Help Wanted!!
My AV (eTrust) is detecting Win32/FakeAv.CX in many of my applications. I tried to download again WindirStat for example and the AV catches it and takes it to the quarantine folder. Some of the applications are GIMP, KEEPASS, GNUCASH, NOTEPAD++ but Firefox, 7-zip.
Does someone else have this problem too?
What can I do?
Emilio E.
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
Hi Emilio,
Same antivirus, same problem, same country and creepy enough, around the same time. Deleted Firefox, BonkEnc, ClamWin and Pidgin.
Hope we have an answer soon enough.
I notice that the only EXE that was deleted is the applet used to run the main application. I am running GIMP directly from its folder "GIMPPortable\App\gimp\bin".
As the files were not send to the quarantine folder I can't recover them. It says the files were cured but it in fact deleted them.
Emilio E.
You should never run the Application directly!
Because if you do, you are not using Launcher/Wrapper and without that, the Application isn't portable and will leave things behind.
Most likely, your Av program reported a false positive. To be sure its best to use an Online virus scanner and check the file.
"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate
Thanks for making me aware of that. But I am desperate because I have work to do.
I'll have to reinstall when I have some time free.
You'll need to contact your antivirus support to get them to fix their definitions file. This is what happens when they send bad definitions down the wire (and another reason why no antivirus should ever be set to automatically delete stuff).
Sometimes, the impossible can become possible, if you're awesome!
Weird thing is that not all of the portable apps are being (mis)detected with virus.
For now, I have added PortableApps directory in the excluded ones.
Well, I just hit the same problem. I'm using the CA Security Suite, and it deleted the EXE for Gimp, ClamWin BonkEnc, OpenOffice, and PuTTY.
It also deleted the StartPortableApps.exe file...
I posted this in the portable apps thread a little while ago..
I have been running portable apps on my USB drive for some time now. This afternoon I tried to plug in the drive and my antivirus software popped up saying the followning:
The Win32/FakeAv.CX was detected in F:\...STARTPORTAB.... Machine: FM_, User:_. File Status: File was cured; system cure performed.
It removed startportableapps.exe from my USB drive. I went to the PA website and tried to download it again and once again got the following message once the installer started to download:
The Win32/FakeAv.CX was detected in C:\...PORTABLEAPPS.COM_SUITE.... Machine: FM_, User:_. File Status: Cure failed, file restored.
I'm using eTrust antivirus ver: Version: 7.0.139 with Vet engine to version 31.6.6037 updated on 08/20/2008.
Has anyone else run into this FakeAv.CX false positive before?
This is on a corporate machine so I don't know if I should be contacting CA about the issue or not.
Thanks.
If its a corporate machine then you should contact your company's IT department first. If they ask for prove that its legit show them the results from a online scanner like Virus Total or Jotti It would also be helpful to ask them to contact eTrust to get the error in there definitions fixed.
It's not as easy as that. The reason I'm running my software on a USB stick is because my personal stuff isn't authorized on the company machine. I have a hard time getting them to allow me to use the stuff I need much less anything personal. If I tell them that their anti-virus is deleting my personal software they are going to give me grief.
I will just ride it out. I see that eTrust has updated the defs again today. let me see what that brings.
I am using a corporate PC too and I had to add my whole usb drive to the exclude path in order to avoid the AV to check in there. I added in fact two paths, the drive where I store all my personal stuff -here are stored the installable files- and the path where I run the applications from.
As I am working offline now because we lost the VPN connection to the corporation I am not that sure that this configuration will be stay untouched but you can try it out.
This morning's update to Vet engine version 31.6.6039 has stopped the false positives. I was able to download the whole package and reinstall the application without further issue. Everything appears to be normal again.
Thanks for everyone's input.