Last Comment Bug 520895 - AVG Finds Firefox as trojan
: AVG Finds Firefox as trojan
Status: RESOLVED WORKSFORME
: common-issue-
Product: Firefox
Classification: Client Software
Component: General (show other bugs)
: unspecified
: x86 Windows XP
: -- critical (vote)
: ---
Assigned To: Carsten Book [:Tomcat]
:
:
Mentors:
: 520925 520946 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-10-06 15:42 PDT by Tanner Filip [:tanner]
Modified: 2009-10-13 10:15 PDT (History)
12 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description Tanner Filip [:tanner] 2009-10-06 15:42:05 PDT
When you try to download firefox, AVG thinks that it is a trojan

see screenshot at http://zzxc.net/sumo/pilif12p/VirusAlert.PNG
Comment 1 Matthew Middleton (:zzxc) 2009-10-06 15:46:26 PDT
This has been reported several times in the past hour on support.mozilla.com.
Comment 2 Carsten Book [:Tomcat] 2009-10-06 15:47:42 PDT
taking, will work with AV-vendors on this.

We are also tracking a issue with avg and thunderbird in Bug 520777
Comment 3 Carsten Book [:Tomcat] 2009-10-06 16:07:29 PDT
this seems to be a problem with signatures and is a false positive i guess. Another Virus Scan (jotti.viruscan) show no indication of a virus 

http://virusscan.jotti.org/en/scanresult/fd8b78c273c11d45b8ecb0a99ae1556d0461a5e2/f372e4bc318e9659a57641b0e68943c352505a0f

However, AVG and TheHacker (another AV that seem to have this false positive) are informed now. 

Will update this bug when i get a response from this vendors, should be in a few hours.
Comment 5 Carsten Book [:Tomcat] 2009-10-07 01:30:40 PDT
AVG confirmed this as false-positive:

"Unfortunately, the current virus database version may detect the
mentioned virus on some legitimate applications. We can confirm that
it is a false alarm. We would like to inform you that the false
positive will be removed in the next Definitions update. Please update
your AVG and if a new Definitions update was downloaded, check whether
the file is still detected.

If you need to restore deleted files from AVG Virus Vault you can do
it this way:
- Open AVG user interface.
- Choose "Virus Vault" option from the "History" menu.
- Locate the file that was incorrectly removed and select it (one
click).
- Click on the "Restore" button.

We are sorry for the inconvenience.
"

will leave this bug open till we get confirmation from users and also feedback from thehacker (i think they might use the same AV engine as AVG)
Comment 6 Carsten Book [:Tomcat] 2009-10-07 01:33:54 PDT
*** Bug 520925 has been marked as a duplicate of this bug. ***
Comment 7 Carsten Book [:Tomcat] 2009-10-07 01:35:08 PDT
*** Bug 520946 has been marked as a duplicate of this bug. ***
Comment 8 Carsten Book [:Tomcat] 2009-10-07 05:01:39 PDT
also installed avg free on a test vm tested 3.5.3 installer from various mirrors and can confirm its not detected as virus:

"Scan ""Shell extension scan"" was finished."
"No infection was found during this scan"
"Folders selected for scanning:";"C:\Firefox Setup 3.5.3-1.exe;C:\Firefox Setup 3.5.3-2.exe;C:\Firefox Setup 3.5.3-4.exe;C:\Firefox Setup 3.5.3-5.exe;"
"Scan started:";"Wednesday, October 07, 2009, 12:53:01 PM"
"Scan finished:";"Wednesday, October 07, 2009, 12:53:03 PM (1 second(s))"
"Total object scanned:";"4"

AVG Version: 8.5.421
Anti Virus Database has the Version: 270.14.5/2419
Comment 9 [:Cww] 2009-10-07 10:59:48 PDT
(In reply to comment #5)
Can we get this on a webpage from AVG so that we can link users to it?
Comment 10 Matthew Middleton (:zzxc) 2009-10-07 11:40:07 PDT
A user on SUMO reported that the installer is being detected as "Trojan horse Downloader.BanloadAPJF" with virus database version 270.14.5/2419, so it appears that this is not fixed yet for all users.
Comment 11 Carsten Book [:Tomcat] 2009-10-07 11:41:52 PDT
(In reply to comment #10)
> A user on SUMO reported that the installer is being detected as "Trojan horse
> Downloader.BanloadAPJF" with virus database version 270.14.5/2419, so it
> appears that this is not fixed yet for all users.

also AVG Version: 8.5.421?  seems they have pushed also a program update recently
Comment 12 Carsten Book [:Tomcat] 2009-10-07 16:23:06 PDT
also thehacker AV confirmed this problem is a result of a false-positive and now fixed

"The file is considering as a false positive so that our last update corrects that detail.
Yours sincerely,
Victor Arroyo Cauti.
Hacksoft"
Comment 13 tojoferreira 2009-10-07 18:53:28 PDT
I just got the same problem yesterday downloading the portuguese version.
It detects it as an trojan
Downloaded the english version and nothing it didn't.
Comment 14 Tanner Filip [:tanner] 2009-10-11 13:05:55 PDT
It seems to be happening again, but a different name this time. Its "Trojan-Downloader - Win32 Banload.aips"

See https://support.mozilla.com/en-US/forum/1/469767
Comment 15 Tanner Filip [:tanner] 2009-10-11 13:26:00 PDT
(In reply to comment #14)
> It seems to be happening again, but a different name this time. Its
> "Trojan-Downloader - Win32 Banload.aips"
> 
> See https://support.mozilla.com/en-US/forum/1/469767

Now its zonealarm too... I guess i should have learned to read the thread in its entirety. But can anyone reproduce?
Comment 16 Matthew Middleton (:zzxc) 2009-10-13 10:11:03 PDT
This is no longer being reported in support, it seems to be fixed in the latest AVG updates.
Comment 17 Carsten Book [:Tomcat] 2009-10-13 10:15:05 PDT
(In reply to comment #16)
> This is no longer being reported in support, it seems to be fixed in the latest
> AVG updates.

thanks , marking as works for me

Note You need to log in before you can comment on or make changes to this bug.