Closed Bug 344097 Opened 18 years ago Closed 8 years ago

when opening Bon Echo, an alert from AVAST detected Win32:Sality-W

Categories

(Plugins Graveyard :: Avast AV, defect)

Product:
Plugins Graveyard
Component:
Avast AV
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: tigger05505, Unassigned)

References

(
URL
)

Details

Attachments

(1 file)

screenshot showing the virus detection
149.27 KB, image/jpeg
Details 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1a3) Gecko/20060707 BonEcho/2.0a3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1a3) Gecko/20060707 BonEcho/2.0a3

C:\PROGRA~1\BONECH~1\updates\0\updater.exe
Win32:Sality-W
Virus/Worm
0628-0, 07/10/2006

Unsure if this was indeed a worm or just acting like one, but had to hit ignore for activity for BON ECHO to visit upgrading manually.

Reproducible: Always

Steps to Reproduce:
1. Click ICON for Bon Echo
2. AVAST has detected Win32:Sality-W in C:\PROGRA~1\BONECH~1\updates\0\updater.exe
3. Clicked ignore for Bon Echo to launch and manually down Nightly Install

NOTE ** This is the first time I've seen this reaction to anti-virus previous builds did not act like this.




To determine if this is a real threat, please run viral sweep on nightly build. Would not like to have this embeded before we release Firefox 2.
Have you confirmed that your system is clean ? It could be that you acquired this virus since you last installed a nightly build.
URL: http://www.sophos.com/security/analys...
Seems like a false positive to me. You can see this very often with AVG, Avast and previously also with Antivir. Antivir has changed into Avira and I have never seen mis detection anymore.
*** Bug 344112 has been marked as a duplicate of this bug. ***
Per Bug 344112 and comment #0 this affects software update (e.g. updater.exe) and not the installer. Over to Software Update

This appears to be a false positive detected by Avast.
Component: Installer → Software Update
QA Contact: installer → software.update
For the record, we received today in Mozilla Europe emails two similar reports from AVAST users, both found this virus in updater.exe in regular mozilla firefox builds (1.5.0.4) downloaded from mozilla.com/mozilla europe. One of the reports had a screen capture which confirmed that the Avast version was also 0628-0.

I haven't been able to reproduce this bug on my windows partition with avast installed, maybe the problem is only affecting one specific mirror ?

Marking as New since we have already 4 different people who witnessed it in the last hours, probably a false positibe though.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Pascal, could you attach the screen shot to this bug?
Just in case could you get a copy of updater.exe from one of the people that reported this and attach it to this bug? I've also tried to reproduce without any success but I am using 0628-1.
Found the following and it appears this was a false positive and is already fixed in the latest Avast virus definitions
http://forum.avast.com/index.php?topic=22075.0
ok, marking as INVALID
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → INVALID
The Virus has been contained, but was detected after AVAST ran a scheduled bootg scan and found it the root directory along with the directory for Bon-Echo. Since I removed the nightly built and download the new version of MindField situation was contained. But the screenshot was exactly what i Had just could not be contained or deleted until the product was fully removed.
Product: Firefox → Toolkit
We're now tracking such bugs. This doesn't mean it's something we can fix, merely something we hope to be able to point vendors to so they can investigate. This is an automated message.
Status: RESOLVED → UNCONFIRMED
Component: Application Update → Avast AV
Ever confirmed: false
Product: Toolkit → Plugins
QA Contact: application.update → avast-antivirus
Resolution: INVALID → ---
Closing old bugs in the Plugins component. We aren't going to track issues in 3rd-party plugins in the Mozilla bug tracker. In addition, support for NPAPI plugins will be removed at the end of this year; for more details see the post at https://blog.mozilla.org/futurereleases/2015/10/08/npapi-plugins-in-firefox/

If there is a serious bug in Firefox, it needs to be filed in the "Core" product, "Plug-Ins" component.
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago8 years ago
Resolution: --- → INCOMPLETE
Product: Plugins → Plugins Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: