Closed Bug 520895 Opened 11 years ago Closed 11 years ago

AVG Finds Firefox as trojan

Categories

(Firefox :: General, defect)

x86
Windows XP
defect
Not set
critical

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: tanner, Assigned: cbook)

References

Details

(Keywords: common-issue-)

When you try to download firefox, AVG thinks that it is a trojan

see screenshot at http://zzxc.net/sumo/pilif12p/VirusAlert.PNG
This has been reported several times in the past hour on support.mozilla.com.
Keywords: common-issue+
taking, will work with AV-vendors on this.

We are also tracking a issue with avg and thunderbird in Bug 520777
Assignee: nobody → cbook
this seems to be a problem with signatures and is a false positive i guess. Another Virus Scan (jotti.viruscan) show no indication of a virus 

http://virusscan.jotti.org/en/scanresult/fd8b78c273c11d45b8ecb0a99ae1556d0461a5e2/f372e4bc318e9659a57641b0e68943c352505a0f

However, AVG and TheHacker (another AV that seem to have this false positive) are informed now. 

Will update this bug when i get a response from this vendors, should be in a few hours.
AVG confirmed this as false-positive:

"Unfortunately, the current virus database version may detect the
mentioned virus on some legitimate applications. We can confirm that
it is a false alarm. We would like to inform you that the false
positive will be removed in the next Definitions update. Please update
your AVG and if a new Definitions update was downloaded, check whether
the file is still detected.

If you need to restore deleted files from AVG Virus Vault you can do
it this way:
- Open AVG user interface.
- Choose "Virus Vault" option from the "History" menu.
- Locate the file that was incorrectly removed and select it (one
click).
- Click on the "Restore" button.

We are sorry for the inconvenience.
"

will leave this bug open till we get confirmation from users and also feedback from thehacker (i think they might use the same AV engine as AVG)
Duplicate of this bug: 520925
Duplicate of this bug: 520946
also installed avg free on a test vm tested 3.5.3 installer from various mirrors and can confirm its not detected as virus:

"Scan ""Shell extension scan"" was finished."
"No infection was found during this scan"
"Folders selected for scanning:";"C:\Firefox Setup 3.5.3-1.exe;C:\Firefox Setup 3.5.3-2.exe;C:\Firefox Setup 3.5.3-4.exe;C:\Firefox Setup 3.5.3-5.exe;"
"Scan started:";"Wednesday, October 07, 2009, 12:53:01 PM"
"Scan finished:";"Wednesday, October 07, 2009, 12:53:03 PM (1 second(s))"
"Total object scanned:";"4"

AVG Version: 8.5.421
Anti Virus Database has the Version: 270.14.5/2419
(In reply to comment #5)
Can we get this on a webpage from AVG so that we can link users to it?
A user on SUMO reported that the installer is being detected as "Trojan horse Downloader.BanloadAPJF" with virus database version 270.14.5/2419, so it appears that this is not fixed yet for all users.
(In reply to comment #10)
> A user on SUMO reported that the installer is being detected as "Trojan horse
> Downloader.BanloadAPJF" with virus database version 270.14.5/2419, so it
> appears that this is not fixed yet for all users.

also AVG Version: 8.5.421?  seems they have pushed also a program update recently
also thehacker AV confirmed this problem is a result of a false-positive and now fixed

"The file is considering as a false positive so that our last update corrects that detail.
Yours sincerely,
Victor Arroyo Cauti.
Hacksoft"
I just got the same problem yesterday downloading the portuguese version.
It detects it as an trojan
Downloaded the english version and nothing it didn't.
It seems to be happening again, but a different name this time. Its "Trojan-Downloader - Win32 Banload.aips"

See https://support.mozilla.com/en-US/forum/1/469767
(In reply to comment #14)
> It seems to be happening again, but a different name this time. Its
> "Trojan-Downloader - Win32 Banload.aips"
> 
> See https://support.mozilla.com/en-US/forum/1/469767

Now its zonealarm too... I guess i should have learned to read the thread in its entirety. But can anyone reproduce?
This is no longer being reported in support, it seems to be fixed in the latest AVG updates.
(In reply to comment #16)
> This is no longer being reported in support, it seems to be fixed in the latest
> AVG updates.

thanks , marking as works for me
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.