Announcement

Collapse
No announcement yet.

RR_Updater.exe Virus Identified

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • RR_Updater.exe Virus Identified

    Just thought I would let you know my AVS Free Anti-virus check has flagged this app up..

    its saying its....

    Virus identified I-Worm/Generic AQC File Size 178.22KB (182495 bytes)
    Follow me on Twitter

    http://www.FreeICE.co.uk

  • #2
    Its a false positive.
    Turn off the Heuristic Analysis in AVG
    this will happen with any autoit script thats compiled a certain way, i can produce and turn off those errors at will depending on how i compile.
    01101100 01101001 01110001 01110101 01101001 01100100 01011111 01110011
    01101101 01101111 01101011 01100101

    beer replenishment fund
    http://www.mp3car.com/vbulletin/forumdisplay.php?f=93
    mp3car live search

    i have joost invites, just hit me up for one.

    Comment


    • #3
      Virus False Positive

      hehe we should have a sub forum for Fasle Positives, I see at least one a week it seems

      Funny thing is, I run AVG and it has never done this to me with RR
      Front End of Choice: Ride Runner (Is there anything else??? ) & Powered by the DFX5.1 Skin Available in the Mobile App Mart

      My Fiero Build Thread

      Comment


      • #4
        The latest virus my company got hit with last week had symptoms of reporting false positives, Can remember wht the name of it was though...

        Comment


        • #5
          Originally posted by liquid_smoke View Post
          Its a false positive.
          Turn off the Heuristic Analysis in AVG
          this will happen with any autoit script thats compiled a certain way, i can produce and turn off those errors at will depending on how i compile.
          Why not post a replacement file that avoids those errors then? I don't want to reduce the degree of anti-virus protection I have just to run the updater.

          Comment


          • #6
            Originally posted by liquid_smoke View Post
            Its a false positive.
            Turn off the Heuristic Analysis in AVG
            this will happen with any autoit script thats compiled a certain way, i can produce and turn off those errors at will depending on how i compile.
            Hey LS, do you know which options I need to check/uncheck when compiling to prevent this? The virus bit doesn't come up on my system since I have always keep the Heuristics turned off. Thanks

            Comment


            • #7
              Actually... I am using Heuristic Analysis with the latest defs and it doesn't detect it.

              Got this from the AutoIt Forums:
              Code:
              Okay, let me see if I can layout a scenario/timeline that would explain this...
              
              Some dates are mythical:
              
              A new version of SciTE4AutoIt3 was released 02 June 2006
              (The file named UpdateDefs.exe was packed with UPX version 1.25 and some beta version of AutoIt.)
              
              You installed SciTE4AutoIt3 on - let's say - 05 June 2006
              (and AVG had no problem with the file named UpdateDefs.exe at that time)
              
              On 12 June 2006, AVG discovers a "bad file" written in a language other than AutoIt, but packed with UPX version 1.25.
              
              That same day, AVG releases a signature update file that marks all files packed with UPX version 1.25 as bad. It now marks all compiled AutoIt scripts as bad. Some person(s) sends one or more false positive report(s) to AVG with respect to AutoIt files. AVG modifies the sig file to look for a combination of the UPX packer and a signature unique to the version(s) of AutoIt submitted as a false positive(s).
              
              On 13 June 2006, you download/install the latest sig file and scan your HD. It flags UpdateDefs.exe because it was packed with UPX version 1.25 and a version of AutoIt not submitted as a false positive.
              
              
              If you are still awake...
              I do not use complied AutoIt scripts except to give to others. (Okay, I use one or two that are not critical.) I've had all compiled AutoIt3 scripts be flagged by AVG, then I restore them after the next AVG update (restored from a server running trendmicro AV) and they are okay... then about a month later - they are marked as bad again (and nothing changed on my end). This cycle continued until I uninstalled AVG and stopped recommending it to those I support. I had no fear of the scripts since I wrote them and for comparison - I kept Symantec's corporate version AV software running (and set to the highest heuristic level). SAV never flagged an AutoIt related file.
              
