Author Topic: AVG Anti Virus Problem - Klone Virus (Read 40918 times)

strettonbull · « **on:** April 23, 2008, 08:49:18 pm »

Since this morning AVG Anti Virus is now saying that bitche.exe 1.0.60 is infected with the klone virus. Could someone check this out and report back? I've had to go back to 1.0.59.

Many thanks.

slippy1982 · « **Reply #1 on:** April 24, 2008, 02:17:15 am »

same problem occuring for me as welll

possibly the mirrors were infected ?

Tommy UK · « **Reply #2 on:** April 24, 2008, 02:30:10 am »

Same problem here - maybe a false positive from the latest AVG definitions file? I won't be switching it off to check!

chip! · « **Reply #3 on:** April 24, 2008, 02:56:18 am »

hello everyone.. this is definitely a FALSE POSITIVE detection. Bit Che is NOT infected.

i use a file packer to keep the file size down and also to ensure that Bit Che can't be infected with a virus. the file packer checks itself to see if bit_che.exe has been modified (by a virus or anything else) and will not start up if it has been modified.

the problem is that from time to time, virus creators themselves will use similar file packers and then AntiVirus companies do their best to determine what is actually a virus and what isnt. in this case, the latest AVG updates are detecting Bit Che as infected with a virus that it IS NOT. this is actually more common than you would think with AntiVirus companies.

here is an online scan using the latest updates:

http://www.virustotal.com/analisis/cf7599bfdb5f6232befbda1f7409e035

as you can see, AVG is the only one reporting Bit Che as infected, and the 4 others are simply saying.. hey this file is suspicious (not a big deal). the 27 other virus scanners detect it as CLEAN, as it should.

so what do we do about this? well.. we need to let AVG know that they have a false positive detection.

from the FAQ for AVG: http://www.grisoft.com/ww.faq.num-1203#faq_1203

Quote

In case AVG detects some file on your PC as infected, this file was moved to AVG Virus Vault, and you are sure that this file is correct and clean, it is possible that the detected file is a false alarm.
If so, we shall prepare the correction as soon as possible.
Unfortunately, false alarms do appear from time to time in every Anti-Virus software.

To solve the problem, please send us this file for analysis directly from the AVG program this way:

* Open AVG User Interface.
* Choose the "Virus Vault" option from the "History" menu.
* Select the false positive file (one click) and click on the "Send to analysis" button.
* Fill in your e-mail address
* Confirm the dialog

This way file will be sent to our virus specialists for analysis and we will inform you about the result.

If all of you can please report this to AVG as soon as possible, they should remove this from their virus detection soon.

Also, I dont have AVG installed (yet), so could you guys report back if you have done the above steps to submit the file?

Thanks!

-chip

PS, if you haven't already and would like to continue using Bit Che 1.0 build 60, you can add Bit_Che.exe to your exception list to avoid having AVG detect it, until they update their definitions

BoogieStik · « **Reply #4 on:** April 24, 2008, 03:44:09 am »

Going back to an earlier version (like 1.0.59) won't help. The code that AV detects as Klone is common to everything available for download.

The instructions for submitting the file for analysis work only for the full version of AVG. The free version doesn't have a "Send to analysis" button.

Tommy UK · « **Reply #5 on:** April 24, 2008, 03:54:57 am »

Not quite that simple for AVG Free users.

See here...

http://forum.grisoft.cz/freeforum/read.php?4,104930,backpage=,sv=

Quote

If you suspect a file to be a false positive. Test the file at [virusscan.jotti.org] and if it is a false positive, archive (zip, arc, tar etc) the file using a password and email a copy to virus@avg.com with a brief description as well as the password you used to archive it with.

I've failed miserably in trying to upload to jotti, I'm afraid...

Tommy UK · « **Reply #6 on:** April 24, 2008, 03:56:15 am »

Quote from: BoogieStik on April 24, 2008, 03:44:09 am

Going back to an earlier version (like 1.0.59) won't help.

