Hi all,
I don't know if I'm posting this in the right area, but if I'm not, please feel free to move it.
I had my AVG Free AntiVirus 9.0.733 set up to do a scheduled scan of my computer (of internal and external hard drives) and I came on tonight and found it picked up 17 viruses. All 16 are in the XenonPortable_1.5.0.1.paf.exe and the 17th one was the XenonPortable_1.5.0.1.paf.exe file itself.
Does anyone know if this is a true virus or a false alarm on AVG's part? By the way, as it does with all viruses, AVG removed the .exe file so I can't access it. I don't want to restore it until I know it is safe to.
Thanks in advance for any help!
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
It's a false positive. Xenon has been out for years now. AVG routinely has issues with AutoIT-based applications, as do some other antivirus packages. That's one reason we won't be releasing any new AutoIT apps.
In the future, just submit something that AVG finds to virustotal.com and, if you see that AVG is the only one or one of only 3, submit a false positive report to AVG to have them fix their error.
Sometimes, the impossible can become possible, if you're awesome!
AVG has a ton of false positives even for apps that have been on the computer forever.
Load the App and Play :evil:
As John has said, it is a detection based on AutoIt, a programming language most targeted by AVs...
False Positives do happen, and if you don't report them, then they continue to have an effect...
Virustotal Result Not a bad guess John
How to report a False Positive You will find AVG here.
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman
Thanks so much for your replies!
I'm sorry I took so long to reply. Now I know what you mean about AntiVirus software targeting AutoIT programs. I just tried to access Xenon File Manager now, and this message came up:
File name: H:\PORTABLEAPPS\XENONPORTABLE\APP\XENONPORTABLEW.EXE
Threat Name: Packed.AutoIT
Severity Level: ****
Category: Malware
Description: This is a known piece of Malware (malicious software). It is recommended that you quarantine this threat.
I took it off my USB for now until I get it sorted out with AVG. Does that mean Xenon will no longer be updated, or is there a way you can change it from AutoIT to what you support now?
I'm going to try and re-install Xenon back on my USB and if AVG picks it up again, I'll check it through VirusTotal. The message above was created from AVG Free AntiVirus 2011 (10.0.1170), so obviously the problem hasn't been fixed, or AVG wouldn't still be picking it up.
Thanks again for the help! It really is very much appreciated!
EDIT: Looks like VirusTotal doesn't support AVG 2011 yet, at the moment they say the file is fine in AVG 9.
Bradley Eaton
(eltonbrad)
xenon was in the process of being rewritten from autoit to c++ but haven't heard from John Bently on his progress with the new version
your friendly neighbourhood moderator Zach Thibeau