You are here

Home » Forums » Support Forums » PortableApps.com Platform

Trojan in Portable Apps?

7 posts / 0 new
Log in or register to post comments
Last post
December 2, 2009 - 11:51pm
#1
fwtagge
Offline
Last seen: 12 years 6 months ago
Joined: 2007-07-19 15:10
Trojan in Portable Apps?

I plugged my flash drive into my PC tonight, and started getting hit with virus warnings from Avast Antivirus. It "found" and moved a trojan horse (Win32:Delf-MZG) from several files:
from VirtualMagnifyingGlassPortable -- magnifier.exe and pas_overlays.dll reported as infected.
from PortableApps.com -- PortableAppsPlatform.exe reported as infected.
from PDFTKBuilderPortable -- PDFTKBuilder.exe reported as infected.

I attempted to re-downloaded PortableApps.com_Platform_Setup_1.5.2.exe from the PortableApps.com site, and was again stopped for the same trojan horse. I have reported this to Avast Antivirus.

Has anyone else had this problem? Any suggestions? And finally, when I do get a "clean" copy of PortableApps.com_Platform_Setup_1.5.2.exe, can I reinstall it and not lose my applications?

Thanks for your help!

Top
December 3, 2009 - 12:04am
John T. Haller
John T. Haller's picture
Online
Last seen: 26 min 17 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
VirusTotal or Jotti

Always double check online with either Virus Total or Jotti. Avast false-positived out of the blue on at least 3 apps today. Avast has issues like that from time to time.

Sometimes, the impossible can become possible, if you're awesome!

Top
December 3, 2009 - 1:39am
izzygalvez
Offline
Last seen: 11 years 10 months ago
Joined: 2009-11-05 12:34
Same here

I ran into the same thing tonight as well.

Avast Antivirus reported the following:

File name(s): F:\PortableApps\PortableApps.com\PortableAppsPlatform.exe\, F:\SetupFiles\7-ZipPortable_4.65_Rev_2.paf.exe\$PLUGINSDIR\MoreInfo.dll
Malware name: Win32:Delf-MZG [Trj]
Malware type: Trojan Horse

This has to be a false positive, because I re-downloaded and reinstalled the Portable Apps Platform as well as 7-zip, and Avast still thought there were Trojans.

Update!: Every single MoreInfo.dll file within my .paf.exe setup files was labeled by Avast as a Trojan...

Top
December 3, 2009 - 2:26am
horusofoz
horusofoz's picture
Offline
Last seen: 1 year 11 months ago
Joined: 2008-04-03 22:45
There are no viruses in any

There are no viruses in any of the files released by PortableApps.com. Unfortunately Avast is chewing Portableapps right now however know that it is only a false positive. Also be warned that Avast is stopping users from running StartPortableApps.exe Sad

What is worse is that the Sourceforge download link has also been flagged as linking to a virus Sad

PortableApps.com Advocate

Top
December 3, 2009 - 4:22am
spg SCOTT
spg SCOTT's picture
Offline
Last seen: 10 years 8 months ago
Joined: 2008-08-26 14:11
How have you reported it?

There are two options, my usual response (i would do both):

You could also send the file in a password protected archive to virus(at)avast(dot)com with 'potential false positive' in the subject line and the password in the email body.

or

You could add the file to the user files of the virus chest and send it from there:

Right click avast icon in taskbar -->click start avast antivirus -->right click scanner background --> click virus chest --> navigate to user files --> click add files -->
right click file -->email to alwil software.

NOTE:
The file will actually be uploaded when the next update is performed (you can do a manual update to initiate the sending)

You could also add a link to this thread and some more information when you do.

They are usually quite quick with this kind of thing...

This may be a result of their upgrading the detection engiine...initially the were quite a lot of FPs...seemed to die down for a while...

Has anyone mentioned it on the forum?
Actually, just looking, it seems it is not just PA.c...

EDIT: They know,read: Win32:Delf-MZG false positive issue statement
http://forum.avast.com/index.php?topic=51647.msg432632#new

“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

Top
December 4, 2009 - 12:30pm
spg SCOTT
spg SCOTT's picture
Offline
Last seen: 10 years 8 months ago
Joined: 2008-08-26 14:11
Update on the avast! issue...

For those who haven't seen it yet, an explaination for what happened:

"An attemt to explain what went on that Wed night (a follow-up on the FP issue)"

http://forum.avast.com/index.php?topic=51783.0

“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

Top
April 8, 2011 - 8:07pm
obliss
Offline
Last seen: 7 years 1 month ago
Joined: 2010-06-27 21:18
False Positive by AVG on PDFTKBuilderPortable_3.6

This thread is old but the problem seems to have appeared again, but with AVG this time. I just got a false positive on PDFTKBuilderPortable_3.6 by AVG v.10.0.1209. It reported a trojan, so I downloaded a new copy, checked the MD5 and reloaded. AVG gave the same report, so I updated the definitions and it fixed the false report. So, if you get PDFTKBuilderPortable gets flagged for you, update your definitions.

OB1

Top
Log in or register to post comments