generic", "packed", "pac.generic", "PUA", "heuristic" and "Artemis" are in fact not viruses or malware. It means they could be, but are not in most cases. The best approach is what you have done, contact the developers, scan it with something like virustotal.com, and if it's a false positive, report it to your AV program vendor as such.
My posts are old and likely no longer relevant.
My antivirus at work was giving a false positive for this program too. I found that it didn't get blocked if I removed the UPX compression on the main exe file (I had to do this on a different computer). Find upx.exe and run upx.exe -d portablefileassociator.exe. Apparently some antivirus programs think "Gosh, only a virus writer would use UPX to compress an AutoIt executable."
so, if current McAfee (with a 21May DAT) deletes it as soon as it starts downloading and Chrome stops downloading with 'This file is malicious and Chrome has blocked it' perhaps a repackaging to avoid the 'false positive' might be in order? Even if I got this on someone else's machine, my pc's firewall or McAfee would detect and kill file from Email or USB drive.
It's not the packaging that's the issue. It's because the app inside the package is an AutoIT app. All AutoIT apps are the same AutoIT EXE with the script stuck to the end. So, all AutoIT apps of the same version of AutoIT look the same to antivirus other than the script at the end. Unfortunately, AutoIT is extremely popular with malware folks, so nearly all AutoIT apps will have false positive issues. This is using a very old version of AutoIT and has been whitelisted by many antivirus. If we recompiled with the current version, it would be even worse. This is the reason why we've banned AutoIT apps from official releases in the Portable Apps Directory.
Sometimes, the impossible can become possible, if you're awesome!