It worked for me (having to put up with some really bad column format problems, mind).

billyfridge · « **Reply #7 on:** April 24, 2008, 10:50:20 am »

I've just updated to AVG 8, licensed. The virus is not showing yet, if it does i will report it to AVG

Decepticon · « **Reply #8 on:** April 24, 2008, 12:32:00 pm »

I turned off AVG and now when I run Bit Che I get 'Unable to Execute file: [path to bit che] ShellExecuteEx failed; code5. Access is denied. Is this still from AVG not allowing me to execute it?

Edit: Nvr mind, i didn't shut it off completely.

chip! · « **Reply #9 on:** April 24, 2008, 12:43:53 pm »

I have emailed AVG so I'm hoping for a quick turn around with a fix for their virus definitions. I will definitely keep this post updated when I hear back from AVG.

TheHalf™ · « **Reply #10 on:** April 24, 2008, 02:45:15 pm »

I don't use AVG (did one time along time ago) I use Norton 2005 and ran a scan with no problem, so it remains that AVG and klone is all in AVG detecting a script problem

TheHalf™

chip! · « **Reply #11 on:** April 25, 2008, 01:46:12 am »

Good news, AVG Technical Support wrote back:

Dear Sir/Madam,

thank you for your email.

We can confirm that it was a false alarm. This false will be fixed in
next AVG update. Please make sure that your AVG is actual.

If you need to restore deleted files from AVG Virus Vault you can do
it this way:

A) Using AVG 7.5
- Open AVG Virus Vault (Start -> Programs -> AVG 7.5 -> AVG Virus
Vault).
- Locate the file that was incorrectly removed.
- Right click on it and choose the "Restore File(s)" option.

B) Using AVG 8
- Open AVG user interface.
- Choose "Virus Vault" option from the "History" menu.
- Locate the file that was incorrectly removed and select it (one
click).
- Click on the "Restore" button.

We are sorry for the inconvenience. Thank you for your cooperation.

Best regards,

Karel Bachura
AVG Technical Support

website: http://www.avg.com
mailto: support@avg.com

chip! · « **Reply #12 on:** April 25, 2008, 02:21:03 am »

I can confirm the latest AVG update is no longer falsely reporting the Klone virus in Bit Che 1.0 build 60.

AVG update: 2008.04.25

http://www.virustotal.com/analisis/8fac544f2743cf27f6723e35a8878834

If AVG removed it, you can now re-install and use Bit Che as normal.

Thanks to everyone who reported this. I'm glad this was taken care of swiftly!

-chip

Tommy UK · « **Reply #13 on:** April 25, 2008, 02:35:14 am »

That, my friends, is customer service!

Chip - any chance you could give VirginMedia a few lessons?!

Many thanks.

BoogieStik · « **Reply #14 on:** April 25, 2008, 04:44:54 am »

To Chip, AVG, and everyone else who responded so promptly and professionally:

There are people with a lot more financial incentive than you have, who could learn from you.

Thanks!

Convivea

News:

Author Topic: AVG Anti Virus Problem - Klone Virus (Read 40918 times)

strettonbull

AVG Anti Virus Problem - Klone Virus

slippy1982

Re: AVG Anti Virus Problem - Klone Virus

Tommy UK

Re: AVG Anti Virus Problem - Klone Virus

chip!

Re: AVG Anti Virus Problem - Klone Virus

BoogieStik

Re: AVG Anti Virus Problem - Klone Virus

Tommy UK

Re: AVG Anti Virus Problem - Klone Virus

Tommy UK

Re: AVG Anti Virus Problem - Klone Virus

billyfridge

Re: AVG Anti Virus Problem - Klone Virus

Decepticon

Re: AVG Anti Virus Problem - Klone Virus

chip!

Re: AVG Anti Virus Problem - Klone Virus

TheHalf™

Re: AVG Anti Virus Problem - Klone Virus

chip!

Re: AVG Anti Virus Problem - Klone Virus

chip!

Re: AVG Anti Virus Problem - Klone Virus

Tommy UK

Re: AVG Anti Virus Problem - Klone Virus

BoogieStik

Re: AVG Anti Virus Problem - Klone Virus