              I now install avast where I can, but I cannot keep as close of an eye on its performance track record because it will not install along side of SAV corp edition.
              
              I will give AVG credit for fast updates (but perhaps they are too aggressive)... more than once, AVG caught a "bad file" coming in thru e-mail several hours before SAV released a sig file for that same file (and I update the sig file for SAV every hour).
              
              Add to the mix the fact that there are some "bad files" made with AutoIt3 and you can see how AVG might revert back to triggering off of the UPX pack only until further effort can be put into past AutoIt related false positive reports and until new false positive reports come in.
              
              A new version of UPX (2.01) was released on 06 June 2006... maybe packing UpdateDefs.au3 with that version will make your AVG software happy. [I think that is what JdeB was saying in his post.] Or just wait for a better sig file from AVG.
              It seems the UPX (exe compressor) is what's throwing the false negatives...

              So basically, make sure you have the latest AVG defs, I'll make sure I'm using the latest AutoIt compilation defs and it should all work

              @LS If you still know which options are best to check/uncheck when compiling, I'm sure that would help as well. Cheers

              Comment


              • #8
                Ok, I'm running AVG with the latest defs (10/24/2006 3:31pm) with heuristic analysis. Did NOT detect the updater as a virus. Try this version and see if it is still throwing a detection. I downloaded the latest Autoit / Scite program/updates/compiler. So that should help. Let me know.

                Comment


                • #9
                  Or you could stop running a crappy anti-virus
                  I run VirusScan Enterprise aka MacFee, so the moral being dont rely on free software if you dont want to deal with a few hassles.
                  The above message was part sarcasm, part truth.
                  CarPuter: 900Mhz P3 with 256 MB Mem, 160 Gig HD (Thanks kbreeden), Iguidance 3.0 GPS, Logitech PS2 keyboard, Bluetooth, WIFI.
                  Powered By Road Runner & DigitalFX Skin and Playlist Conveter

                  Comment


                  • #10
                    AVG has a pay version to.

                    You have just shown us that mcafee is useless and I am glad to know so I won't waste my money on the product.
                    The heuristic detection on McAfee does basically nothing.

                    Thus for any AVG user to match the stellar performance of McAfee all they have to do is turn off heuristic detection.

                    By the way consumer reports tested the ability to detect new viruses and here is a quote about McAfee
                    In the results, McAfee scored in the middle of the pack. BitDefender and Zone Labs scored at the top, in part for the two program's abilities to detect new viruses.

                    Marcus denied McAfee's lackluster result motivated the company's criticism of the study.

                    "The antivirus community is unified ... that people should not write viruses," he said. "Bad things can happen. They get out."
                    source
                    My Install

                    Comment


                    • #11
                      Originally posted by SangreDeThor View Post
                      Or you could stop running a crappy anti-virus
                      I run VirusScan Enterprise aka MacFee, so the moral being dont rely on free software if you dont want to deal with a few hassles.
                      The above message was part sarcasm, part truth.
                      lol hmmm well I don't want to get into a big AV fight/discussion, but I will say that the only software where my system wasn't compromised was with AVG. I've tried all the rest (save NOD32) and I'm most satisfied/protected with AVG. Granted I use their pro version... been running it on all systems I build now for the past 2 or so years. With Norton/Symantec/McAfee, their updates came out a day late and a dollar short and their scanning systems weren't the greatest. Had a few things slip by years back with them. Since AVG... Notta, nothing... and lets just say.. my one system... it's a downloading fool.

                      Back to the RR_Updater... anyone try it out yet? doing better? Let me know.. Cheers

                      @SangreDeThor the new FTP software working out better for you? Haven't had a change to do what you were asking yet... I'll talk to you later about it. Heading out to work soon.

                      Cheers all

                      Comment


                      • #12
                        Originally posted by sxott View Post
                        Thus for any AVG user to match the stellar performance of McAfee all they have to do is turn off heuristic detection.

                        Comment


                        • #13
                          Originally posted by deus ex machina
                          Symancafee: "HEY AREN'T THESE GRAPHICS COOL? ONLY 80% OF YOUR SYSTEM RESOURCES BRO."

                          Symancafee: "I HAVE JUST BLOCKED AN ATTACK FROM TEH INTERNET!!!! THANK YOUR LUCKY STARS!!!"

                          You: [ ok ]

                          Symancafee: "I NEED AN UPDATE HELLO UPDATE ME COME ON"

                          You: [ Remind me later ]

                          Symancafee: HEY NICE PROGRAM YOU JUST LAUNCHED. BLOCKED.

                          You: [ Allow this program ]

                          Symancafee: WHAT, YOU DIDN'T BUY ME TO PROTECT THE INTERNET FROM YOU? WHATEVA.

                          You: [ ok ]

                          Symancafee: "GIVE US YOUR MONE--I MEAN I JUST BLOCKED SOME... STUFF FROM THE UH... HACKERS... OR SOMETHING. IF YOU DON'T GIVE US YOUR MO--UPDATE ME, I WON'T PROTECT YOU ANY MORE!!! THE INTERNET WILL GET YOU!!!

                          You: [ ok ]

                          Symancafee: "BOO! HA! HEY WHAT'S UP BRO THOUGHT I'D JUST POP UP A BOX IN THE MIDDLE OF YOUR SCREEN AND SEE IF YOU WANT GIVE US YOUR MON--UPDATE NOW. HOW'S THINGS WIT YOU? WANNA UPDATE? YOU KNOW YOU NEED MY PROTECTION. OR ELSE.

                          You: [ Remind me later ]

                          Symancafee: HEY I SEE YOU'RE TRYING TO UNINSTALL ME. NOPE. IF I GO, I'M TAKING WINDOWS WITH ME. YOUR CHOICE.

                          So true, that last part. Norton/Symantec will remove windows with it, or leave an ungodly amount of crap on your system that will continue to screw things up. To do a full uninstall you end up having to go in manually to delete things, edit the reg, etc...
                          Cheers...

                          Comment


                          • #14
                            Symancafee: "HEY AREN'T THESE GRAPHICS COOL? ONLY 80% OF YOUR SYSTEM RESOURCES BRO."

                            Symancafee: "I HAVE JUST BLOCKED AN ATTACK FROM TEH INTERNET!!!! THANK YOUR LUCKY STARS!!!"

                            You: [ ok ]

                            Symancafee: "I NEED AN UPDATE HELLO UPDATE ME COME ON"

                            You: [ Remind me later ]

                            Symancafee: "HEY NICE PROGRAM YOU JUST LAUNCHED. BLOCKED."

                            You: [ Allow this program ]

                            Symancafee: "WHAT, YOU DIDN'T BUY ME TO PROTECT THE INTERNET FROM YOU? WHATEVA."

                            You: [ ok ]

                            Symancafee: "GIVE US YOUR MONE--I MEAN I JUST BLOCKED SOME... STUFF FROM THE UH... HACKERS... OR SOMETHING. IF YOU DON'T GIVE US YOUR MO--UPDATE ME, I WON'T PROTECT YOU ANY MORE!!! THE INTERNET WILL GET YOU!!!"

                            You: [ ok ]

                            Symancafee: "BOO! HA! HEY WHAT'S UP BRO THOUGHT I'D JUST POP UP A BOX IN THE MIDDLE OF YOUR SCREEN AND SEE IF YOU WANT GIVE US YOUR MON--UPDATE NOW. HOW'S THINGS WIT YOU? WANNA UPDATE? YOU KNOW YOU NEED MY PROTECTION. OR ELSE."

                            You: [ Remind me later ]

                            Symancafee: "HEY I SEE YOU'RE TRYING TO UNINSTALL ME. NOPE. IF I GO, I'M TAKING WINDOWS WITH ME. YOUR CHOICE."

                            Comment


                            • #15
                              God damn it. Could you please wait until I'm done editing? I have a habit of deleting posts and reposting them to acheive the perfect unedited post.

                              Comment

                              Working...
                              X