You are here

Viruses found in two PortableApps I downloaded

9 posts / 0 new
Last post
MMynaardt
Offline
Last seen: 3 years 4 months ago
Joined: 2009-02-21 17:04
Viruses found in two PortableApps I downloaded

Hi!

I did a weekly scan with Trend Micro Internet Security (TMIS). On my desktop and on my two laptops. I got virus warnings two different PortableApps installers I had downloaded.

The first was for GnuCashPortable. The file "oxf201.dtd" was listed as having a virus.

The second was for AbiWordPortable. The file "AbiWord.profile" was listed as having a virus.

It was also the same virus for both according to TMIS; "TROJ_Generic.DIT"

I don't know if anyone else had any warnings like this. I was surprised; I've had no problems with anything I've downloaded from PortableApps.Com. I hope it's just a matter of TMIS being overzealous. But I got rid of those two just to be on the safe side. Can't be too careful and all that.

Anywyay, just thought I'd bring that to your attention, just in case there really is a nasty virust lying about in those files...

MM

Pyromaniac
Pyromaniac's picture
Offline
Last seen: 4 years 3 months ago
Developer
Joined: 2008-09-30 19:18
try doing different virus

try doing different virus scans with different anti-virus programs such as ClamWin Portable found here and see what happens. I think sometimes, the anti-virus program mistakes files for viruses. I use both symantec and ClamWin Anti-Virus for my virus scans whenever one thinks it has found a virus.

John T. Haller
John T. Haller's picture
Online
Last seen: 7 min 34 sec ago
AdminDeveloperModerator
Joined: 2005-11-28 22:21
Trend Micro Issues

Trend Micro has again been having false positive issues this week on a couple packages. You should report the error to them (they don't allow publishers to report errors).

This seems to happen a lot with Trend Micro.

Sometimes, the impossible can become possible, if you're awesome!

gmbudwrench
gmbudwrench's picture
Offline
Last seen: 3 days 14 hours ago
Joined: 2007-06-25 05:00
Avira AntiVir does too

This mornings update turned a previously unnoticed TruecryptPortable by NeoRame, into a spyware or virus. "Contains recognition pattern of the SPR/Autoit.Gen program". I see the Autoit name there and know about the autoit (false positive virus)issues. I don't use this, but with the several known false positive detections, (apps mentioned here, btw) that I already have, are really annoying.

Jimbo
Offline
Last seen: 8 months 4 weeks ago
Joined: 2007-12-17 05:43
If you find it annoying

that you anti-virus sofware brands all auto-it apps as possible viruses, the correct solution is not to stop using autoit, which is just a programming language, after all, but to demand that your AV supplier fix their broken product...

If they are unwilling or unable to do so, move to another anti-virus product.

John T. Haller
John T. Haller's picture
Online
Last seen: 7 min 34 sec ago
AdminDeveloperModerator
Joined: 2005-11-28 22:21
Common

A good chunk of antivirus apps flag most AutoIT scripts as viruses/malware. AutoIT is popular for malware. Since it's just the AutoIT EXE with the script tacked onto the end of it (and it allows you to encrypt said script with no way for an end user or antivirus product to analyze it) the signature is the same for the base AutoIT EXE and most malware. That's why AutoIT is highly discouraged here. We only have two apps that use it. Xenon, which is switching to C++ for version 2. And JkDefrag Portable, which will hopefully switch, too.

Sometimes, the impossible can become possible, if you're awesome!

Ed_P
Offline
Last seen: 9 months 4 days ago
Joined: 2007-02-19 09:09
Unfair

It is unfair of AVs, or anyone else, to ban something because .01% of it's users use it maliciously. Guns kill and they are not banned. Cigarettes kill and they aren't banned. Malware can be written in numerous languages should all compilers be banned? Banning is too simplistic a way to control something.

Ed

John T. Haller
John T. Haller's picture
Online
Last seen: 7 min 34 sec ago
AdminDeveloperModerator
Joined: 2005-11-28 22:21
Very Simple

It's a simple reason, really. From a technical perspective, the malware and the handy autoit script you've 'compiled' is the same code when analyzed by an antivirus or antimalware utility. This is due to the fact that all autoit scripts aren't actually compiled. It's just the autoit exe with the script stuck to the end of it.

So, an antivirus company would have to manually analyze the autoit script attached. But, they can't because autoit lets you encrypt the script so it is unreadable. So, the situation could be solved by the autoit developers giving everyone the ability to actually analyze the script that will run before running it, but they won't. The only choice, really, is to ditch it all.

And since this is the reality of the landscape in terms of antivirus/antimalware and autoit, we actively discourage its use. There are plenty of alternatives that don't have this issue. Many are open source, too.

Sometimes, the impossible can become possible, if you're awesome!

muskrat
muskrat's picture
Offline
Last seen: 1 week 1 day ago
Joined: 2005-12-09 08:24
A Bit outta place but...

How does one contact TrendMicro about false positives... I noted a few days back that I received a false positive from TM after updating notepad++ to 5.2, but I could not find any way to submit a false positive. Do you think it is because it is my work PC and I don't have permissions thereto?

/s/ When life turns your dreams to dust, vacuum Wink

Log in or register to post comments