Page 1 of 3 123 LastLast
Results 1 to 10 of 28

Thread: RR_Updater.exe Virus Identified

  1. #1
    FreeDrive Creator CdRsKuLL's Avatar
    Join Date
    Feb 2004
    Location
    Manchester
    Posts
    3,498

    RR_Updater.exe Virus Identified

    Just thought I would let you know my AVS Free Anti-virus check has flagged this app up..

    its saying its....

    Virus identified I-Worm/Generic AQC File Size 178.22KB (182495 bytes)

  2. #2
    SMKFree liquid_smoke's Avatar
    Join Date
    Aug 2003
    Location
    Chicago
    Posts
    4,842
    Its a false positive.
    Turn off the Heuristic Analysis in AVG
    this will happen with any autoit script thats compiled a certain way, i can produce and turn off those errors at will depending on how i compile.
    01101100 01101001 01110001 01110101 01101001 01100100 01011111 01110011
    01101101 01101111 01101011 01100101

    beer replenishment fund
    http://www.mp3car.com/vbulletin/rr-faq/
    mp3car live search

    i have joost invites, just hit me up for one.

  3. #3
    Super Moderator
    Auto Apps:loading...
    JohnWPB's Avatar
    Join Date
    Sep 2005
    Location
    West Palm Beach, Florida
    Posts
    4,700
    Blog Entries
    1

    Virus False Positive

    hehe we should have a sub forum for Fasle Positives, I see at least one a week it seems

    Funny thing is, I run AVG and it has never done this to me with RR
    Front End of Choice: Ride Runner (Is there anything else??? ) & Powered by the DFX5.1 Skin Available in the Mobile App Mart

    My Fiero Build Thread

  4. #4
    Constant Bitrate jeffreyd_tx's Avatar
    Join Date
    Sep 2006
    Location
    Wilkes-Barre, Pennsylvania, United States
    Posts
    215
    The latest virus my company got hit with last week had symptoms of reporting false positives, Can remember wht the name of it was though...

  5. #5
    Newbie
    Join Date
    May 2006
    Posts
    8
    Quote Originally Posted by liquid_smoke View Post
    Its a false positive.
    Turn off the Heuristic Analysis in AVG
    this will happen with any autoit script thats compiled a certain way, i can produce and turn off those errors at will depending on how i compile.
    Why not post a replacement file that avoids those errors then? I don't want to reduce the degree of anti-virus protection I have just to run the updater.

  6. #6
    FLAC W3bMa5t3r's Avatar
    Join Date
    Apr 2006
    Location
    Washington, DC
    Posts
    1,268
    Quote Originally Posted by liquid_smoke View Post
    Its a false positive.
    Turn off the Heuristic Analysis in AVG
    this will happen with any autoit script thats compiled a certain way, i can produce and turn off those errors at will depending on how i compile.
    Hey LS, do you know which options I need to check/uncheck when compiling to prevent this? The virus bit doesn't come up on my system since I have always keep the Heuristics turned off. Thanks

  7. #7
    FLAC W3bMa5t3r's Avatar
    Join Date
    Apr 2006
    Location
    Washington, DC
    Posts
    1,268
    Actually... I am using Heuristic Analysis with the latest defs and it doesn't detect it.

    Got this from the AutoIt Forums:
    Code:
    Okay, let me see if I can layout a scenario/timeline that would explain this...
    
    Some dates are mythical:
    
    A new version of SciTE4AutoIt3 was released 02 June 2006
    (The file named UpdateDefs.exe was packed with UPX version 1.25 and some beta version of AutoIt.)
    
    You installed SciTE4AutoIt3 on - let's say - 05 June 2006
    (and AVG had no problem with the file named UpdateDefs.exe at that time)
    
    On 12 June 2006, AVG discovers a "bad file" written in a language other than AutoIt, but packed with UPX version 1.25.
    
    That same day, AVG releases a signature update file that marks all files packed with UPX version 1.25 as bad. It now marks all compiled AutoIt scripts as bad. Some person(s) sends one or more false positive report(s) to AVG with respect to AutoIt files. AVG modifies the sig file to look for a combination of the UPX packer and a signature unique to the version(s) of AutoIt submitted as a false positive(s).
    
