Hey everyone,
As many of you may have seen when you recently updated your virus scanner, many PortableApps.com launchers are being incorrectly identified as having the Trojan.Win32.Pakes.lth trojan. This is known as a "false positive", meaning that the launcher has been falsely identified as a virus. This is currently being identified in all virus scanners which use the Kaspersky definition. If there are others, please leave a comment.
The software is known not to be infected and no action should be taken against the files identified. This should be fixed in your next round of virus scanner updates. If it is not, please let us know in this forum topic. Do not create a new forum topic.
We always recommend scanning with at least two virus scanners to protect against false positives like these.
Thanks,
Ryan.
Note: Please direct forum users to this topic and lock existing ones if they exist.
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
I scanned them with virusscan.jotti.org and virustotal.com, both of which update the virus-scanners hourly. It runs them through 22 and 25, respectively, I think, but I know it's mid-twenties, at most, but more than twenty. Only kaspersky and f-secure find them to be viruses. I'll check in a few hours, as well, just to see if any scanner changes its mind.
F-Secure is based on the Kaspersky engine and therefore also its database.
"If you're not part of the solution, you're part of the precipitate."
looks like the newest definition from Kaspersky fixes the problem.
Greetz Knallkopp_02
McAfee VirusScan Enterprise 8.5.0i
DAT Version: 5437.0000
Last updated 17 Nov 2008
This also is generating false positives.
As of updates this AM, Kaspersky was signaling a portable firefox 3.0.4 as POSSIBLY containing a trojan. Thanks for the quick update.
I understand that this is not PortableApps.com fault, but f#ck! I've spent the last 3 hours trying to get rid of this sh#t and its impossible since I'm running a portable HD with TrueCrypt partition so in order for Kaspersky to delete it it needs to boot which is impossible with a unmounted partition.
I finally took a look here at the forums and found this. I'm still trippin' as I haven't had a trojan or virus alert in over a year and for this to say that I'm infected!!!
I hope Kaspersky will send out an update in some hours.
What a night!
Just another episode in the sad state of trojan detection. All of the major antivirus products use definitions to detect most viruses. Many also have "heuristic" detection for newer viruses and trojans. The heuristic detection universally sucks and I, personally, disable it.
Add to that the fact that nearly every single AV product can be fooled by throwing a couple 0x00s in the start of the EXE.
Sometimes, the impossible can become possible, if you're awesome!
It's not just the heuristics that sucks, AV-programs in general suck .
It's a complete waste of CPU-cycles to have a AV-program constantly running and check everything you do in real-time because chances are it will NOT detect a new actual real virus but will interpret a lot of legitimate files as "virus/trojan".
Just upx'ing files can make AV-programs go nuts for no reason whatsoever .
I use ClamWin to scan downloaded infectable files once dl'ed and that's it .
For protection I rely on safe configuration of the OS (surf the net from a restricted account etc ) and apps combined with a good firewall with basic HIPS-functions. And of course I never use m$ IE, FF with no-script and add-block prevents a lot of crap from sneaking in to a system ..
Norman too detects something, where ClamAV has no problems!
Norman AV 5.99 / 5.99 / 5.93.01 / 5.99 (List of update status...)
Following error is tracked from Norman:
> Trojan W32/Smalltroj.IJPF
> Login info: user '', host '' .
> Infected file c:\Documents and Settings\\Local Settings\Temp\nst5B.tmp\System.dll
>Removed Trojan W32/Smalltroj.IJPF
while I'm starting KeePass 1.14
I've done an update from all PortableApps since 2 months, and a lot of newer version reports the same error message!
Norman is really bad, because no configuration is possible to disable this error or I disable the whole AV-solution, which shouldn't be the solution.
Should I inform Norman?
Long life to PortableApps...
Mine thinks that every partly downloaded exe files from firefox is a virus! it is VERY annoying......
iLike Macs, iPwn, However you put it... Apple is better ^_^
"Claiming that your operating system is the best in the world because more people use it is like saying McDonalds makes the best food in the world..."
dont you mean the Launcher has been falsely identified as a virus? because it seems hard to falsely identify something when it is actually that
But there’s no sense crying over every mistake,
You just keep on trying till you run out of cake.
after a few updates of virus definitions in Kaspersky the problem is not solved, there is still a "trojan" in the starter of many PortableApps Kasperskey think.
Older versions of PortableApps are not "infected" Example Firefox 3.0.3 or FileZilla 3.0.9.3
Are the Startes changed?
Greetz Knallkopp_02
at the office and so I have all the nonsense warnings from it.
When I have time sometimes, I collect all the files it complains abt and send them to Kasp and in an hour or so, the problem is fixed.
Recommend everyone who has time to do it also.
But since this is becoming more and more a problem also with software we produce in our company, i am more often simply switching the Kasp off, can not spent whole day with sending them half of my PC for review.
Otto Sykora
Basel, Switzerland
What are you talking about?
"If you're not part of the solution, you're part of the precipitate."
you said the virus was incorrectly identified as a virus. it should have been the launcher incorrectly identified as a virus.
The developer formerly known as ZGitRDun8705