You are here

Trojan in GnuCash Portable?

10 posts / 0 new
Last post
tmaibaum
Offline
Last seen: 13 years 3 months ago
Joined: 2007-09-22 08:54
Trojan in GnuCash Portable?

Hi, I got a problem with GnuCash Portable. My anti-virus scanner (Avira Antivir) keeps telling me that "aqbanking-tool.exe is the trojan horse TR/Agent.861383". I hope this is a false positive?

Shawn Faucher
Shawn Faucher's picture
Offline
Last seen: 14 years 11 months ago
Developer
Joined: 2007-10-23 22:14
False

It's false. It's almost certainly telling you that because that exe is UPX compressed to save space. Many antivirus programs flag compressed binaries as false positives since it's modified from the original.

formerly rayven01

tmaibaum
Offline
Last seen: 13 years 3 months ago
Joined: 2007-09-22 08:54
Thanks, Shawn.

I supposed that myself, but it's reassuring to hear it from someone else... Smile

OpaJo
Offline
Last seen: 13 years 5 months ago
Joined: 2007-12-17 14:10
I'm thinking it's false

I'm thinking it's false alarm, but what's little curious to me is that the file in portable version is 80KB and the one from non-portable installation is 185KB. Antivir finds this trojan in both versions though. Isn't the non-portable version the non-compressed original?

SirCH
Offline
Last seen: 16 years 1 week ago
Joined: 2008-07-07 22:48
It's a false positive

Hey

I had the same problem and the same worry when I Googled the virus (I don't actually use the Portable version, but came across this website anyway).

I submitted the file to Avira, and they came back and confirmed that it was a false positive. Using VDF version 7.00.05.61, you can see that it no longer recognizes the file as a virus.

More information here http://analysis.avira.com/samples/details.php?uniqueid=cwLL9W3KvMQrNLXIE...

SirCH

Simeon
Simeon's picture
Offline
Last seen: 9 years 9 months ago
DeveloperTranslator
Joined: 2006-09-25 15:15
yes

and you can check that yourself by using an online scanner such as http://www.virustotal.com or http://virusscan.jotti.org/.

"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate

tmaibaum
Offline
Last seen: 13 years 3 months ago
Joined: 2007-09-22 08:54
Thanks for the hint

But can I rely on them to be as good as a conventional anti-virus application? Do they have a lower rate of false positives?

Simeon
Simeon's picture
Offline
Last seen: 9 years 9 months ago
DeveloperTranslator
Joined: 2006-09-25 15:15
yes

If you check then youll see that they scan your file with the programms of major Antivirus companies. So you have a good average. If 2 say its a virus but 32 say its clean then you can be almost sure that its clean. But if 25 catch a virus and 6 say "maybe" and 2 say its clean you can be almost certain that its infected.

I hope its clearer now.

"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate

tmaibaum
Offline
Last seen: 13 years 3 months ago
Joined: 2007-09-22 08:54
OK

I get the idea now. I really could have tried this myself before asking stupid questions. Wink Again, thanks for your help.

OliverK
OliverK's picture
Offline
Last seen: 3 years 3 weeks ago
Developer
Joined: 2007-03-27 15:21
Learning about computer

Learning about computer security always requires asking questions-some of which seem stupid. But now, you know. Pass it on.

Too many lonely hearts in the real world
Too many bridges you can burn
Too many tables you can't turn
Don't wanna live my life in the real world

Log in or register to post comments