Threat Level: green Handler on Duty: Kevin Liston

SANS ISC: AVG detect legit file as virus - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
AVG detect legit file as virus

If you have any Windows XP machines running AVG antivirus you may want to check on them and manually update your AV signatures. According to the report below AVG reports that "wintrust.dll" was being flagged as a trojan.    

http://www.h-online.com/security/news/item/AVG-anti-virus-software-mistakes-Windows-system-file-for-a-trojan-1823171.html

I'd say this is an exception to my "Wipe the Drive" rule, but according to reports it only affects Windows XP.    Maybe this is a case of wipe the drive and load a different OS.   ;)

Thanks to the ISC reader who asked to remain anonymous who gave us the head up on this.

Mark

Mark

81 Posts
ISC Handler
as you mentioned before mark, the political fallout can prevent an upgrade
sometimes older systems can be indispensible for some - just like an old banger - sorry, elderly vehicle - they keep going on and on - just disconnect from the internet when the support stops
Mark
12 Posts Posts
I'm surprised anyone still uses AVG. After they went on their quarterly nag campaigns, I figured they drove all their users away. It drove me to switch to MSE, that's for sure. While I'm on the subject of AVG, one of their recent Android versions thought a majority of Android applications were malicious. That also drove me to uninstall it on my phone. They're not the same company they used to be 10 years ago.
Anonymous
Posts
MSE may not be the better choice. For those unaware, see this:
- http://www.virusbtn.com/vb100/rap-index.xml

.
Jack

160 Posts Posts
> MSE may not be the better choice.

But, in Windows 8, the "Windows Defender" built-in anti-virus software is a "rebranded" version of "Microsoft Security Essentials". So, by "default", new computers get MSE -- much better than getting "nothing", which was the norm a decade ago.

I found this by uninstalling the "60-day-free-trial" version of a commercial anti-virus product from a Windows 8 system purchased from Dell -- why needlessly pay for AV software?
Anonymous
Posts
I just finished a new install due to a false positive generated by MSE...pattern written to raw device, add fresh bits. Uh oh!!! Today the gig NIC interface started performing some random MAC address insertions (MAC with different upper OEM fields and lower octets address fields. Is anyone seeing this type of behavior. This is one stealthy and persistent APT...
Anonymous
Posts
I've had nothing but good results w/ MSE. Your own mileage may vary. Lots of groups out there w/ anti MS agendas. In fact, the mobile version of this page was repeating from Slashdot how Microsoft phones are now dead. Can't know whether that's true w/o some real research on my part, but do know FUD when I see it.
Dean

135 Posts Posts
I have had several bad episodes with MSE from a few select customers. In order to stay unbiased I like to use a third party reviewer.
http://www.av-comparatives.org/
Dean
1 Posts Posts

Sign Up for Free or Log In to start participating in the conversation!