    On 13 June 2006, you download/install the latest sig file and scan your HD. It flags UpdateDefs.exe because it was packed with UPX version 1.25 and a version of AutoIt not submitted as a false positive.
    
    
    If you are still awake...
    I do not use complied AutoIt scripts except to give to others. (Okay, I use one or two that are not critical.) I've had all compiled AutoIt3 scripts be flagged by AVG, then I restore them after the next AVG update (restored from a server running trendmicro AV) and they are okay... then about a month later - they are marked as bad again (and nothing changed on my end). This cycle continued until I uninstalled AVG and stopped recommending it to those I support. I had no fear of the scripts since I wrote them and for comparison - I kept Symantec's corporate version AV software running (and set to the highest heuristic level). SAV never flagged an AutoIt related file.
    
    I now install avast where I can, but I cannot keep as close of an eye on its performance track record because it will not install along side of SAV corp edition.
    
    I will give AVG credit for fast updates (but perhaps they are too aggressive)... more than once, AVG caught a "bad file" coming in thru e-mail several hours before SAV released a sig file for that same file (and I update the sig file for SAV every hour).
    
    Add to the mix the fact that there are some "bad files" made with AutoIt3 and you can see how AVG might revert back to triggering off of the UPX pack only until further effort can be put into past AutoIt related false positive reports and until new false positive reports come in.
    
    A new version of UPX (2.01) was released on 06 June 2006... maybe packing UpdateDefs.au3 with that version will make your AVG software happy. [I think that is what JdeB was saying in his post.] Or just wait for a better sig file from AVG.
    It seems the UPX (exe compressor) is what's throwing the false negatives...

    So basically, make sure you have the latest AVG defs, I'll make sure I'm using the latest AutoIt compilation defs and it should all work

    @LS If you still know which options are best to check/uncheck when compiling, I'm sure that would help as well. Cheers

  8. #8
    FLAC W3bMa5t3r's Avatar
    Join Date
    Apr 2006
    Location
    Washington, DC
    Posts
    1,268
    Ok, I'm running AVG with the latest defs (10/24/2006 3:31pm) with heuristic analysis. Did NOT detect the updater as a virus. Try this version and see if it is still throwing a detection. I downloaded the latest Autoit / Scite program/updates/compiler. So that should help. Let me know.

  9. #9
    Constant Bitrate
    Join Date
    Sep 2006
    Location
    Sabattus, ME
    Posts
    222
    Or you could stop running a crappy anti-virus
    I run VirusScan Enterprise aka MacFee, so the moral being dont rely on free software if you dont want to deal with a few hassles.
    The above message was part sarcasm, part truth.

  10. #10
    Variable Bitrate
    Join Date
    Mar 2005
    Posts
    250
    AVG has a pay version to.

    You have just shown us that mcafee is useless and I am glad to know so I won't waste my money on the product.
    The heuristic detection on McAfee does basically nothing.

    Thus for any AVG user to match the stellar performance of McAfee all they have to do is turn off heuristic detection.

    By the way consumer reports tested the ability to detect new viruses and here is a quote about McAfee
    In the results, McAfee scored in the middle of the pack. BitDefender and Zone Labs scored at the top, in part for the two program's abilities to detect new viruses.

    Marcus denied McAfee's lackluster result motivated the company's criticism of the study.

    "The antivirus community is unified ... that people should not write viruses," he said. "Bad things can happen. They get out."
    source

Page 1 of 3 123 LastLast

Similar Threads

  1. virus?
    By gnarcore5000 in forum Centrafuse
    Replies: 12
    Last Post: 07-29-2006, 08:59 PM
  2. Virus in CF1.6?
    By MatrixPC in forum Centrafuse
    Replies: 6
    Last Post: 04-05-2006, 09:33 AM
  3. MSN virus
    By Scouse Monkey in forum Off Topic
    Replies: 40
    Last Post: 03-09-2005, 04:48 PM
  4. Virus Alert
    By Johnnie in forum Map Monkey
    Replies: 4
    Last Post: 12-07-2004, 05:03 PM
  5. Help! virus still there after reformat of computer
    By bbrother in forum General MP3Car Discussion
    Replies: 40
    Last Post: 11-04-2004, 09:30 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •